Verified bot API

Identify the crawlers you must not block.

GeoQ verifies good crawlers — Googlebot, Bingbot and similar — against the operators' own published ranges, so you can confidently allow-list them. This is not behavioural bad-bot detection.

Get your free API key Quickstart

How it works

GeoQ returns is_verified_bot: true and a verified_bot_name (e.g. "googlebot") when an IP falls inside a search/AI operator's published crawler ranges. Evidence: authoritative.

Because a verified Googlebot is not fraud, this signal carries zero risk weight and never appears in risk.reasons. Use it to allow, not to penalise.

This is not bad-bot detection. It won't flag scrapers, credential-stuffers or headless automation pretending to be a browser — behavioural bad-bot detection is on the roadmap. For now, combine connection_type and the risk score to scrutinise suspicious automation.

What you get back

Field	Meaning
`is_verified_bot`	Boolean — IP is a verified good crawler from a published operator range.
`verified_bot_name`	The crawler's name (e.g. "googlebot", "bingbot") when verified, else null.
`evidence.verified_bot`	How directly we observe it — authoritative for published ranges.
`network.asn / as_org`	Confirms the operating organisation behind the crawler.

In your code

const r = await geoq.check(req.ip);

// allow-list verified good crawlers — never serve them a challenge
if (r.signals.is_verified_bot) {
  console.log("verified crawler:", r.signals.verified_bot_name);
  return next();
}

example response

{
  "ip": "66.249.66.1",
  "version": 4,
  "geo": {
    "country": "United States",
    "country_code": "US",
    "region": "California",
    "city": "Mountain View",
    "latitude": 37.4,
    "longitude": -122.1,
    "timezone": "America/Los_Angeles"
  },
  "network": {
    "asn": 15169,
    "as_org": "Google LLC"
  },
  "signals": {
    "connection_type": "datacenter",
    "datacenter_provider": "gcp",
    "is_tor": false,
    "is_vpn": false,
    "is_proxy": false,
    "is_verified_bot": true,
    "verified_bot_name": "googlebot"
  },
  "evidence": {
    "connection_type": "authoritative",
    "tor": "authoritative",
    "vpn": "inferred",
    "proxy": "beta",
    "verified_bot": "authoritative"
  },
  "risk": {
    "score": 35,
    "level": "medium",
    "reasons": [
      "connection_type:datacenter"
    ]
  },
  "attribution": "https://geoq.io/attributions"
}

FAQ

Frequently asked questions

Does this detect bad bots or scrapers?

No. is_verified_bot identifies good crawlers (Googlebot, Bing, …) from operators' published ranges — the ones you must not block. Behavioural bad-bot detection is on our roadmap, not shipped.

Why does a verified bot not raise the risk score?

Because a verified Googlebot is legitimate traffic, not fraud. The signal carries zero risk weight and never appears in risk.reasons.

How do you verify a crawler?

We match the IP against the operator's own published crawler ranges, so the evidence label is authoritative. Coverage spans IPv4 and IPv6.

Related signals

Start with the free tier. No card.

1,000 lookups a day, every signal, the same transparent risk score. Upgrade only when you outgrow it.

Get your free API key Read the quickstart