AbuseIPDB API

Crowdsourced IP address reputation database for checking and reporting abusive IPs. Aggregates abuse reports from thousands of contributors for spam, DDoS, brute force, and malicious activity.

Evaluated Mar 06, 2026 (0d ago) vcurrent
Homepage ↗ Security abuseipdb ip-reputation security threat-intelligence abuse blocklist rest-api
⚙ Agent Friendliness
59
/ 100
Can an agent use this?
🔒 Security
77
/ 100
Is it safe for agents?
⚡ Reliability
64
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
--
Documentation
85
Error Messages
70
Auth Simplicity
95
Rate Limits
65

🔒 Security

TLS Enforcement
100
Auth Strength
82
Scope Granularity
45
Dep. Hygiene
72
Secret Handling
85

Security-focused service with HTTPS enforced. API key via header (good practice). GDPR compliant. No scope granularity - one key has full read/write access to the account.

⚡ Reliability

Uptime/SLA
55
Version Stability
70
Breaking Changes
72
Error Recovery
60
AF Security Reliability

Best When

An agent needs fast, simple IP reputation scoring to filter out known-bad actors, especially for abuse categories like spam, scanning, or brute force.

Avoid When

You need file or URL scanning, domain reputation, or very high throughput real-time checks.

Use Cases

  • Checking IP reputation before allowing access in security-aware agent workflows
  • Enriching security incidents with IP abuse history and confidence scores
  • Automated firewall rule generation based on IP abuse scores
  • Reporting abusive IPs back to the community database
  • Blocking known malicious IPs in web application security layers

Not For

  • File or URL malware scanning (use VirusTotal instead)
  • Domain reputation (limited to IP addresses)
  • Definitive blocking - crowdsourced data has false positives
  • High-frequency real-time blocking at network speeds

Interface

REST API
Yes
GraphQL
No
gRPC
No
MCP Server
No
SDK
No
Webhooks
No

Authentication

Methods: api_key
OAuth: No Scopes: No

API key passed via Key header. Simple single-key model. Free and paid tiers use same authentication mechanism.

Pricing

Model: freemium
Free tier: Yes
Requires CC: No

Agent Metadata

Pagination
none
Idempotent
Full
Retry Guidance
Not documented

Known Gotchas

  • Confidence score of 100 doesn't mean definitely malicious - just high community report volume
  • Private IPs (RFC1918) return errors - agents must filter these before querying
  • Daily limits reset at midnight UTC - agents need to track usage across calls
  • Bulk endpoint (CIDR ranges) only available on paid tiers
  • Report endpoint requires specifying abuse categories from a fixed enum - agents must know the category codes

Alternatives

shodan-api virustotal-api ipinfo-api

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for AbuseIPDB API.

$99
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.

5215
Packages Evaluated
26151
Need Evaluation
173
Need Re-evaluation
Community Powered