The best VPN detection APIs in 2026 do more than flag known VPN server IPs. They identify residential proxies, classify privacy relays, return provider-level attribution, and assign threat scores that actually help you make access decisions in real time. The gap between the top-tier providers and everything else has widened significantly over the past two years, mostly because residential proxy traffic has made simple IP blocklists unreliable.
This comparison covers 12 VPN and proxy detection APIs side by side: what each one detects, how they handle the hard cases (residential proxies, iCloud Private Relay, obfuscated VPNs), how much they cost, and where they fit best. If you need a deeper framework for testing these APIs yourself, we published a separate guide on how to evaluate a VPN and proxy detection API that walks through the criteria in detail.
TL;DR
- For fraud prevention with residential proxy coverage, IPQualityScore, Spur, or IPGeolocation.io offer the deepest detection across anonymization types.
- For enterprise security teams: Spur and MaxMind provide enterprise-grade deployment options with on-prem data feeds and SOC 2 compliance.
- For developers who want a quick, affordable integration, VPNAPI.io, proxycheck.io, and IPLocate.io all offer generous free tiers with solid VPN and datacenter proxy detection.
- For combined geolocation and security in a single call, IPGeolocation.io, IPregistry, and IPstack bundle both capabilities.
- The single biggest differentiator across these APIs in 2026 is residential proxy detection. Most detection APIs still miss the large share of anonymized traffic that routes through real ISP connections.
What Actually Matters When Comparing These APIs
Before the provider-by-provider breakdown, here are the three criteria that separate useful detection from checkbox marketing. (For the full eight-point evaluation framework, see the evaluation guide.)
1. Detection Types
A single is_proxy: true flag is not enough. You need separate signals for commercial VPNs, datacenter proxies, residential proxies, Tor exit nodes, privacy relays (iCloud Private Relay, Chrome IP Protection), bots, and cloud-hosted IPs. Treating all anonymized traffic the same leads to either missed threats or blocked legitimate users. The APIs that perform best in production are the ones that let you write different rules for different traffic types.
2. Residential Proxy Coverage
Residential proxies route traffic through real consumer ISP connections. The IP looks like a regular home user because it is one. Services like IPRoyal and 922Proxy now offer tens of millions of residential endpoints globally. Any API that relies on static datacenter IP lists will miss this traffic entirely. In our evaluation, this is the single most revealing test: can the API catch a residential proxy IP that was clean yesterday and will be clean again tomorrow?
3. Response Depth
The best APIs return more than boolean flags. Provider name attribution (knowing the traffic comes through NordVPN vs. an unknown residential proxy service), confidence scores (0-100 scale), last-seen timestamps, and composite threat scores all give you the context to make nuanced decisions. A 95-confidence VPN flag with a named provider is actionable. A bare true flag with no context forces you to guess.
The Best VPN and Proxy Detection APIs in 2026
1. IPQualityScore (IPQS)
IPQS is positioned as a full fraud-prevention platform rather than a single-purpose detection API. Their proxy-detection API returns over 20 points per lookup, including fraud scores, connection-type classification, ISP details, and device-risk signals. The detection covers commercial VPNs, datacenter proxies, residential proxies, Tor nodes, botnets, and hosting providers.
What sets IPQS apart from simpler APIs is the scoring flexibility. You can pass additional signals beyond the IP (device fingerprint, email, phone number, transaction data) to improve accuracy.
IPQS includes residential proxy detection. The company says it identifies residential proxies through proprietary honeypot networks and real-time behavioral analysis rather than relying solely on static lists. They state 300M+ blacklisted anonymous IPs, 10,000+ new proxies blacklisted per second, and 150M+ VPNs & data center IPs.
The free tier includes 1,000 lookups per month. Paid plans start at $99/month for IPQS's Startup plan and scale from there. The tradeoff: IPQS is a full fraud detection platform, so if you only need IP-level detection without the broader scoring engine, you are paying for features you may not use.
Best for: E-commerce fraud teams, payment processors, and ad fraud detection, where you need scoring beyond IP addresses.
2. Spur
Spur positions its platform against static IP reputation approaches, stating that static lists cannot keep pace with dynamic infrastructure and that it continuously observes the full churn of anonymization infrastructure in real time. They report detecting 230 million unique anonymized IPs every 90 days across 1,000+ VPN and proxy services, distilling that into roughly 60 million suspect IPs daily.
Spur highlights VPNs, datacenter proxies, and residential proxies. Spur says its Context API returns 20+ enrichment attributes per IP, including geography, ASN, proxy/VPN attribution, device and connection type, and tunnel entry/exit context. Their Monocle product adds session-level enrichment, which can detect anonymized sessions beyond IP-only analysis.
Pricing is the catch. Spur starts free (Community tier with 250 manual lookups), but API access begins at $200/month for 50,000 calls on the Teams plan. The Pro tier runs $1,600/month for 1 million API calls, and enterprise contracts start at $40,000/year. This puts Spur firmly in the enterprise bracket.
Best for: Security and fraud teams at mid-to-large companies that need deep residential proxy intelligence and can justify enterprise pricing.
3. MaxMind
MaxMind has been in the IP intelligence business since 2002. Their minFraud and GeoIP products are part of MaxMind's broader IP intelligence and fraud-prevention lineup, and their proxy/VPN detection is also available in standalone anonymous-IP products.
MaxMind detects VPNs, public proxies, residential proxies, hosting/datacenter IPs, and Tor exit nodes. MaxMind offers products that combine geolocation and anonymizer data in the same lookup, and it also sells separate anonymous-IP datasets. For enterprise teams, MaxMind offers downloadable databases you can host locally to eliminate network latency.
The strength here is trust and stability. MaxMind has completed a SOC 2 Type II audit and has been in business since 2002. MaxMind also includes residential proxy detection in its anonymous-IP products. The GeoIP Anonymous and Anonymous Plus databases update daily.
Pricing for MaxMind's hosted GeoIP web services is public and usage-based. GeoIP Country costs $0.0001 per query, GeoIP City Plus costs $0.0003 per query, and GeoIP Insights costs $0.002 per query. VPN and proxy detection is available only in the GeoIP Insights tier.
Best for: Enterprise teams that want a mature, security-conscious vendor and already use MaxMind for geolocation.
4. IP Security API
The IP Security API from IPGeolocation.io combines VPN and proxy detection with geolocation in a single API call. It detects commercial VPNs, datacenter proxies, residential proxies, Tor exit nodes, relay traffic, bots, spam sources, known attackers, and cloud providers. Each detection type returns a separate boolean flag, so you can write granular rules (block datacenter proxies but allow iCloud Private Relay, for example).
The response goes beyond simple yes/no checks. It includes a threat_score from 0 to 100, separate boolean flags for VPN, proxy, residential proxy, Tor, relay, bot, spam, known-attacker, and cloud-provider signals, plus provider attribution where available. For VPN and proxy detections, the API also returns confidence scores and last-seen timestamps.
Residential proxy detection uses a combination of endpoint enumeration, honeypots, real-time connection analysis, and curated threat feeds. This approach catches rotating residential proxy IPs that static list-based providers miss. The data is also available as a downloadable database through the Security Pro tier for teams that need on-premise deployment.
Pricing starts at $19/month on the Starter plan with 150,000 API credits. Bulk lookups support up to 50,000 IPs per request. The IP Security API is included on all paid plans.
One thing that distinguishes this from the geolocation-plus-security-bolt-on approach (IPstack, Abstract API): the security data here is a first-class product, not a module gated behind a premium tier. You get the same detection depth on every paid plan.
Best for: Teams that need combined geolocation and security intelligence in one call, with residential proxy detection and provider-level attribution.
5. IP2Location.io / IP2Proxy
IP2Location offers both a hosted API and a separate IP2Proxy database line, but for most API comparisons in 2026, the main product to evaluate is IP2Location.io. It combines geolocation and proxy intelligence in one lookup for IPv4 and IPv6, but the security depth is clearly tiered rather than uniform across plans.
The API goes beyond a single proxy flag. In higher-detail responses, it can return a fraud score plus proxy fields such as proxy type, provider, threat, and last seen. It also exposes separate booleans for categories such as VPN, Tor, data center, public proxy, web proxy, residential proxy, consumer privacy network, enterprise private network, spammer, scanner, botnet, and bogon.
The biggest thing to understand is that full VPN and proxy coverage is not included on every tier. Free and Starter only include basic open proxy detection. Plus is the point where broader proxy intelligence starts, adding VPN, Tor exit nodes, web proxies, residential proxies, consumer privacy networks, and enterprise private networks. Security is the deepest plan, adding data center ranges, search engine spider detection, proxy data, autonomous system data, and IP2Proxy Fraud Score.
For pricing, the account-based Free plan includes 50,000 queries per month, while Starter costs $49 per month for 150,000 queries. Plus is $249 per month, and Security is $499 per month. If you need offline or local deployment instead of hosted lookups, that is where the separate IP2Proxy downloadable database becomes relevant.
Best for: High-volume deployments (ad tech, CDNs, large SaaS platforms) where local database lookups outperform per-request API costs.
6. VPNAPI.io
VPNAPI.io is positioned as a focused privacy detection API for checking whether an IP is a VPN, proxy, Tor exit node, or Private Relay.
The accuracy is solid for what it covers, according to their claim. VPNAPI.io says its own and third-party tests have scored between 95% and 98% accuracy on VPN detection, and says it connects to hundreds of VPN servers every day to validate VPN IPs. It also claims it can identify both data center and residential VPN or proxy IPs, although residential proxy detection is typically reserved for customized enterprise plans.
The API response is simple: boolean flags for VPN, proxy, Tor, and relay, plus geolocation fields and network data such as the network range, ASN, and autonomous system organization. The free plan includes 1,000 requests per day. Paid plans start with Basic at $19/month for 10,000 daily queries, followed by Premium at $29/month for 50,000 daily queries.
The tradeoff is depth. No confidence scores, no provider attribution, no threat scoring. If your use case is "block VPN users from accessing region-locked content," VPNAPI.io covers that. If your use case is "determine whether this residential proxy IP is a fraud risk or a privacy-conscious user," you need something with more granularity.
Best for: Developers building geo-restriction enforcement, basic bot blocking, or content access controls on a budget.
7. proxycheck.io
proxycheck.io positions itself as a developer-friendly detection service with one of the more generous free tiers in the market: 1,000 free lookups per day. The detection covers proxies, VPNs, and Tor. The API returns a proxy type classification, provider information (when available), and a risk score.
The API can return multiple detections in a single result, along with network and location data, operator information, a live risk score, confidence, first-seen and last-seen timestamps, and detection-history data. In newer v3 responses, it can also identify the operator behind the IP, list the services that operator offers, and show whether the address has been associated with datacenter VPNs, residential proxy IPs, hosting infrastructure, or other anonymous traffic signals.
proxycheck.io's pricing is volume-based rather than feature-gated. The free plan includes 1,000 daily queries, and the first paid tier starts at $3.99/month for 10,000 daily queries. The free tier includes the same detection features and accuracy as paid plans, with higher tiers mainly increasing daily query volume, from $4.99 for 20,000 and $5.99 for 40,000 queries upward into business and enterprise plans.
Best for: Indie developers, small SaaS projects, and gaming servers that need reliable VPN/proxy detection without enterprise pricing.
8. IPLocate.io
IPLocate.io is a newer entrant that combines geolocation with VPN and proxy detection in a single API. They track millions of VPNs and residential proxies by connecting to provider networks and observing IP assignments, with updates processed daily from over 5 terabytes of raw data.
IPLocate's hosted API covers the core privacy signals most teams need, including VPN, proxy, Tor, iCloud Private Relay, anonymous traffic, and hosting or datacenter detection. Even though IPLocate says it tracks residential proxies, but the API group them under its broader proxy detection rather than breaking them out as a distinct field. That makes the API easier to use, but lower-depth than vendors that expose richer VPN and proxy context directly in each lookup.
The free tier includes 1,000 requests per day, and paid plans start at $25/month. IPLocate positions pricing around request volume rather than feature unlocks, with paid usage starting from 100,000 requests per month and scaling to much larger plans.
IPLocate's clearest differentiators are its full-data-free tier, same-data-on-every-plan pricing model, and a single API that combines geolocation, privacy, hosting, and related IP-intelligence signals.
Best for: Teams that want a modern, affordably priced API with combined geolocation and security data, and value daily update freshness.
9. Abstract API
Abstract API's broader security offering is now positioned as its IP Intelligence API, while its IP Geolocation API includes only a lighter security signal. The platform is clearly designed for quick developer integration, with clean docs, simple REST endpoints, and a free entry point that does not require a credit card.
Abstract API covers the main categories expected from a lightweight IP security service, including VPNs, proxies, Tor, relays, hosting traffic, abuse risk, and mobile IPs. The response depth is limited compared to specialized detection APIs. It does not provide a separate residential proxy flag, last-seen timestamps, confidence scoring, or VPN provider attribution.
Pricing starts with a free tier that includes 1,000 requests per month. Paid plans start at $19/month for 200,000 requests per month, but the tier that explicitly includes full security on Abstract's product pages is Professional at $39/month.
Best for: Developers already in the Abstract API ecosystem who need basic anonymization detection as a secondary feature.
10. IPstack
IPstack is primarily positioned as a geolocation API, with security available through a separate Security Module rather than presented as a standalone proxy-intelligence product.
The Security Module covers proxies and Tor directly, and can also return VPN service, anonymizer status, threat level, threat types, proxy type, proxy last detected date, proxy level, crawler signals, and hosting-facility detection. Response depth is where it falls short. It does not provide richer fields such as residential proxy classification, confidence scoring, or broader provider attribution.
Pricing starts at $9.99/month, but the Security Module is only available on the higher-tier Professional Plus plan, which is currently listed at $99.99/month for 2,000,000 requests.
Best for: Existing IPstack geolocation users who want basic proxy/VPN flagging without adding a second vendor.
11. ipapi.is
ipapi.is combines IP geolocation, ASN data, hosting detection, VPN detection, proxy detection, and abuse intelligence in a single API. Its security dataset is powered by open-source IP block lists plus a custom VPN exit-node enumeration pipeline. The platform places a particularly strong emphasis on hosting detection and VPN exit-node coverage.
The detection covers VPN exit nodes, Tor nodes, hosting or datacenter IPs, proxies, and abuse-linked IPs. When a VPN is identified, the API can also return extra context such as the VPN service name, provider URL, exit-node type, and last-seen timestamp. Where it is weakest is proxy depth: ipapi.is says its proxy flag covers only a subset of all proxies and cannot reliably detect residential and mobile proxies.
The free plan includes 1,000 requests per day, while the Basic plan costs $20/month for 20,000 requests per day. The Business plan costs $200/month and adds self-hosting, all databases, and 2,000,000 requests per day. ipapi.is does not gate response depth by plan. All plans have access to the same API output and data quality.
Best for: Developers who want a self-hosted detection solution or need basic VPN/proxy detection with low latency requirements.
12. IPregistry
IPregistry combines geolocation, ASN and company data, carrier data, user-agent parsing, and threat intelligence in a single API. The company says it checks IPs against more than 220 OSINT threat feeds, and its response schema includes security, connection, company, carrier, location, and time-zone data in one lookup.
Its security coverage includes VPNs, proxies, Tor, Tor exit nodes, relays, cloud or hosting usage, attacker signals, abuser signals, anonymous traffic, bogons, and overall threat status. The response does not include contextual fields such as confidence scores, provider attribution, last-seen timestamps, or a separate residential-proxy flag. That makes the product wide on threat category coverage but lighter on per-IP context.
Pricing is prepaid and all-included rather than tier-gated. IPregistry gives new users 100,000 free lookups on sign-up, then charges by credits: 50,000 for $10, 400,000 for $50, 1,000,000 for $100, and 6,000,000 for $500. Each lookup uses one credit; credits do not expire, and the pricing page says there are no monthly fees.
Best for: Teams that want combined geolocation and threat intelligence with broad OSINT coverage at an accessible price point.
What Separates Good Detection from Great Detection in 2026
Three years ago, detecting VPNs meant maintaining a list of known server IPs from NordVPN, ExpressVPN, and a few dozen other providers. That still works for the obvious cases, but it misses the harder traffic.
Residential proxy networks are the primary challenge. Large shares of anonymized traffic now route through ISP-grade connections that look identical to regular users. These IPs rotate every few minutes, so a blocklist that was accurate this morning is stale by afternoon. The providers that handle this well (IPQS, Spur, IPGeolocation.io) use continuous endpoint enumeration and behavioral analysis rather than static lists. The providers that handle it poorly return clean results for IPs that are actively routing proxy traffic.
Privacy relays add another layer. Apple's iCloud Private Relay hides Safari users' IPs while preserving approximate location. Google's IP Protection in Chrome does something similar. A good API identifies relay traffic separately from VPN or proxy traffic, because the correct response is usually different. Blocking all iCloud Private Relay users as VPN traffic would alienate millions of paying Apple customers.
Provider attribution is the third differentiator. Knowing that an IP belongs to "a VPN" is less useful than knowing it belongs to NordVPN (likely a privacy-conscious consumer) versus an unattributed residential proxy service (higher fraud probability). The APIs that return provider names and confidence scores let you build policy rules that match your actual risk tolerance.
How to Choose the Right API
Your use case determines which provider fits best.
Fraud prevention at scale: IPQS or IPGeolocation.io. Both offer residential proxy detection, threat scoring, and the response granularity needed to automate fraud decisions. IPQS adds device-level scoring if you need it. IPGeolocation.io combines security with geolocation in a single call.
Enterprise compliance and security: Spur or MaxMind. Spur has the deepest residential proxy intelligence. MaxMind has two decades of enterprise trust, SOC 2 compliance, and on-premise deployment options.
Developer side project or MVP: VPNAPI.io, proxycheck.io, or IPLocate.io. All three offer generous free tiers with solid detection for standard VPNs and datacenter proxies.
Content licensing and geo-enforcement: IPGeolocation.io gives you geolocation and security data in one call, making it easier to enforce region-based content access and identify VPNs or proxies connections.
Already using a geolocation API and want to add basic detection: Check whether your existing provider (IPstack, Abstract API, IPregistry) offers security data before adding another vendor.
Frequently Asked Questions
Accuracy varies by traffic type and provider methodology. The vendors that publish or verify high detection rates for commercial VPNs are different from the vendors that are strongest at residential proxy traffic. Providers that use continuous endpoint enumeration and behavioral analysis of connection or device (such as IPQS, Spur, and IPGeolocation.io) tend to emphasize residential coverage. In contrast, static-list-based providers emphasize commercial VPN flagging. Testing against your own traffic is the only reliable benchmark. The evaluation guide covers in detail.
VPNAPI.io offers 1,000 free API requests per day with solid VPN and proxy detection. proxycheck.io matches that with 1,000 daily free lookups. IPLocate.io also provides 1,000 free daily requests with the full dataset, including security data. For basic use cases, any of these work. For residential proxy detection on a free tier, IPQS offers 1,000 free lookups per month (not per day) with deeper detection depth.
Some can. IPQS, Spur, IPGeolocation.io, MaxMind, and IPLocate.io list residential proxy signals as part of their detection coverage. VPNAPI.io exposes residential proxy detection primarily through customized enterprise plans. IP2Location.io includes residential proxy classification on its Plus and Security tiers. IPstack, Abstract API, ipapi.is, and IPregistry do not list a dedicated residential proxy flag as a core capability. This is the most important distinction when evaluating providers for fraud prevention.
The better ones do. IPGeolocation.io returns a separate is_relay flag for privacy relay traffic. IPQS and IPLocate.io also identify relay connections. The key is that relay traffic should be classified differently from VPN traffic, because iCloud Private Relay users are legitimate Apple customers, not fraud actors. APIs that lump relay traffic into a generic "proxy" flag create unnecessary false positives.
Update frequency varies significantly. IPLocate.io updates daily. IPGeolocation.io uses continuous endpoint enumeration with frequent refreshes and updates the production database daily. IPQS maintains real-time blacklists updated constantly. Spur observes infrastructure continuously. MaxMind and IP2Proxy update their downloadable databases on regular schedules (typically daily to weekly). Providers using static lists update less frequently and miss fast-rotating IPs.
Pick One and Test It
The only way to know which API works for your traffic is to run a controlled comparison against real IPs. Self-reported accuracy numbers from vendor marketing pages go stale within days as proxy and VPN providers rotate infrastructure. Pick two or three providers from this list, test them against a set of known VPN, proxy, and residential proxy IPs, and compare the results. If you want a structured approach for running that test, the evaluation guide covers the methodology.
For teams ready to test, IPGeolocation.io's IP Security API includes a free lookup tool on the product page and starts at $19/month on paid plans. A free trial is also available. Questions about enterprise volumes or custom integrations? Reach out to the team directly.
