API Documentation

Welcome to the CandycornDB API. You can use our API to query real-time IP risk scores, detect VPNs/Proxies, and analyze subnet relationships programmatically.

Base URL

https://candycorndb.com/api

Authentication

Authenticate your API requests by including your API key in the X-API-Key header of every request. You can manage your API keys in the Dashboard.

BASH

curl -X GET "https://candycorndb.com/api/public/ip-score?ip=1.2.3.4" \
  -H "X-API-Key: YOUR_API_KEY"

GET

/public/ip-score

The primary endpoint. Returns the risk score, threat signals (Tor/VPN), and location data for a specific IP address.

Parameters

Name	Type	Description
ip	string	The IP address you want to score (IPv4 or IPv6).

Response

JSON

{
  "ip": "185.220.101.44",
  "score": 98,
  "asn": "AS9009",
  "asnName": "M247 Ltd",
  "country": "DE",
  "city": "Frankfurt",
  "isVPN": true,
  "isTor": true,
  "isProxy": false,
  "isHosting": true,
  "suspiciousASN": true
}

GET

/public/data/network/:ip

Advanced endpoint. Returns "Subnet Intelligence" — showing related IPs in the same neighborhood that are also flagged. Useful for blocking entire fraud rings.

{
  "ipAddress": "192.168.1.5",
  "trustScore": 85,
  "networkRelationships": {
    "clusterRisk": 90,
    "relatedIPs": [
      { "ip": "192.168.1.6", "relation": "same_subnet" },
      { "ip": "192.168.1.9", "relation": "same_subnet" }
    ]
  }
}

GET

/public/stats

Returns global database statistics, including total IPs indexed and recent threat counts.

Errors & Rate Limits

We use standard HTTP status codes.

200 Success. Data returned.

401 Unauthorized. Check your API key.

429 Rate Limit Exceeded. Upgrade your plan to increase limits.