oanor
Sign up free
Marketplace Pricing Features Sign in

API · /cloudips-api

Cloud & CDN IP Ranges API

healthy 3,922 Subscribers

Attribute any IP address to the cloud provider, CDN, region and service that owns it — from the official, publicly-published IP-range lists of AWS, Google Cloud, Cloudflare, Oracle Cloud (OCI), Fastly and GitHub. Pass an IPv4 or IPv6 address and get every matching prefix with its provider, region/scope and service, plus an is_cloud flag that tells you at a glance whether the address belongs to a known cloud or CDN — or list a single provider's published ranges, filtered by region, service and IP version. Built for firewall allow-lists, abuse and fraud triage, bot and egress classification, SSRF defence and knowing whether inbound or outbound traffic originates from a cloud or CDN. Range data is fetched live from each provider's canonical public list, so it is always current. A cloud/CDN IP-attribution service — distinct from IP geolocation (ipgeo), ASN/BGP ownership (asn, ripestat), open-port exposure (internetdb) and the IANA port/protocol registries (netports, ipprotocols). No upstream key, no cache.

#cloud-ip #ip-ranges #aws #cloudflare #security #networking
api.oanor.com/cloudips-api
Get an API key Try in playground → Contact provider

Machine-readable spec so AI agents can integrate this API.

/api/cloudips-api/openapi.json
/api/cloudips-api/llms.txt

Discovery: GET /api/index.json lists every API.

API health

healthy
Uptime
100.00%
Server probes · 24h
Avg latency
208 ms
Server probes · 24h
Subscribers
3,922
active
Total calls
0
last 7 days
status Full status page → · 3 probes/24h

Pricing

Pick a tier — billed monthly, cancel anytime.

Free

Free

  • 2,550 calls / month
  • 2 requests / second
  • Hard cap (429 above quota, no overage)
  • 2,550 calls/month
  • 2 req/sec
  • Lookup + provider ranges
  • No credit card
Sign in to subscribe

Starter

€7.20 /month

  • 51,000 calls / month
  • 8 requests / second
  • Hard cap (429 above quota, no overage)
  • 51k calls/month
  • 8 req/sec
  • IPv4 + IPv6, all 6 providers
  • Email support
Sign in to subscribe

Pro

€22.50 /month

  • 255,000 calls / month
  • 20 requests / second
  • Hard cap (429 above quota, no overage)
  • 255k calls/month
  • 20 req/sec
  • Firewall & abuse-triage apps
  • Priority support
Sign in to subscribe

Mega

€59.50 /month

  • 905,000 calls / month
  • 50 requests / second
  • Hard cap (429 above quota, no overage)
  • 905k calls/month
  • 50 req/sec
  • Security-platform scale
  • Dedicated SLA
Sign in to subscribe

Built by

P
PremiumApi

Related APIs

Other APIs with overlapping tags.

MTA-STS API

Inspect a domain's SMTP transport-security posture — whether mail servers are required to deliver inbound mail over authenticated TLS, protecting it from downgrade and man-in-the-middle attacks. Pass a domain and the service fetches the MTA-STS policy file from mta-sts.<domain>/.well-known/mta-sts.txt (its version, mode, the permitted MX hosts and max_age), the _mta-sts DNS TXT record (its policy id) and the _smtp._tls TLS-RPT record (the rua reporting address), then reports whether MTA-STS is actually enforced and a prioritised list of issues — no policy file, no DNS record, a mode of only "testing", or a missing TLS-RPT record. A second endpoint returns just the parsed policy file. The request is made server-side and private/internal targets are refused (SSRF-guarded). Built for email-deliverability and anti-downgrade-attack audits, vendor and third-party assessment, and compliance. An MTA-STS / TLS-RPT checker — the SMTP transport-security counterpart to the email-authentication analyzer (emailsec, which covers SPF, DKIM and DMARC), and distinct from raw DNS lookup (dns). No upstream key, no cache.

api.oanor.com/mtasts-api

OIDC Discovery API

Inspect any OpenID Connect / OAuth 2.0 provider. Pass an issuer (a domain, an issuer URL, or the full discovery URL) and the service fetches the provider's discovery document at /.well-known/openid-configuration, parses every endpoint — authorization, token, userinfo, jwks, registration, end-session, introspection, revocation and device-authorization — together with the supported scopes, response types, grant types, ID-token signing algorithms, PKCE methods and claims, then fetches the JWKS and summarises its signing keys (count, algorithms, key types and key IDs), and reports a validity check with any issues. A second endpoint fetches and summarises any JSON Web Key Set on its own. The request is made server-side and private/internal targets are refused (SSRF-guarded). Built for SSO and OAuth/OIDC integration, identity-provider configuration debugging (Auth0, Okta, Keycloak, Azure AD, Google), security review and monitoring of signing-key rotation. An OIDC discovery / JWKS inspector — distinct from the JWT toolkit (jwt), the security.txt parser (securitytxt) and the HTTP security-header grader (secheaders). No upstream key, no cache.

api.oanor.com/oidc-api

Subresource Integrity API

Generate Subresource Integrity (SRI) hashes for any web asset, so browsers can verify that a CDN-hosted script or stylesheet has not been tampered with. Pass a URL and the service fetches the asset and returns its sha256, sha384 and sha512 SRI hashes, the chosen integrity value (sha384 by default, or pass your preferred algorithm), the asset's size and content type, and a ready-to-paste <script> or <link> tag complete with the integrity and crossorigin attributes. A verify endpoint re-fetches the asset and tells you whether it still matches a known integrity string — catching silent CDN changes or supply-chain tampering before your users hit them. The request is made server-side; private and internal targets are refused (SSRF-guarded). Built for securing third-party scripts, supply-chain hardening, build pipelines and CSP/SRI compliance. A Subresource Integrity generator and verifier — distinct from raw cryptographic hashing of input data (hash), the HTTP security-header grader (secheaders) and the SSL/TLS certificate check (sslcheck). No upstream key, no cache.

api.oanor.com/sri-api

Vulnerability Intelligence API

Prioritise CVEs by real-world exploitation risk — not just severity. Combines the FIRST.org EPSS score (the probability, 0 to 1, that a CVE will be exploited in the next 30 days, with its percentile rank) and the CISA KEV catalog (vulnerabilities confirmed to be actively exploited in the wild — with the vendor, product, date added, remediation due date and whether the flaw is used in ransomware campaigns), and derives a single priority level for each CVE. Look up to 25 CVEs in one call, browse the full CISA Known Exploited Vulnerabilities catalog filtered by vendor, product or ransomware use, or list the CVEs with the highest current EPSS scores. Built for vulnerability management, patch prioritisation, risk scoring and security dashboards — answering not "how bad could this be?" but "how likely is it to actually be exploited?". A vulnerability-prioritisation layer — distinct from raw CVE details and CVSS severity (cve), password-breach checks (pwned) and the HTTP security-header grader (secheaders). Data live from FIRST.org and CISA. No upstream key, no cache.

api.oanor.com/vulnintel-api

Frequently asked questions

Quick answers about pricing, quotas, and integration.

How do I get an API key for Cloud & CDN IP Ranges API?
Sign up for free at oanor.com, generate an API key from the developer dashboard, and call Cloud & CDN IP Ranges API with the x-oanor-key header. No credit card needed for the free tier.
What's the rate limit for Cloud & CDN IP Ranges API?
Free tier allows 1 request per second. Paid plans scale up to 50 requests per second on the Mega tier. Hard limits return HTTP 429 above the quota — no surprise overage charges.
How much does Cloud & CDN IP Ranges API cost?
Cloud & CDN IP Ranges API has a free tier with 100 calls / month. Paid plans start at €7.20 / month with higher quotas and faster rate limits.
Can I cancel my subscription anytime?
Yes. Plans are billed monthly and you can cancel anytime from your billing dashboard. No long-term contracts and no cancellation fee.
Is Cloud & CDN IP Ranges API GDPR-compliant?
All requests to Cloud & CDN IP Ranges API go through our EU-based gateway. Your upstream API key never leaves our server and no personal data is shared with the upstream provider beyond the request you send.

Pick an endpoint from the list on the left to see its details and try it.

Code snippets

Sign up to get an API key, then call any path under your slug.

curl https://api.oanor.com/cloudips-api/SOME_PATH \
  -H "x-oanor-key: oanor_test_..."
const res = await fetch("https://api.oanor.com/cloudips-api/SOME_PATH", {
  headers: { "x-oanor-key": "oanor_test_..." }
});
const data = await res.json();
$ch = curl_init("https://api.oanor.com/cloudips-api/SOME_PATH");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, ["x-oanor-key: oanor_test_..."]);
$response = curl_exec($ch);
import requests
r = requests.get(
    "https://api.oanor.com/cloudips-api/SOME_PATH",
    headers={"x-oanor-key": "oanor_test_..."},
)
print(r.json())

Ratings

Sign in to rate.

No reviews yet.

Discussion

Ask questions, share usage tips, get answers from the provider and other developers. Public — anyone can read.

Sign in to start a thread or reply.

Sign in

New thread

/ 4000

📌 Pinned 🔒 Locked

·

· ·

/ 4000

🔒 This thread is locked — no new replies.

  • No threads yet — start the discussion.

Support

Private 1:1 support with the provider — billing questions, integration issues, account problems. Only you and the provider team can see these threads.

Sign in to open a support ticket.

Sign in

Open new ticket

Describe what you need help with. The provider team gets an email and replies on the ticket page.

  • No tickets yet for this API.

Subscription active — calls can start immediately.

Send your first request —

Subscription active — copy a snippet and fire off your first call.