Lookup with our blacklist API for FREE!
Find out in advance if your users will be good customers
Our anti-abuse API helps you know immediately if a user’s IP address, domain or email address is blacklisted so you can decide whether to block it or not.
API for searching IPs, domains and emails blacklisted for abuse or fraud
We search the web for the best and most reliable blacklists and blocking lists. We extract, cleanse, aggregate and settle dozens of IP, domain and email blacklists around the world to help you know if the source is reliable or not.
OSINT Threat Intelligence
We analyze IP addresses, emails and domains for scoring based on our blacklists and algorithms. We test multiple parameters in real time to help developers and cybersecurity analysts make the best decisions.
Real-time alerts
Get ahead of your customers and find out which IP addresses are blacklisted as soon as it happens thanks to our real-time alert services. From a handful of IP addresses to a full range of Autonomous Systems networks
Customizable blacklist search API
Some blacklists are stricter than other ones, and not all companies need to be as restrictive as others. Choose the level of trustworthiness that best suits your needs. And, of course, adjust it as your needs evolve.
Always the best latency to your closest servers
Get the response your application needs in milliseconds with our entire constellation of servers deployed around the world.
Apility.io at a glance
Defend yourself! Use our anti abuse API in your apps and services!
IP addresses
Emails
Blacklists
Swiss Knife OSINT Threat Intelligence API
Get all the features you need to keep your users’ activity under control from a single service.
Identify a user as malicious
Find those users who try to abuse your service before it costs you money without impacting your on-boarding requirements.
OSINT Threat Intelligence as a Service
Check multiple blacklists of IP addresses, domains, and email messages from a single, unified management interface, either from the control panel, API or clients available.
Updated abuse blacklists in Realtime
Our lists are updated hourly from multiple sources. Don’t waste your time searching for unknown sources and implementing ad-hoc parsing and search processes.
GDPR data processing compliant
We understand that you are giving us data that can contain personal information. We have applied all the necessary measures to guarantee your data is processed safely.
Real-time alerts
It is no longer necessary to check every day whether your IP or the customers’ IP addresses have been blacklisted. Add your IP address list or CIDR and we will notify you when they are blacklisted straightaway.
Email Verification and Validation Service
We assess the legitimacy of an email address through a combination of scoring techniques with our own algorithms.
Consume our API with different clients
It does not matter if you are a developer, a system administrator, a DevOps or a cyber analyst. You will find the best way to use our API.
REST API
The best way to get the most out of all the features of our API. Read our detailed documentation to get started.
Python Client API
We’re a Python house. If you want to integrate our API into your applications, you can use the API bindings we use for our internal developments. Read our docs!
Command Line interface
If you are a console warrior, this tool is perfect for you. Take full advantage of our API right from your favorite shell on Windows, Mac or Linux. Go and install it!.
Google Spreadsheet add-on
It doesn’t matter if you have no technical background, you can install our Google Spreadsheet add-on and use our API right on your own spreadsheets. Go and get it!
NGINX integration
If you want to have your infrastructure under your control, you can integrate our API with the NGINX web server to use it as a WAF service. . Read our examples!
AWS CloudFront/Lambda@Edge or Cloudflare Workers integration
If you like cutting-edge technologies like Serverless, you’ll enjoy the ease of integration of Cloudflare Workers or AWS CloudFront/Lambda@Edge.
Here you have some documents to help you get started
Frecuently Asked Questions
Send us an email if you could not find a suitable answer to your question here.
What is Apility.io?
It is a collection of OSINT Threat Intelligence tools offered “as a Service” to help Product Managers, IT Departments, Enterprises and Start-ups know more about their potential visitors, users and customers.
What is a Hit?
A Hit is how Apility.io measures system usage. When you or your service request information from an API endpoint, one or more Hits will be consumed. Depending on the API endpoint type, it will consume a single Hit or several Hits. You can read more about the FAQ section of our Knowledge Base.
Can I use the API anonymously?
Yes, if you do not wish to register, you can try the API in anonymous mode. But we strongly recommend that you register and enjoy full access to all the features of the service.
You can learn the differences between an Anonymous and a Registered account here.
What is a Plan?
Until December 1st 2019 Apility.io had several paid plans. Since then now there is a single free plan for all the users equivalent to the old STARTUP plan with 40000 hits per day available.
Do you store all the requests and responses?
Yes, we believe that an Analytics and Big Data tool helps to better understand user behavior. You can use our tools in the control panel, but we strongly recommend that you import your data into your favorite Big Data and/or Analytics solution.
How much data can you store?
The new free plan for all users stores 30 days of historical data.
Do you provide a Data Processing Agreement for your clients?
Yes, we sure do. Please send your request for a DPA to privacy@apility.io.
Are you GDPR ready?
Apìlity.io’s platform is GDPR ready. If your company determines that you are subject to the GDPR and you do not yet have in place a Data Processing Agreement (DPA) with us, please send your request for a DPA to privacy@apility.io.
Latest Blog Posts
VPN blacklisting – Custom-built databases
Apility.io’s philosophy has always been to be an aggregator of the best open-source intelligence data (OSINT). Over time we have discovered that open data sets cover a large percentage of users’ needs, but not all of them. For VPN blacklisting the available datasets are not enough, are not up to date, or simply do not exist.
Read more
Fighting against False Positives: List Sensitivity and Taxonomies
Since the inception of Apility.io the most recurrent question is ‘How can I fight against False Positives?’ and I must admit there is not an easy way. But let’s start for the beginning. What the hell is a False Positive and why is it so important?
Read more
New Domain Blacklist November 2018: CoinBlockerLists cryptomining domains
We incorporate a new domain blacklist: COINBLOCKER-DOMAINS. CoinBlocker is a collection of lists that can help prevent illegal cryptomining in the browser or other applications. Most cryptocurrencies are generated through the process known as “mining.” Much like traditional mining operations, these procedures require the use of energy and resources to complete a process which yields a financial reward. In the case of cryptocurrency mining, the energy required is electricity and computing power. Lurking behind the legitimate cryptocurrency mining community is another group of individuals and organizations that try to mine for crypto using illicit methods.
Read more