VPN detection API
Detect VPN traffic with one API call.
Flag IPs that belong to known commercial VPN ranges, and fold the result into a transparent risk score. Probabilistic, documented, and honest about its limits.
How it works
01
GeoQ maintains ranges associated with known commercial VPN providers and returns is_vpn: true when an IP falls inside one.
02
A positive VPN signal contributes +30 to the 0–100 risk score. It is one input, not a verdict.
03
VPNs are legitimate privacy tools for millions of people. Use the signal to step up verification (MFA, review) — never to silently block or to make an automated decision about a person on its own.
What you get back
| Field | Meaning |
|---|---|
is_vpn | Boolean — IP is in a known commercial VPN range. |
risk.score | 0–100 score that includes the +30 VPN weight when triggered. |
network.asn / as_org | The ASN and organisation behind the IP — often the VPN host. |
geo.* | Country, region, city and timezone of the exit IP. |
In your code
const r = await geoq.check(req.ip); if (r.signals.is_vpn && r.risk.score >= 60) { // step up — require email/MFA before allowing signup return res.status(202).json({ challenge: "mfa" }); }
FAQ
Frequently asked questions
Can VPN detection be 100% accurate?
No. VPN providers add and rotate ranges constantly. Treat
is_vpn as a strong signal, not a fact, and combine it with the risk score and your own context.Should I block all VPN users?
Usually no — VPNs are legitimate. Prefer step-up verification over hard blocks, and never make a sole-basis automated decision about a person. See our AUP.
How is this priced?
Flat plans from $0/month with every signal included. See pricing.
Related signals
Start with the free tier. No card.
1,000 lookups a day, every signal, the same transparent risk score. Upgrade only when you outgrow it.