Common scenarios

By default, your account will accept up to 5 lookups from the same IP address in every 5-minute period.

From within your account, you can also permit unrestricted access to servers and further restrict public access to specific websites.

Here are four common scenarios:

Scenario 1 - Client-side code / JavaScript on a public website

To permit access from a public website or app in this scenario, the public access setting must be enabled. The default is to allow up to 5 lookups in any 5 minute period from each unique IP address. You can also further restrict public access requests to your website URL(s). You can do this within the Security settings section of your account.

Notes

  • In this scenario, the IP address associated with each lookup is the IP address of the device browsing the public website or app rather than the IP address of the server on which the website is hosted.
  • The number of permitted lookups by each unique IP address in a 5 minute period can be modified if necessary.
  • The restricted website setting relies on the website URL being set by the client's browser and passed within the http_referer field of the HTTP header of the lookup. While most browsers set the http_referer, it may not be set by all and can also be removed by proxy servers or be spoofed. If not set or if it does not match a URL on your whitelist, the request will be rejected.

Scenario 2 - Client-side code / JavaScript on an intranet

To permit unrestricted access from an intranet in this scenario, we recommend you add the public IP address(s) of the corporate network to your whitelist. You can do this within the Security settings section of your account.

Notes

  • In this scenario, the IP address associated with each lookup is the public IP address(es) of the corporate network.
  • If all requests originate from one or more known and trusted IP addresses, the public access can be disabled.

Scenario 3 - Server-side code

To permit unrestricted access from a server in this scenario, we recommend you add the IP address of the server to your whitelist. You can do this within the Security settings section of your account.

Notes

  • If all requests originate from one or more known and trusted IP addresses, the public access setting can be disabled.

Scenario 4 – Mobile application

If requests are routed via your server, follow the details of Scenario 3.

If requests will originate from the mobile device, follow Scenario 1. If possible in your mobile application, set the http_referer HTTP header field via your platform equivalent to cURL and enter the URL in the restricted websites field of the Security settings section of your account.