User-Agent API Documentation
User Agent API
User Agent Parser API provides the accurate browser, device, and operating system details from a User Agent String. It also provides information about crawlers and attack sources. You can use these details to customize user experience, prevent crawlers and attackers from accessing your website.
We provide three endpoints in our User-Agent API to parse user-agent string into browser, device and operating system details.
Note: In below examples, we used API Key everywhere. User Agent API can be called from client side JavaScript with Request Origin authentication as well on only paid plans.
Single User Agent String Lookup API
Single User Agent String API can be used in two ways to lookup the browser, device and operating system details with JSON or XML response. The URL for this endpoint is https://api.ipgeolocation.io/v2/user-agent and its full JSON response is below:
Response
1{
2 "user_agent_string": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9",
3 "name": "Safari",
4 "type": "Browser",
5 "version": "9.0.2",
6 "version_major": "9",
7 "device": {
8 "name": "Apple Macintosh",
9 "type": "Desktop",
10 "brand": "Apple",
11 "cpu": "Intel"
12 },
13 "engine": {
14 "name": "AppleWebKit",
15 "type": "Browser",
16 "version": "601.3.9",
17 "version_major": "601"
18 },
19 "operating_system": {
20 "name": "Mac OS",
21 "type": "Desktop",
22 "version": "10.11.2",
23 "version_major": "10.11",
24 "build": "??"
25 }
26}Parse User-Agent String in User-Agent Header
In order to get the User-Agent details about a user-agent string, pass it in the User-Agent header like below. Note that the apiKey is also passed as a query parameter for authorization. This endpoint is meant to be called from the client-side. When executed in browser javascript, header is automatically appended and you just need to make a GET call to the endpoint. To simulate this behavior of browser, follow this request example:
Parse Custom User-Agent String
You can also provide custom User-Agent string to parse in JSON payload. This endpoint is meant to be called from server-side and is available for paid subscriptions (STANDARD and ADVANCED API plans only).
Parse Bulk User-Agent Strings
This endpoint allows you to perform the parsing of multiple User-Angent strings (max. 50,000) at the same time. The requests count per round is equal to total number of User-Agent strings passed. This feature is only available for paid subscription (STANDARD and ADVANCED API plans only).
To perform bulk User-Agent strings parse, send a POST request and pass the uaStrings array as JSON data along with it. Here is an example
curl -X POST 'https://api.ipgeolocation.io/v2/user-agent-bulk?apiKey=API_KEY' \
-H 'Content-Type: application/json' \
-d '{
"uaStrings": [
"Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.84 Mobile Safari/537.36",
"Mozilla/5.0 (X11; U; Linux armv7l like Android; en-us) AppleWebKit/531.2+ (KHTML, like Gecko) Version/5.0 Safari/533.2+ Kindle/3.0+",
"Mozilla/5.0 (Linux; U; en-US) AppleWebKit/528.5+ (KHTML, like Gecko, Safari/528.5+) Version/4.0 Kindle/3.0 (screen 600x800; rotate)"
]
}'
Detecting Bots, Crawlers and Attackers
Crawlers and bots pass their User Agent Strings with header and our API can parse that as well and detects the type of crawler.
Here is User Agent String of Google Bot with Nexus mobile device.
Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
A http request with this header will yield:
Response
1{
2 "user_agent_string": "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)",
3 "name": "Googlebot",
4 "type": "Robot Mobile",
5 "version": "2.1",
6 "version_major": "2",
7 "device": {
8 "name": "Google",
9 "type": "Robot Mobile",
10 "brand": "Google",
11 "cpu": "Unknown"
12 },
13 "engine": {
14 "name": "Googlebot",
15 "type": "Robot",
16 "version": "537.36",
17 "version_major": "537"
18 },
19 "operating_system": {
20 "name": "Google Cloud",
21 "type": "Cloud",
22 "version": "6.0.1",
23 "version_major": "6",
24 "build": "??"
25 }
26}The hackers usually malform the user agent strings and append their custom scripts with it. Whenever our API detects such anamolies, it reports back with appropriate message. Here is an example of malformed Google bot user agent.
Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) select name
Notice that a SQL query select name is appended to the string. Here is how our API reacts to it:
curl -X GET 'https://api.ipgeolocation.io/v2/user-agent?apiKey=API_KEY' \
-H 'User-Agent: Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) select name' Response
1{
2 "user_agent_string": "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) select name",
3 "name": "Hacker",
4 "type": "Hacker",
5 "version": "Hacker",
6 "version_major": "Hacker",
7 "device": {
8 "name": "Hacker",
9 "type": "Hacker",
10 "brand": "Hacker",
11 "cpu": "Unknown"
12 },
13 "engine": {
14 "name": "Hacker",
15 "type": "Hacker",
16 "version": "Hacker",
17 "version_major": "Hacker"
18 },
19 "operating_system": {
20 "name": "Hacker",
21 "type": "Hacker",
22 "version": "Hacker",
23 "version_major": "Hacker",
24 "build": "??"
25 }
26}Combine User Agent API with IP Geolocation API
User agent API can be combined with IP Geolocation API when executed on client side. The flag include=user_agent will fetch the required User Agent String from the header and the response will be a user_agent object concatenated with the normal response. Here is an example:
Response
1{
2 "ip": "149.40.62.5",
3 "location": {
4 "continent_code": "NA",
5 "continent_name": "North America",
6 "country_code2": "US",
7 "country_code3": "USA",
8 "country_name": "United States",
9 "country_name_official": "United States of America",
10 "country_capital": "Washington, D.C.",
11 "state_prov": "Washington",
12 "state_code": "US-WA",
13 "district": "King",
14 "city": "Seattle",
15 "locality": "Seattle",
16 "accuracy_radius": "",
17 "zipcode": "98104",
18 "latitude": "47.60357",
19 "longitude": "-122.32945",
20 "is_eu": false,
21 "country_flag": "https://ipgeolocation.io/static/flags/us_64.png",
22 "geoname_id": "11386261",
23 "country_emoji": "🇺🇸"
24 },
25 "user_agent": {
26 "user_agent_string": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9",
27 "name": "Safari",
28 "type": "Browser",
29 "version": "9.0.2",
30 "version_major": "9",
31 "device": {
32 "name": "Apple Macintosh",
33 "type": "Desktop",
34 "brand": "Apple",
35 "cpu": "Intel"
36 },
37 "engine": {
38 "name": "AppleWebKit",
39 "type": "Browser",
40 "version": "601.3.9",
41 "version_major": "601"
42 },
43 "operating_system": {
44 "name": "Mac OS",
45 "type": "Desktop",
46 "version": "10.11.2",
47 "version_major": "10.11",
48 "build": "??"
49 }
50 }
51}Combine User Agent API with Security API
User Agent API and Threat Intelligence API can be combined as well. Together they form a solid framework to fight against malicious actors. Here we are fetching parsed user agent details along with the geolocation and security information of the client.
Note: This feature is available on paid plan (ADVANCED API plan only).
What's New in /v2/user-agent and in /v2/user-agent-bulk
Below are the key updates introduced in the/v2/user-agent and/v2/user-agent-bulk API endpoints compared to the previous/user-agent and/user-agent-bulk versions:
- Field naming in the response has been standardized: several fields have been updated from camelCase to snake_case for consistency across the API:
userAgentString→user_agent_stringversionMajor→version_majorengine.versionMajor→engine.version_majoroperatingSystem.versionMajor→operating_system.version_major
- A new field has been added:
operating_system.build, which may occasionally contain versioning or build information. - Deprecated fields that no longer return meaningful values —
buildandengine.build— have been removed.
Reference to User-Agent API Response
| Field | Type | Description | Can be empty? |
|---|---|---|---|
| user_agent_string | string | User-agent string that is parsed for browser, device and operating system details. | No |
| name | string | Agent name | No |
| version | string | Agent version | No |
| version_major | string | Agent version major | No |
| device.name | string | Device name | No |
| device.type | string | Device type | No |
| device.brand | string | Device brand | No |
| device.cpu | string | Device's CPU model | No |
| engine.name | string | Layout engine name | No |
| engine.type | string | Layout engine type | No |
| engine.version | string | Layout engine version | No |
| engine.version_major | string | Layout engine version major | No |
| operating_system.name | string | Operating system name | No |
| operating_system.type | string | Operating system type | No |
| operating_system.version | string | Operating system version | No |
| operating_system.version_major | string | Operating system version major | No |
- Agent: The actual "Browser" that was used.
- Device: The hardware that was used.
- Layout Engine: The underlying core that converts the 'HTML' into a visual/interactive.
- Operating System: The base software that runs on the hardware.
Possible Values of The Device Type
| Device Type | Description |
|---|---|
| Desktop | This device is a Desktop/Laptop |
| Mobile | This device is a mobile device however we are not sure if its a tablet, watch, e-reader or phone |
| Tablet | This device is a Tablet |
| Phone | This device is a mobile Phone |
| Watch | This device is a watch or device with tiny screen |
| Virtual Reality | This is VR capable mobile device |
| eReader | Device with e-ink screen |
| Set-top box | A connected device that can interact with TV screen |
| TV | Smart TV |
| Game Console | Fixed game consoles like PS and XBox |
| Handheld Game Console | 'Mobile' game systems like the 3DS |
| Voice | A voice driven device that reads the page loud |
| Robot | Robot crawler |
| Robot Mobile | Mobile device Robot crawler |
| Robot Imitator | Robots that pretend to be Google or Bing crawlers but they usually are not official crawlers. |
| Hacker | Either the User Agent String is malformed or some kind of scripting is detected in it. |
| Anonymized | The User Agent has been altered by anonymization software. |
| Unknown | We can't extract the device information from the User Agent. |
Possible Values of The Operating System Type
| Operating System Type | Description |
|---|---|
| Desktop | A Desktop OS (Desktop/Laptop) |
| Mobile | A Mobile OS (Tablet/Mobile/Watch) |
| Game Console | Game Console like PlayStation |
| Embedded | An Embedded device (TV, RTOS etc) |
| Cloud | Something running in the cloud environment |
| Hacker | A Hacker |
| Anonymized | Explicitly hidden with some software |
| Unknown | We really don't know about this OS |
Possible Values of The Engine Type
| Layout Engine Type | Description |
|---|---|
| Browser | Regurlar Web Browser |
| Mobile App | A mobile app with webview or an app that includes regular browser |
| Hacker | Someone with malicious stuff in useragent string or malformed UA string |
| Robot | A web crawler |
| Unknown | We don't know anything about the identity of this device |
Possible Values of The User Agent Type
| User Agent Type | Description |
|---|---|
| Browser | Regurlar Web Browser |
| Browser Webview | Regular browser being used in a mobile app |
| Mobile App | A mobile app accessing the website |
| Robot Mobile | A web crawler who want to be detected as mobile |
| Cloud Application | Something running in the cloud (can be web scrapper etc.) |
| Email Client | An email client |
| Voice | Voice enabled browser that reads out loud |
| Special | Somethig special we can't classify |
| Testclient | Website testing tool |
| Hacker | Someone with malicious stuff in useragent string or malformed UA string |
| Unknown | We don't know |
Error Codes
User-Agent API returns HTTP status code 200 for a successful API request along with the response.
While, in case of an illegal request, User-Agent API returns 4xx HTTP code alongs with a descriptive message as why the error occured.
Below is a detailed explanation of the specific HTTP status codes and their corresponding error conditions:
| HTTP Status | Description |
|---|---|
| 400 Bad Request | It is returned for one of the following reasons:
|
| 401 Unauthorized | It is returned for one of the following reasons:
|
| 405 Method Not Allowed |
|
| 429 Too Many Requests | It is returned for one of the following reasons:
|
| 499 Client Closed Request |
|
| 5XX Server Side Error |
|
API SDKs
To facilitate the developers, we have added some SDKs for various programming languages. The detailed documentation on how to use these SDKs is available in the respective SDK's documentation page linked below.
Our SDKs are also available on Github. Feel free to help us improve them. SDKs. Following are the available SDKs: