IP Blocklist API
Integrate 30M+ threat IPs into your platform with our REST API. Updated hourly from live advertising traffic across our global sensor network.
Overview
The IP Blocklist API provides real-time access to our continuously updated database of fraudulent IP addresses. Use it to filter invalid traffic before it impacts your campaigns, pollutes your analytics, or drains your ad budget.
Our data comes from a global sensor network monitoring over 300 million URLs and apps, encountering more than 1 billion unique users every month across exchanges, SSPs, DSPs, and publishers.
Common Use Cases
- Pre-Bid Blocking: Filter traffic before bid requests are processed in programmatic platforms
- Click Fraud Prevention: Block fraudulent clicks before they consume budget
- Affiliate Network Protection: Validate traffic and prevent fraudulent conversions
- Analytics Hygiene: Eliminate bot traffic from attribution and reporting
API Endpoint
All API requests should be made to the following endpoint:
The API accepts both GET and POST requests and returns data in JSON or CSV format.
Authentication
Every request requires authentication using your Fraudlogix credentials:
| Parameter | Required | Description |
|---|---|---|
user |
Yes | Your Fraudlogix username (same as dashboard login) |
password |
Yes | Your Fraudlogix password (same as dashboard login) |
version |
Yes | API version. Current version: 15 |
Request Parameters
Customize your API response with these optional parameters:
| Parameter | Options | Default | Description |
|---|---|---|---|
risk_level |
All, Extreme, High, Medium | Extreme, High | Filter IPs by risk level |
show_status |
1, 0 | 0 | Include risk level in response |
show_reason |
1, 0 | 0 | Include reason codes in response |
ipv4only |
1, 0 | 0 | Return only IPv4 addresses |
ipv6only |
1, 0 | 0 | Return only IPv6 addresses |
ipv6_expanded |
1, 0 | 0 | Return IPv6 in expanded format |
method |
json, csv | json | Response data format |
get_status |
on | β | Test connectivity (returns status only) |
Example Requests
Full URL Example
https://api.fraudlogix.com/v1/prebid/blocklist?user=YOUR_USERNAME&password=YOUR_PASSWORD&version=15&risk_level=All&show_status=1&show_reason=1&method=json
cURL Example
curl -X POST https://api.fraudlogix.com/v1/prebid/blocklist \ -d "user=YOUR_USERNAME" \ -d "password=YOUR_PASSWORD" \ -d "version=15" \ -d "risk_level=All" \ -d "show_status=1" \ -d "show_reason=1" \ -d "method=json"
PHP Example
$param = "user=".$username."&password=".$password. "&version=15". "&risk_level=All". "&show_status=1". "&show_reason=1". "&method=json"; // Initialize cURL $ch = curl_init('https://api.fraudlogix.com/v1/prebid/blocklist'); // Set options curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST"); curl_setopt($ch, CURLOPT_POSTFIELDS, $param); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // Execute request $result = curl_exec($ch); // Process response $data = json_decode($result, true);
Response Format
JSON Response
[
[
{"ip": "192.168.1.1", "status": "High", "reason_code": "Proxy"},
{"ip": "10.0.0.1", "status": "Extreme", "reason_code": "Bot"},
{"ip": "172.16.0.1", "status": "Medium", "reason_code": "VPN"}
],
{"ref": {"status": "success", "message": ""}}
]
CSV Response
192.168.1.1,High,Proxy 10.0.0.1,Extreme,Bot 172.16.0.1,Medium,VPN
Risk Levels
Every IP in the blocklist is assigned a risk level based on the frequency and severity of fraudulent activity detected:
Medium
Suspicious patterns exceeding normal thresholds. Likely to generate invalid traffic.
High
Established history of fraud. Connected to bots, scripts, or malware networks.
Extreme
Persistent, high-volume fraud. Greatest immediate threat to campaign integrity.
Reason Codes
Each IP includes a reason code explaining why it was flagged:
π€ Bot
Automated traffic from headless browsers, scripts, or bot networks
π Proxy
Traffic routed through proxy servers to mask origin
π VPN
Commercial or private VPN service endpoints
π§ TOR
Known TOR (The Onion Router) exit nodes
π’ Data Center
Cloud hosting or server farm IP allocation
π€ Masked Devices
Device fingerprinting evasion techniques detected
π Search Engine Bot
Legitimate search crawler identification
π Abnormal Traffic
Unusual request volumes or timing patterns
Integration Best Practices
- Refresh hourly: The blocklist updates every hour. Schedule syncs to match for optimal protection.
- Replace, don't merge: Always replace your local copy with the full list. IPs are removed when they show legitimate behavior.
- Handle large responses: The list contains 30M+ IPs. Ensure adequate storage and processing capacity.
- Cache locally: Store the list on your server and compare incoming IPs locally for zero-latency blocking.
- Implement fallback: If the API is temporarily unavailable, continue using your previously stored list.
Sharing blocklist data with any individual or entity outside your organization is strictly prohibited and against the terms of service. The list is uniquely seeded to each account for tracking purposes.
Frequently Asked Questions
Need Help?
Our support team is available to assist with integration questions and technical issues.
Email: [email protected]