Zum Inhalt springen
POST AI agent ready /v1/ip-whois/lookup

IP WHOIS API - RDAP Ownership and Network Lookup

Queries rdap.org for the allocation record of an IP address. Returns the network name, handle, start/end addresses, CIDR, owning organization (from the registrant or abuse entity), and ISO country code. Works for both IPv4 and IPv6.

Parameters

stringrequired

IPv4 or IPv6 address to look up.

Code examples

curl -X POST https://api.botoi.com/v1/ip-whois/lookup \
  -H "Content-Type: application/json" \
  -d '{"ip":"8.8.8.8"}'

When to use this API

Build a self-hosted WHOIS lookup tool

Replace legacy whois command-line tooling with a structured JSON API. Network engineers get the allocation data they need without installing Debian whois packages or parsing free-form text output.

Attribute abuse traffic to the owning network

When abuse reports come in referencing a specific IP, pull the organization name and CIDR. Gives your abuse team the contact entity and the full block to pattern-match against other incidents.

Enrich cloud-provider detection

Combine with /v1/vpn-detect/check. IP WHOIS gives you the registered owner (Amazon Technologies, Google LLC, OVH SAS) which is often more accurate than hardcoded datacenter CIDR tables.

Frequently asked questions

Where does the RDAP data come from?
From rdap.org, which federates requests across ARIN, RIPE, APNIC, LACNIC, and AFRINIC based on the IP's regional allocation. The endpoint does not cache RDAP responses, so results reflect the live registry state.
Why is the organization field sometimes empty?
RDAP records use vCard entities for contact data. If the allocation entry does not include a registrant or abuse entity with a formatted name, the organization field is returned empty. The name and handle fields are more reliable fallbacks.
Does this work for IPv6 addresses?
Yes. The endpoint accepts both IPv4 and IPv6. The network.cidr field will contain the IPv6 prefix (e.g., "2001:4860::/32") when the RDAP record uses v6prefix.
What happens when RDAP is rate-limited?
The endpoint returns RDAP_RATE_LIMITED with a 429 status. Retry after a short backoff. Heavy users should authenticate with an API key to avoid hitting the anonymous rate limit on the upstream RDAP servers.
How is this different from /v1/whois?
The /v1/whois endpoint looks up domain names (example.com). This endpoint looks up IP addresses (203.0.113.1). Both use RDAP under the hood where available.

Get your API key

Free tier includes 5 requests per minute with no credit card required. Upgrade for higher limits.

Sign up free View full docs