# Authentication & API key Information

ipbase.com uses API keys to allow access to the API. You can register a new API key at our developer portal.

Multiple API keys

While our free plan only allows one API key at a time, our paid plans offer multiple API keys.
By using separate keys for different use cases you can track individual usage and make key rotations affect only certain parts of your application.

# Authentication methods

To authorize, you can use the following ways:

# GET query parameter

You can pass your API key along with every request by adding it as a query parameter apikey

WARNING

This method could expose your API key in access logs and such. Sending the API key via a header parameter as specified below circumvents this problem.

# HTTP Header

You can set a request header with the name apikey

# Rate limit and quotas

You can use a certain number of requests per month, defined by your plan. Once you go over this quota, the API returns a 429 HTTP status code, and you either need to upgrade your plan or wait until the end of the month.

We enforce a minute rate limit for specific plans. If you exceed this, the API returns a 429 HTTP status code. You then have to wait until the end of the minute to make more requests. Not every request counts

Not every request counts

Only successful calls count against your quota. Any error on our side or validation errors (e.g., wrong parameter) will NOT count against your quota or rate limit.

# Response Headers

We attach specific headers to tell you your current monthly/minute quota and how much you have remaining in the period.

X-RateLimit-Limit-Quota-Minute: 10
X-RateLimit-Limit-Quota-Month: 300

X-RateLimit-Remaining-Quota-Minute: 5
X-RateLimit-Remaining-Quota-Month: 199