Your AI coding assistant can write code that calls an IP geolocation API. It cannot call the network itself.
That gap is now closed. The IPstack MCP server is live, and it connects Cursor, Claude Desktop, Windsurf, VS Code Copilot, and Cline to real-time IP geolocation, ASN, and threat data. You wire it up with one config block and an API key.
Table of Contents
What is MCP, in one paragraph?
The Model Context Protocol is an open standard, introduced by Anthropic, that lets AI applications call external data sources and services as structured “tools” during a conversation. Instead of hard-coding a separate integration for every model and every tool, you expose a tool once and any compatible client can use it. The official MCP documentation covers the full spec, but one idea is enough here: MCP is how your coding assistant reaches IPstack. We have written a fuller walkthrough on turning any REST API into an MCP server if you want the deeper dive
What is the IPstack MCP server?
The IPstack MCP server is a small server that exposes the IPstack API to your AI assistant as a set of callable tools. Ask about an IP, and your assistant runs a live lookup and answers with real data instead of a guess.
Until now, an AI assistant sat outside the network. It could generate a fetch() call to a geolocation API, but it had no way to run that call and read the result mid-conversation. So when you asked “where is this IP from?”, it either invented an answer or told you to go check yourself.
The IPstack MCP server removes that wall. It gives your AI assistant live IP geolocation, ASN, and connection data, plus VPN, proxy, and Tor detection, and lets the model reason over the response the same way it reasons over your code. It handles both IPv4 and IPv6, resolves an address down to the city, and returns timezone and currency alongside the network details.
Which AI tools work with the IPstack MCP server?
These clients work out of the box:
- Cursor
- Claude Desktop
- Windsurf
- VS Code Copilot
- Cline
Any MCP-compatible client can connect using the same config block below.
See it work
Here is a real interaction. You are looking at a cluster of failed logins in your server logs and you want to know who is behind one of them. You ask your assistant, right in the editor:
You: Where is 185.220.101.34 from, and is it hiding behind anything?
Your assistant calls the IPstack MCP server. In Cursor or Claude, the call shows up in the MCP log as it runs:
→ apilayer · standard_lookup { "ip": "185.220.101.34", "security": 1 }
← 200 OK (1 result, 291 ms)
IPstack returns the data:
{
"ip": "185.220.101.34",
"type": "ipv4",
"country_code": "AT",
"country_name": "Austria",
"region_name": "Vienna",
"city": "Vienna",
"latitude": 48.2065,
"longitude": 16.3667,
"connection": {
"asn": 208323,
"isp": "Foundation for Applied Privacy"
},
"security": {
"is_proxy": false,
"is_crawler": false,
"is_tor": true,
"threat_level": "high",
"threat_types": ["tor"]
}
}
Your assistant answers in plain language:
Assistant: That IP resolves to Vienna, Austria, on AS208323 (Foundation for Applied Privacy). It is a Tor exit node: is_tor is true and threat_level is high. Treat the real origin as unknown and the request as high-risk.
No browser tab, no curl, no SDK to wire up. You asked a question and your AI coding tool ran a live IP lookup to answer it. That is the whole point.
Because the same server exposes a bulk endpoint, the obvious next move is to hand it the whole list. Ask it to check every IP from this morning’s failed logins, and it resolves up to 50 in a single call, then groups them by country or flags the anonymized ones. The lookup becomes part of the conversation instead of a side task you context-switch into.
How do I connect IPstack to my AI assistant?
Paste one config block, add your API key, restart your client.
Here is the config for a client that uses the standard MCP format, such as Claude Desktop or Cursor:
{
"mcpServers": {
"apilayer": {
"command": "npx",
"args": ["@apilayer/mcp-server"],
"env": {
"APILAYER_ACCESS_KEY": "your_api_key_here"
}
}
}
}
Replace your_api_key_here with your IPstack key, save, and restart. In Cursor, open Settings (Cmd/Ctrl + ,), go to the MCP section, click Add MCP Server, paste the block, and restart. npx (bundled with Node.js) pulls and runs the server for you, so there is nothing to install or host. Your API key stays on your machine.
You can also run it on its own to confirm it starts:
npx @apilayer/mcp-server
That is the fast path. If you would rather not run anything locally, the IPstack MCP server is also available as a hosted HTTP endpoint:
{
"mcpServers": {
"apilayer": {
"url": "https://mcp.apilayer.com/mcp",
"headers": {
"Authorization": "Bearer your_api_key_here"
}
}
}
}
The IPstack MCP user guide has per-client steps for both options.
What it does not do
Two honest limits, because they will save you a support ticket.
First, the threat fields in the example above (VPN, proxy, Tor, and threat_level) come from IPstack’s Security Module, which is part of a paid plan. Standard geolocation, meaning country, region, city, coordinates, ISP, and ASN, works on the free tier. You can test the full MCP setup for free and turn on threat detection when you need it.
Second, IP geolocation is an estimate, not a GPS fix. City-level accuracy is strong, but the right way to read a result is “very likely here,” not “exactly here.” If you are new to that tradeoff, our IP geolocation primer explains where the data comes from and why it varies.
You already use IPstack? Here is a new way to use it.
If IPstack already powers fraud checks or localization in your product, nothing about that changes. The MCP server is not a migration, and it is not a replacement for your existing integration. It is a new surface for the same API and the same data you already trust.
The difference is where you consume it. Your production code keeps calling IPstack exactly the way it does today. MCP adds a second entry point — your editor — for the moments when you are debugging a suspicious request, triaging a log line, or writing the rule that flags it. Same key, same endpoints, same response shape. You are just querying it from a new place, without breaking flow to open a terminal.
Say you are tightening a rule that blocks logins from anonymized connections. You can paste a handful of real IPs from your logs, ask your assistant to run them through IPstack, and see which ones trip is_proxy or is_tor before you ship the change. The data you would have tested against in a throwaway script is now one prompt away.
Get Your Free
IP Geolocation Key!
IPstack
Join thousands of developers using ipstack for real-time IP intelligence!
Get Your Free API Key!100 Requests Free!
What’s next
This is the first MCP server from APILayer, and it will not be the last. More of the APIs on the platform are headed to MCP — keep an eye on the APILayer blog for the next announcement.
The tools you code with are moving into the loop alongside you, and they work better when they can see real data instead of guessing at it. The IPstack MCP server is one concrete step in that direction.
If you want the deeper compare-and-contrast on when to reach for MCP versus the SDK or REST directly, we have written that up in MCP vs. SDK vs. REST: three ways to give your AI app IP data.
Frequently asked questions
Is the IPstack MCP server free to use?
Yes. The MCP server itself is free. You pay only for IPstack usage based on your plan. Standard geolocation works on the free tier; threat detection (VPN, proxy, Tor) requires the Security Module on a paid plan.
Which AI tools support the IPstack MCP server?
Cursor, Claude Desktop, VS Code Copilot, Windsurf, and Cline. Any MCP-compatible client works out of the box using the config block above.
Do I need to host or deploy anything?
No. npx (bundled with Node.js) downloads and runs the server locally on first use. A remote HTTP option is available at https://mcp.apilayer.com/mcp with Bearer auth if you would rather not run it locally.
Does the IPstack MCP server work with IPv6?
Yes. Both IPv4 and IPv6 addresses are supported via the same standard_lookup tool.
Can the MCP server look up multiple IPs at once?
Yes. The bulk endpoint handles up to 50 IPs in a single call, returning them in one response — useful for batching log triage or fraud sweeps.
What is the difference between IPstack MCP and the IPstack SDK?
The SDK is for production code. MCP is for your AI editor. They share the same API key and response shapes, but MCP lets your assistant call IPstack as part of a conversation, while the SDK is what you import into the app you ship.
Get your API key → Free tier, no credit card. Geolocation works immediately; threat detection unlocks with the Security Module.