ipasis
Blog/System Architecture

IP Intelligence Architecture Patterns for Engineering Leaders

February 01, 20265 min read

Integrating third-party IP intelligence (VPN detection, proxy analysis, geolocation) into high-throughput systems requires careful architectural consideration. A naive synchronous call to an external API within the critical path of a request can introduce unacceptable latency and a single point of failure.

This guide outlines three architectural patterns for integrating IPASIS into production environments, prioritizing resilience and performance.

Pattern 1: The Look-Aside Cache Strategy

For synchronous blocking (e.g., preventing a sign-up from a Tor exit node), latency is the primary constraint. You cannot afford to query the API on every request for the same IP. A look-aside cache using Redis or Memcached is mandatory.

Flow:

  1. Receive Request.
  2. Check Redis for ip:{user_ip}.
  3. If Hit: Return cached verdict.
  4. If Miss: Query IPASIS API, store result in Redis with TTL (e.g., 24 hours), return verdict.

Python (FastAPI + Redis) Implementation:

import redis
import requests
from fastapi import FastAPI, HTTPException, Request

app = FastAPI()
cache = redis.Redis(host='localhost', port=6379, db=0)
IPASIS_KEY = "your_api_key"

def get_ip_reputation(ip: str):
    # 1. Check Cache
    cached = cache.get(f"ip:{ip}")
    if cached:
        return cached.decode('utf-8')

    # 2. API Call (with short timeout)
    try:
        response = requests.get(
            f"https://api.ipasis.com/v1/{ip}", 
            headers={"X-API-Key": IPASIS_KEY},
            timeout=0.5
        )
        data = response.json()
        
        # Determine threat level (simplified)
        is_threat = "block" if data.get("is_vpn") else "allow"
        
        # 3. Set Cache (TTL 24h)
        cache.setex(f"ip:{ip}", 86400, is_threat)
        return is_threat
    except requests.exceptions.RequestException:
        # Fail-open strategy
        return "allow"

@app.middleware("http")
async def filter_ips(request: Request, call_next):
    client_ip = request.client.host
    status = get_ip_reputation(client_ip)
    
    if status == "block":
        return HTTPException(status_code=403, detail="Access Denied")
    
    response = await call_next(request)
    return response

Pattern 2: Edge Middleware Integration

Moving logic to the edge (Cloudflare Workers, AWS Lambda @ Edge, Vercel Middleware) offloads traffic from your origin server. This is ideal for static asset protection or protecting login endpoints globally.

Node.js (Edge Runtime) Implementation:

export default async function handler(req) {
  const ip = req.headers.get('x-forwarded-for') || req.ip;
  
  // Check KV store (Edge Cache) first to minimize API costs
  // Implementation depends on specific provider (Cloudflare KV, Vercel KV)
  
  const ipasisResponse = await fetch(`https://api.ipasis.com/v1/${ip}?key=${process.env.IPASIS_KEY}`);
  const data = await ipasisResponse.json();

  if (data.security.is_crawler || data.security.is_proxy) {
    return new Response(JSON.stringify({ error: "Proxy detected" }), {
      status: 403,
      headers: { 'Content-Type': 'application/json' },
    });
  }

  // Proceed to origin
  return fetch(req);
}

Pattern 3: Asynchronous Event Enrichment

Not all IP checks need to be blocking. For analytics, fraud scoring, or marketing attribution, use an asynchronous approach. This removes IP intelligence from the user's response time entirely.

Architecture:

  1. API Gateway accepts request.
  2. Service pushes event UserLoginAttempt { ip: "1.2.3.4", userId: "123" } to Kafka/SQS.
  3. Worker service consumes event, queries IPASIS, and enriches the user profile in the database.

Go (Worker) Implementation:

package main

import (
	"encoding/json"
	"log"
	"net/http"
	"time"
)

type IpasisResponse struct {
	ISP string `json:"isp"`
	Security struct {
		IsVPN bool `json:"is_vpn"`
	} `json:"security"`
}

func processLogEvent(userIP string, userID string) {
	client := http.Client{Timeout: 2 * time.Second}
	resp, err := client.Get("https://api.ipasis.com/v1/" + userIP + "?key=" + getKey())
	if err != nil {
		log.Printf("IPASIS API Error: %v", err)
		return
	}
	defer resp.Body.Close()

	var data IpasisResponse
	if err := json.NewDecoder(resp.Body).Decode(&data); err != nil {
		return
	}

	if data.Security.IsVPN {
		flagUserForReview(userID)
	}
}

Fail-Open vs. Fail-Closed

Engineering leaders must decide on failure modes:

  • Fail-Open: If the IP API times out or fails, allow the request. Preferred for e-commerce and SaaS signups to avoid revenue loss.
  • Fail-Closed: If the API fails, block the request. Mandatory for high-security environments (banking, internal admin panels).

FAQ

Q: What is the optimal TTL for caching IP data? A: For most use cases, 24 hours is standard. Residential IPs are dynamic but rarely cycle faster than daily. Hosting/VPN ranges are static.

Q: Should we whitelist known bots? A: Yes. IPASIS identifies search engine crawlers (Googlebot, Bingbot). Always allow these based on the is_crawler flag to preserve SEO, regardless of data center hosting.

Q: How do we handle IPv6? A: IPASIS handles IPv6 natively. However, when caching, ensure your cache keys normalize IPv6 addresses to avoid cache fragmentation.

Integrate High-Fidelity IP Data

Don't let proxies and bots degrade your platform's integrity. Implement these patterns using IPASIS for enterprise-grade accuracy in VPN, proxy, and tormentor detection.

Get your API Key

Start detecting VPNs and Bots today.

Identify anonymized traffic instantly with IPASIS.

Get API Key