API Reference
Complete REST API documentation for IPCraft. Manage sections, subnets, and IP addresses programmatically.
Base URL
All endpoint paths below are relative to this base URL.
Authentication
All requests except the Network Tools endpoints require authentication via one of two methods:
- Session cookie — automatically set by the login and register endpoints.
- API key — pass an
Authorization: Bearer ipc_...header.
X-Requested-With: XMLHttpRequest header for CSRF protection. API key requests do not need this header.
curl https://api.ipcraft.io/api/v1/sections \
-H "Authorization: Bearer ipc_abc123..."curl -X POST https://api.ipcraft.io/api/v1/sections \
-H "Content-Type: application/json" \
-H "X-Requested-With: XMLHttpRequest" \
-b "session=..." \
-d '{"name": "Production"}'Errors & Plan Limits
All errors return a JSON object with an error key and an appropriate HTTP status code.
{
"error": "Subnet overlaps with existing subnet 10.0.0.0/16"
}| Status | Meaning |
|---|---|
400 | Bad request — invalid input or validation error |
401 | Unauthorized — missing or invalid credentials |
402 | Payment required — plan limit exceeded |
403 | Forbidden — insufficient permissions |
404 | Not found |
429 | Rate limited — too many requests |
Plan Limits
| Limit | Free | Pro ($29/mo) | Teams ($199/mo) | Enterprise |
|---|---|---|---|---|
| Users | 1 | 1 | 5 | Custom |
| Folders | 5 | 25 | 50 | Custom |
| Subnets | 100 | 500 | 500 | Custom |
| IP Addresses | 1,500 | 7,000 | 7,000 | Custom |
| API Access | Read-only | Read/Write | Read/Write | Read/Write |
| Rate Limit | 10 req/s | 30 req/s | 50 req/s | Custom |
| Activity Log | 7 days | 14 days | 90 days | Custom |
Requests that would exceed your plan limits return 402.
Auth Endpoints
Public endpoints for account creation and session management.
Send Magic Link
Send a passwordless login link to the given email address. If the user doesn't exist yet, an account and organization are created when the link is verified.
Request body{
"email": "[email protected]"
}{
"message": "magic link sent"
}Verify Magic Link
Verify the magic link token from the email. Sets a session cookie on success and redirects to the app. Creates a new user and organization on first login.
Response{
"user": {
"id": "usr_abc123",
"email": "[email protected]",
"name": "John Smith"
},
"organization": {
"id": "org_xyz789",
"name": "John Smith's Org"
}
}Logout
Destroys the current session. No request body required.
Response204 No ContentGet Current User
Returns the authenticated user and their organization. Requires auth.
Response{
"user": {
"id": "usr_abc123",
"email": "[email protected]",
"name": "John Smith"
},
"organization": {
"id": "org_xyz789",
"name": "John Smith's Org",
"plan": "free"
}
}Folders
Folders are top-level organizational containers for grouping subnets (e.g., "Production", "Development").
List Folders
Returns all folders for the authenticated organization.
Response[
{
"id": "sec_001",
"name": "Production",
"description": "Production network ranges",
"sort_order": 0,
"created_at": "2026-03-01T12:00:00Z"
}
]Create Folder
Create a new folder.
Request body{
"name": "Production",
"description": "Production network ranges",
"sort_order": 0
}Only name is required. description and sort_order are optional.
{
"id": "sec_001",
"name": "Production",
"description": "Production network ranges",
"sort_order": 0,
"created_at": "2026-03-01T12:00:00Z"
}Get Folder
Returns a single folder by ID.
Response{
"id": "sec_001",
"name": "Production",
"description": "Production network ranges",
"sort_order": 0,
"created_at": "2026-03-01T12:00:00Z"
}Update Folder
Update a folder. All fields are optional — only provided fields are changed.
Request body{
"name": "Prod (US-East)",
"description": "US East production ranges",
"sort_order": 1
}Returns the updated folder object.
Delete Folder
Delete a folder.
Response204 No ContentSubnets
Subnets represent CIDR network ranges. They form a hierarchy — creating a subnet within an existing range automatically nests it as a child. Overlap detection prevents conflicting ranges.
List Subnets
List subnets, optionally filtered by folder. Includes utilization statistics.
Query parameterssection_id— filter by folder (optional)
[
{
"id": "sub_001",
"network": "10.0.0.0/16",
"name": "Core network",
"description": "Main production range",
"section_id": "sec_001",
"vrf_id": null,
"gateway": "10.0.0.1",
"is_pool": false,
"utilization": 0.12,
"created_at": "2026-03-01T12:00:00Z"
}
]Create Subnet
Create a new subnet. The parent is auto-detected based on CIDR containment. Overlapping ranges are rejected.
Request body{
"network": "10.0.1.0/24",
"name": "Web servers",
"description": "Web tier subnet",
"section_id": "sec_001",
"vrf_id": null,
"gateway": "10.0.1.1",
"is_pool": false
}Only network is required. All other fields are optional.
Returns the created subnet object.
Get Subnet
Returns a subnet and its child subnets.
Response{
"id": "sub_001",
"network": "10.0.0.0/16",
"name": "Core network",
"children": [
{
"id": "sub_002",
"network": "10.0.1.0/24",
"name": "Web servers"
}
]
}Update Subnet
Update subnet metadata. All fields are optional.
Request body{
"name": "Web servers (prod)",
"description": "Production web tier",
"section_id": "sec_001",
"is_pool": true,
"gateway": "10.0.1.1"
}Returns the updated subnet object.
Delete Subnet
Delete a subnet. Cascades to all child subnets and addresses.
204 No ContentSplit Subnet
Split a subnet into equal parts. The number of parts must be a power of 2 (2, 4, 8, etc.).
Request body{
"parts": 4
}[
{ "id": "sub_010", "network": "10.0.0.0/26" },
{ "id": "sub_011", "network": "10.0.0.64/26" },
{ "id": "sub_012", "network": "10.0.0.128/26" },
{ "id": "sub_013", "network": "10.0.0.192/26" }
]Subnet Usage
Returns utilization statistics for a subnet.
Response{
"used": 42,
"total": 254,
"utilization": 0.165
}First Free IP
Returns the first available IP address in the subnet. Returns null if the subnet is full.
{
"ip": "10.0.1.5"
}{
"ip": null
}Addresses
Individual IP address records within a subnet. Each address is validated against the parent subnet's CIDR range.
List Addresses
List all IP addresses in a subnet.
Response[
{
"id": "addr_001",
"ip": "10.0.1.10",
"hostname": "web-01.prod",
"mac_address": "00:1A:2B:3C:4D:5E",
"description": "Primary web server",
"status": "active",
"owner": "platform-team",
"created_at": "2026-03-01T12:00:00Z"
}
]Create Address
Assign an IP address within a subnet. The IP is validated to be within the subnet's CIDR range.
Request body{
"ip": "10.0.1.10",
"hostname": "web-01.prod",
"mac_address": "00:1A:2B:3C:4D:5E",
"description": "Primary web server",
"status": "active",
"owner": "platform-team"
}Only ip is required. All other fields are optional.
Returns the created address object.
Get Address
Returns a single address by ID.
Response{
"id": "addr_001",
"ip": "10.0.1.10",
"hostname": "web-01.prod",
"mac_address": "00:1A:2B:3C:4D:5E",
"description": "Primary web server",
"status": "active",
"owner": "platform-team",
"subnet_id": "sub_002",
"created_at": "2026-03-01T12:00:00Z",
"updated_at": "2026-03-10T08:30:00Z"
}Update Address
Update address metadata. All fields are optional.
Request body{
"hostname": "web-01a.prod",
"mac_address": "00:1A:2B:3C:4D:5F",
"description": "Migrated web server",
"status": "active",
"owner": "platform-team"
}Returns the updated address object.
Delete Address
Remove an IP address assignment.
Response204 No ContentWebhooks
Subscribe to real-time event notifications. See the Webhooks guide for setup instructions and signature verification.
List Webhooks
List all webhook subscriptions. The signing secret is never included in list responses.
Response[
{
"id": "wh_001",
"url": "https://example.com/webhooks/ipcraft",
"description": "CMDB sync",
"event_types": ["subnet.created", "subnet.deleted"],
"is_active": true,
"failure_count": 0,
"created_at": "2026-03-21T16:00:00Z"
}
]Create Webhook
Create a new webhook subscription. Returns the signing secret — store it securely, it is only shown once.
Request body{
"url": "https://example.com/webhooks/ipcraft",
"description": "CMDB sync",
"event_types": ["subnet.created", "subnet.deleted"]
}Leave event_types empty ([]) to receive all event types.
{
"id": "a1b2c3d4-...",
"url": "https://example.com/webhooks/ipcraft",
"secret": "whsec_a1b2c3d4e5f6...",
"event_types": ["subnet.created", "subnet.deleted"],
"is_active": true
}secret value immediately. It cannot be retrieved again. Use it to verify webhook signatures.Get Webhook
Get a single webhook subscription. The signing secret is not included.
Update Webhook
Update a webhook's URL, description, event types, or active status. Re-enabling a disabled webhook resets the failure count.
Request body{
"url": "https://new-endpoint.example.com/hook",
"event_types": ["address.created"],
"is_active": true
}200 OKDelete Webhook
Permanently delete a webhook subscription and all its delivery history.
Response204 No ContentList Deliveries
List recent delivery attempts for a webhook. Supports ?limit= and ?offset= query parameters (max 200).
[
{
"id": "del_001",
"event_type": "subnet.created",
"response_status": 200,
"duration_ms": 142,
"attempt": 1,
"delivered_at": "2026-03-21T16:30:00Z"
}
]Test Ping
Send a test ping event to the webhook endpoint. Returns the delivery result so you can verify connectivity.
{
"event_type": "ping",
"response_status": 200,
"duration_ms": 95,
"attempt": 1
}Returns 502 if the endpoint is unreachable or returns a non-2xx status.
Rotate Secret
Generate a new signing secret for the webhook. The old secret stops working immediately.
Response{
"secret": "whsec_new_secret_value..."
}API Keys
Manage API keys for programmatic access. The full key is only shown once at creation time.
List Keys
List all API keys. Only the key prefix is shown — the full key is never returned after creation.
Response[
{
"id": "key_001",
"name": "Ansible automation",
"key_prefix": "ipc_a1b2c3",
"created_at": "2026-03-01T12:00:00Z",
"last_used_at": "2026-03-14T09:15:00Z"
}
]Create Key
Generate a new API key. The full key is only returned in this response — store it securely.
Request body{
"name": "Ansible automation"
}{
"id": "key_001",
"name": "Ansible automation",
"key": "ipc_a1b2c3d4e5f6g7h8i9j0...",
"key_prefix": "ipc_a1b2c3"
}key value immediately. It cannot be retrieved again.Delete Key
Revoke an API key. Any requests using this key will immediately start returning 401.
204 No ContentBilling
Manage your subscription plan via Stripe integration.
Get Plan
Returns current plan details, usage, and limits.
Response{
"plan": "free",
"usage": {
"sections": 1,
"subnets": 3,
"addresses": 42
},
"limits": {
"sections": 1,
"subnets": 5,
"addresses": 100
}
}Checkout
Creates a Stripe Checkout session for upgrading to Pro. Redirect the user to the returned URL.
Response{
"url": "https://checkout.stripe.com/c/pay/cs_live_..."
}Customer Portal
Creates a Stripe Customer Portal session for managing billing, invoices, and cancellation.
Response{
"url": "https://billing.stripe.com/p/session/..."
}Search
Full-text search across subnets and addresses.
Search by IP address, hostname, network CIDR, description, or any other field. Returns matching subnets and addresses.
Query parametersq— search query (required)
{
"subnets": [
{
"id": "sub_002",
"network": "10.0.1.0/24",
"name": "Web servers"
}
],
"addresses": [
{
"id": "addr_001",
"ip": "10.0.1.10",
"hostname": "web-01.prod"
}
]
}Activity
Audit log of actions performed within your organization.
Returns a paginated list of activity entries.
Query parameterslimit— number of entries to return (optional)offset— pagination offset (optional)
[
{
"id": "act_001",
"action": "subnet.created",
"resource_type": "subnet",
"resource_id": "sub_002",
"user_id": "usr_abc123",
"details": "Created subnet 10.0.1.0/24",
"created_at": "2026-03-14T10:30:00Z"
}
]Network Tools
Public endpoints for common network lookups. No authentication required. Rate-limited to 10 requests per minute per IP address.
DNS Lookup
Perform a DNS lookup from 3 independent resolvers (Google, Cloudflare, Quad9).
Query parametersdomain— domain name to resolve (required)type— record type: A, AAAA, MX, TXT, NS, CNAME, SOA (required)
{
"domain": "example.com",
"type": "A",
"resolvers": {
"google": ["93.184.216.34"],
"cloudflare": ["93.184.216.34"],
"quad9": ["93.184.216.34"]
}
}Reverse DNS
Perform a reverse DNS lookup for an IP address.
Query parametersip— IP address (required)
{
"ip": "8.8.8.8",
"hostnames": ["dns.google"]
}WHOIS Lookup
Perform a WHOIS lookup for a domain or IP address.
Query parametersquery— domain name or IP address (required)
{
"query": "example.com",
"raw": "Domain Name: EXAMPLE.COM\nRegistry Domain ID: ..."
}Ping (TCP Check)
TCP connectivity check to a host.
Query parametershost— hostname or IP address (required)
{
"host": "example.com",
"reachable": true,
"latency_ms": 24
}Port Scan
Scan 19 common ports on a host (FTP, SSH, HTTP, HTTPS, DNS, SMTP, etc.).
Query parametershost— hostname or IP address (required)
{
"host": "example.com",
"ports": [
{ "port": 80, "service": "http", "open": true },
{ "port": 443, "service": "https", "open": true },
{ "port": 22, "service": "ssh", "open": false }
]
}My IP
Returns the client's public IP address and related information.
Response{
"ip": "203.0.113.42"
}Request Headers
Returns the HTTP headers sent by the client.
Response{
"headers": {
"User-Agent": "curl/8.1.0",
"Accept": "*/*",
"Host": "api.ipcraft.io"
}
}