IP Check

Ensuring geocompliance using an IP

If you are using live VPN detection a JWT is returned through the SDK. This response contains details on the users VPN use at the time of issuance.. However, this cannot stop a user from enabling or disabling a VPN afterwards.. To combat this, we include the user’s IP address at the time of issuance in the JWT allowing backend services to compare it with the current IP on subsequent requests

Accurately determining a user's IP address can be challenging and often depends on your specific infrastructure setup. While we recommend a few common approaches, the most reliable solution will ultimately depend on the details of your environment.

When clients connect directly with your backend server, the IP address is available in the TCP connection information.

const clientIP = req.socket.remoteAddress;

This is the most common in production environments, where a load balancer, CDN, or API gateway is present. These proxies often add headers to the request that contain the original client's IP address.

const clientIP = req.headers['x-forwarded-for']?.split(',')[0]?.trim() || req.socket.remoteAddress;

Other common headers include:

• X-Real-IP - The client’s real IP address, commonly used by NGINX

• CF-CONNECTING-IP - Cloudflare’s header containing the original client IP

• True-Client-IP - Alternative header used by Akamai and some other CDNs to indicate the original client IP

• X-Client-IP - Generic header for client IP, used by various proxy services

• Forwarded - Standardized header in RFC 7239 (format: Forward: for=192.0.2.60;proto=http;by=203.0.113.43)