How do I authenticate with this API?
Create an API key in your Datpaq dashboard and send it with each request as a bearer token in the Authorization header.
Validate IP API
IPv4 + IPv6
CIDR
Batch: 100
Is this IP valid?And what kind is it?
Validate IPv4, IPv6, and CIDR addresses with full classification — private, reserved, loopback, multicast, link-local, bogon. Sub-millisecond per IP, batches up to 100.
IPv4 + IPv6 · full coverageCIDR · networks too6 flags · per address100 · per batch
Why Validate IP API
Validate before you enrich.
Full Classification
Every response includes 6 boolean flags: private, reserved, loopback, multicast, link_local, bogon. Plus a human-readable message.
IPv4, IPv6, CIDR
Validate dotted-decimal IPv4, full or compressed IPv6, and CIDR network blocks in one endpoint.
Batch Processing
Send up to 100 addresses per call — comma-separated on GET, array on POST. Each result returns individually.
Sub-millisecond
Powered by ipaddr.js. In-process, no network calls — typical p50 well under 1ms per address.
Bogon Detection
Catch unroutable ranges (loopback, reserved, link-local, multicast) before they pollute geo/enrichment pipelines.
GET or POST
Use GET for quick checks and tooling, POST for JSON-array inputs and CI pipelines. Same response shape.
/api/v1/validate-ip
Endpoints, at a glance.
One validation route does the work, plus standard ops endpoints. Single IP or batch — same endpoint.
GET / POST/validate-ip/validate
Validate & classify
Single IP or batch. Returns validity, type, CIDR flag, and 6 classification booleans per address.
PRIMARY
GET/health
Service health
Status, version, and timestamp. Root / redirects here.
GET/metrics
Prometheus metrics
Validation counters by type, duration histograms, classification distribution.
| Parameter | Type | Required | Description |
|---|---|---|---|
| ip | string | array | yes | IPv4, IPv6, or CIDR. GET: comma-separated for batch. POST: array for batch. Max 100. |
| api_key | string | yes | API key via query string. Alternatively pass as x-api-key header. |
Requests & responses.
Identical response shape for single and batch — easier to handle downstream.
Single IP
One address, one classification object.
GET https://datpaq.com/api/v1/validate-ip/validate?api_key=YOUR_API_KEY&ip=192.168.1.1
Mixed batch (≤100)
IPv4 + IPv6 + CIDR + invalid — all in the same call.
POST https://datpaq.com/api/v1/validate-ip/validate
Content-Type: application/json
{
"ip": [
"8.8.8.8",
"127.0.0.1",
"192.168.1.0/24",
"2001:db8::1",
"invalid.ip.address"
]
}Health
https://datpaq.com/api/v1/validate-ip/health
Metrics
https://datpaq.com/api/v1/validate-ip/metrics
Error reference
Predictable errors, always structured.
Individual invalid IPs inside a batch return per-item error rows rather than failing the whole call.
400Missing IP Parameter
Required ip parameter not provided. Include ?ip= (string or comma-separated) or send a JSON body.
400Invalid Input Format
Input contained invalid characters or unsupported structure. Strings are sanitized for injection patterns.
400Batch Size Exceeded
More than 100 IPs in a single request. Split into smaller batches and call sequentially.
401Unauthorized
API key missing or invalid. Pass api_key as a query param or x-api-key as a header.
429Rate Limited
More than 100 requests in 15 minutes. Back off and retry after the retryAfter window.
500Processing Error
Internal validation engine error. CorrelationId in the response helps with debugging.
Example error response
{
"error": "Missing ip input (string or comma-separated list)",
"correlationId": "validate-error123"
}FAQ
API questions developers ask first.
Is there a free tier?
Yes. Datpaq APIs include a free tier for building, testing, and small production workloads before you move to a paid plan.
What format do requests and responses use?
Datpaq APIs use REST over HTTPS and return JSON by default. Endpoint docs show the supported methods, query parameters, request bodies, and response fields.
Where can I see limits and errors?
Each API documents rate limits, validation rules, and error responses in the landing page and API docs so integrations can retry and fail cleanly.
Validate first. Enrich second.
A pre-processing step that strips bogons and reserved ranges before they reach your expensive geo/intel pipelines.