Does GeoJS require authentication for all API requests?

No, GeoJS's free tier allows unauthenticated access for up to 1,500 requests per hour for basic IP geolocation lookups. Paid plans, however, require an API key for authentication.

How do I get an API key for GeoJS?

You can obtain an API key by logging into your GeoJS dashboard after signing up for a paid plan. Look for a section labeled 'API Keys' to generate or retrieve your key.

Where should I store my GeoJS API key?

For server-side applications, store your API key in environment variables. Avoid hardcoding it directly into publicly accessible code or client-side applications to prevent exposure.

Is HTTPS required for GeoJS API calls?

Yes, all GeoJS API requests must use HTTPS to ensure that data, including your API key, is encrypted during transit and protected from interception.

What happens if I exceed the free tier limit without an API key?

If you exceed the 1,500 requests per hour limit on the free tier without an API key, your requests will likely be rate-limited or blocked until the next hour. An API key with a paid plan provides higher limits.

Can I use GeoJS authentication for client-side applications?

While technically possible, it is not recommended to expose your API key directly in client-side code. For client-side needs, consider using a proxy server to make the API calls securely from your backend.

How can I monitor my GeoJS API usage?

You can monitor your GeoJS API usage through your personal dashboard on the GeoJS website, which provides statistics on your request volume.

GeoJS Authentication: Methods, Credentials & Security (2026)

GeoJS authentication: GeoJS primarily utilizes API key-based authentication for its paid plans, while its free tier often allows unauthenticated access for basic IP geolocation lookups. This enables developers to integrate geospatial data with varying levels of access control and usage limits.

Authentication overview

GeoJS provides an IP geolocation API designed for ease of integration, particularly for developers requiring basic IP-based data. The authentication model reflects this design, offering different access patterns depending on the usage tier. For requests within the GeoJS free tier (up to 1,500 requests per hour), authentication is generally not required, allowing direct consumption of the API endpoints. This approach simplifies initial development and rapid prototyping by removing the credential management overhead for low-volume use cases.

However, for users who exceed the free tier limits or require higher request volumes and dedicated support, GeoJS implements an API key-based authentication system. This method ensures that usage can be tracked and managed according to paid subscription plans, such as the GeoJS Pro Plan. API keys serve as a unique identifier for your application, allowing GeoJS to associate requests with your account and apply the appropriate rate limits and features. The API key must be included with each authenticated request, typically as a query parameter or HTTP header, to grant access to the paid API services.

Developers should prioritize securing their API keys to prevent unauthorized use and potential billing issues. The use of HTTPS for all API interactions is mandatory, ensuring that data, including API keys, is encrypted during transit and protected from interception. This aligns with standard security practices for web APIs, which recommend Transport Layer Security (TLS) to safeguard network communications. Information on secure API key handling is available in the GeoJS documentation.

Supported authentication methods

GeoJS supports distinct access methods tailored to different usage requirements, primarily distinguishing between unauthenticated access for its free tier and API key authentication for paid services. The chosen method depends on the expected request volume and the specific GeoJS services being utilized.

Unauthenticated access

When to use: Ideal for developers testing the API or for applications with very low request volumes that fall within the GeoJS free tier (up to 1,500 requests per hour). This method is suitable for basic IP geolocation lookups where strict usage tracking or enhanced features are not critical.
How it works: Requests are made directly to the GeoJS API endpoints without any special headers or query parameters for authentication. GeoJS tracks usage primarily by IP address for rate limiting.
Security level: Moderate. While the data itself is generally public-facing IP information, the lack of an API key means that usage cannot be tied directly to a specific account, which can make debugging or managing abuse more complex. All traffic is still secured via HTTPS.

API key authentication

When to use: Required for paid GeoJS plans (e.g., Pro and Business plans) to access higher request limits and potentially other premium features. This method provides dedicated usage tracking and ensures adherence to service level agreements.
How it works: A unique API key, obtained from your GeoJS dashboard, must be included with each API request. This is typically done as a query parameter in the API endpoint URL.
Security level: Elevated. API keys uniquely identify your account and should be treated as sensitive credentials. Proper key management, including secure storage and transmission over HTTPS, is essential to prevent unauthorized access and usage.

The table below summarizes the authentication methods supported by GeoJS:

Authentication Method	When to Use	Security Considerations
Unauthenticated (Free Tier)	Basic IP lookups, low volume (up to 1,500 requests/hour)	HTTPS encryption for all data in transit. Rate limiting by IP address.
API Key (Paid Tiers)	Higher request volumes, dedicated usage tracking, premium features	API key required in query parameter. HTTPS encryption. Key must be stored securely and protected from exposure.

Getting your credentials

To obtain an API key for your GeoJS account, follow these steps:

Sign Up or Log In: Navigate to the GeoJS website and either create a new account or log in to your existing one.
Access Your Dashboard: Once logged in, you should be directed to your GeoJS user dashboard. This is the central location for managing your account, subscriptions, and API keys.
Locate API Key Section: Within the dashboard, look for a section specifically labeled "API Keys" or "Credentials." The exact naming may vary, but it will be clearly identifiable as the place to manage your access keys. Refer to the GeoJS official documentation for precise navigation if needed.
Generate or Retrieve Key: Depending on your account status, you may either see an existing API key displayed or be prompted to generate a new one. Click the relevant button to reveal or create your key.
Securely Store Your Key: Once you have your API key, copy it immediately and store it in a secure location. Avoid hardcoding API keys directly into your application code, especially if that code will be publicly accessible (e.g., in a client-side JavaScript application). Environment variables are a common and effective method for storing sensitive credentials.

For detailed instructions and visual guidance, consult the GeoJS documentation on API access, which provides the most current steps for credential retrieval.

Authenticated request example

For GeoJS paid plans, an API key is included as a query parameter. Below are examples demonstrating how to make an authenticated request using cURL and Python. Replace YOUR_API_KEY with your actual GeoJS API key.

cURL example

curl "https://get.geojs.io/v1/ip/geo.json?apikey=YOUR_API_KEY"

Python example

import requests

api_key = "YOUR_API_KEY" # Store securely, e.g., in environment variable
url = f"https://get.geojs.io/v1/ip/geo.json?apikey={api_key}"

try:
    response = requests.get(url)
    response.raise_for_status() # Raise an exception for HTTP errors
    data = response.json()
    print(data)
except requests.exceptions.HTTPError as http_err:
    print(f"HTTP error occurred: {http_err}")
except Exception as err:
    print(f"Other error occurred: {err}")

In both examples, the apikey query parameter is used to pass the API key. This method is straightforward and widely supported across various programming languages and tools.

Security best practices

Implementing security best practices is crucial when working with any API key to protect your account and prevent unauthorized usage. For GeoJS authentication, consider the following recommendations:

Protect your API key: Treat your GeoJS API key as sensitive credentials. Avoid hardcoding it directly into client-side code (e.g., JavaScript in a web browser) where it could be exposed to end-users. Instead, store it securely on your server or in environment variables and access it from server-side applications. The Google Cloud API Keys best practices guide offers comprehensive advice applicable to most API keys.
Use Environment Variables: For server-side applications, store your API key in environment variables. This prevents the key from being committed to version control systems like Git and keeps it separate from your application’s codebase.
Implement HTTPS: GeoJS, like most modern APIs, requires and enforces HTTPS for all API requests. This ensures that all data transmitted between your application and the GeoJS servers, including your API key, is encrypted via Transport Layer Security (TLS), safeguarding against eavesdropping and tampering.
Server-Side Calls: Whenever possible, make API calls from your server-side application rather than directly from client-side code. This provides an additional layer of security, as your API key is never exposed to the client. If client-side calls are unavoidable (e.g., for specific functionalities), consider using a proxy server to relay requests and inject the API key securely.
Monitor Usage: Regularly monitor your GeoJS API usage through your dashboard. This helps detect any unexpected activity or potential unauthorized use of your API key. If you notice unusual spikes or requests that don't originate from your applications, investigate immediately.
Key Rotation: Periodically rotate your API keys. While GeoJS documentation does not explicitly detail key rotation features, manually generating a new key and updating your application can reduce the risk associated with a compromised key over time.
Restrict Access (if applicable): If GeoJS offers features for IP whitelisting or referrer restrictions, utilize them. These features allow you to specify which IP addresses or web domains are permitted to use your API key, adding a layer of defense against unauthorized use from untrusted sources.
Error Handling: Implement robust error handling in your application to gracefully manage API responses, including authentication failures. This can help diagnose issues quickly and prevent your application from exposing sensitive information in error messages.

Adhering to these security practices will help maintain the integrity and confidentiality of your GeoJS API key and the data exchanged with the service.

GeoJS Authentication: Methods, Credentials & Security (2026)

Authentication overview

Supported authentication methods

Unauthenticated access

API key authentication

Getting your credentials

Authenticated request example

cURL example

Python example

Security best practices

Frequently asked questions

Reviews

Discussion

Written by