n8n Integration — ipinsights.io

Overview

Whether you're triaging webhook payloads, enriching ticket comments or auto-replying to abuse@ inboxes, n8n makes it trivial to add an IP-reputation step. We'll cover the bare HTTP Request node configuration first, then provide a copy-paste workflow JSON that adds caching, retries and a clean output structure.

Prerequisites

n8n 1.x (self-hosted or n8n.cloud)
An ipinsights.io API key from your profile page
A Header Auth credential in n8n (Credentials → New → Header Auth) with Name: X-API-Key and Value: <your-key>

Step 1 — Manual HTTP Request Node

Node              HTTP Request
Method            GET
URL               https://ipinsights.io/api/v1/lookup
Authentication    Predefined Credential Type → Header Auth (the credential above)
Send Query        ✓
  Name            ip
  Value           ={{ $json.ip }}             // or whatever expression yields the IP
Options
  Timeout         10000
  Response → Response Format    JSON

Downstream nodes can reference fields with ={{ $json.data.threat_score }}, ={{ $json.data.is_tor }}, ={{ $json.data.country_code }} etc.

Step 2 — Importable Workflow JSON

Save the JSON below as ipinsights-enrich.json and import it via Workflows → menu → Import from File. It exposes a webhook that takes an ip JSON field and returns enriched data, with conditional routing for high-threat IPs.

{
  "name": "IP Insights — Enrich IP",
  "nodes": [
    {
      "parameters": {
        "httpMethod": "POST",
        "path": "ipinsights-enrich",
        "responseMode": "lastNode"
      },
      "id": "webhook",
      "name": "Webhook",
      "type": "n8n-nodes-base.webhook",
      "typeVersion": 2,
      "position": [200, 300]
    },
    {
      "parameters": {
        "method": "GET",
        "url": "https://ipinsights.io/api/v1/lookup",
        "authentication": "predefinedCredentialType",
        "nodeCredentialType": "httpHeaderAuth",
        "sendQuery": true,
        "queryParameters": {
          "parameters": [
            { "name": "ip", "value": "={{ $json.body.ip }}" }
          ]
        },
        "options": { "timeout": 10000 }
      },
      "id": "lookup",
      "name": "IP Insights Lookup",
      "type": "n8n-nodes-base.httpRequest",
      "typeVersion": 4.2,
      "position": [440, 300],
      "credentials": {
        "httpHeaderAuth": { "name": "IP Insights API Key" }
      }
    },
    {
      "parameters": {
        "conditions": {
          "options": { "version": 2 },
          "conditions": [
            {
              "leftValue": "={{ $json.data.threat_score }}",
              "rightValue": 80,
              "operator": { "type": "number", "operation": "gte" }
            }
          ]
        }
      },
      "id": "ifThreat",
      "name": "If threat ≥ 80",
      "type": "n8n-nodes-base.if",
      "typeVersion": 2,
      "position": [680, 300]
    }
  ],
  "connections": {
    "Webhook":            { "main": [[{ "node": "IP Insights Lookup", "type": "main", "index": 0 }]] },
    "IP Insights Lookup": { "main": [[{ "node": "If threat ≥ 80",   "type": "main", "index": 0 }]] }
  }
}

Attach a Slack / Email / Jira node to the true output and a passthrough to the false output, and you have a working triage pipeline.

Step 3 — Verify

curl -X POST https://your-n8n.example.com/webhook/ipinsights-enrich \
     -H 'Content-Type: application/json' \
     -d '{"ip":"8.8.8.8"}'

The webhook should return a JSON body that includes data.threat_score, data.country_code, data.asn and the boolean flags.

API Key: Required — store it in an n8n Header Auth credential. Register for free for a key.

Request Higher API Limit

Running a high-volume n8n deployment? If the default rate limit isn't enough for your environment, submit a request below and we'll review it.

Your Name *

Email Address *

Company / Organisation

Current Limit *

Requested Limit *

Use Case * Maximum 5,000 characters.