Pricing & Credit System

How Credits Work

Port Six uses a credit-based pricing model. Credits are consumed when you make API requests, with costs varying based on the endpoint and data features requested.

Credit Calculator

Use the calculator below to see how credits are consumed for IP lookups. Select which enrichment fields you need - you only pay for the data you request.

API Request

curl -H "X-API-Key: YOUR_API_KEY" \
  "https://api.portsix.io/v1/ip/185.220.101.45"

Select Enrichment Data

Each enrichment costs 1 credit. Uncheck to exclude from response.

Geolocation1 credit

Country, city, coordinates, timezone

ASN Information1 credit

Autonomous System Number and organization

Cloud Providernull1 credit0 credits

AWS, GCP, Azure detection

Anonymization1 credit

TOR, VPN, proxy detection

Reverse DNS1 credit

PTR record hostname lookup

WHOIS1 credit

IP registration and network info

Threat Intelligence2 credits

Threat tags, sources, confidence scores

Max Credits8

Null values (no charge)-1

Total Credits7

Example Response

{
  "success": true,
  "data": {
    "observable_id": 3664181,
    "type": "ipv4",
    "value": "185.220.101.45",
    "status": "active",
    "risk_score": 43.74,
    "enriched_at": "2026-01-03T21:26:26Z",
    "geo": {
      "country_code": "DE",
      "country_name": "Germany",
      "city": "Berlin",
      "state_province": "State of Berlin",
      "latitude": 52.52,
      "longitude": 13.405,
      "timezone": "Europe/Berlin"
    },
    "asn": {
      "asn": 60729,
      "org_name": "TORSERVERS-NET",
      "country_code": "DE"
    },
    "cloud": null,
    "anonymization": {
      "type": "tor-exit",
      "provider": "TOR",
      "confidence": 1
    },
    "rdns": {
      "hostname": "tor-exit-45.for-privacy.net",
      "provider": "1.1.1.1"
    },
    "whois": {
      "rir": "RIPE",
      "whois_server": "whois.ripe.net"
    },
    "threat_intel": {
      "tags": [
        {
          "name": "Anon: Tor"
        },
        {
          "name": "Brute Force"
        },
        {
          "name": "Protocol: Ssh"
        }
      ],
      "sources": [
        "alienvault_otx",
        "greensnow-blocklist"
      ],
      "first_seen": "2025-12-01T03:14:09Z",
      "last_seen": "2025-12-30T06:44:02Z",
      "confidence": 90
    },
    "relationships": [
      {
        "direction": "outgoing",
        "relationship_type": "resolves_to",
        "target_type": "domain",
        "target_value": "for-privacy.net",
        "confidence": 0.85
      }
    ]
  },
  "meta": {
    "credits_cost": 7,
    "credits_remaining": 9993,
    "execution_time_ms": 2515
  }
}

Pay Only for Data Returned

Credits are only charged when data is successfully returned. If a request returns no data, encounters an error, or a specific data feature is unavailable, you are not charged for that portion of the request.

Examples:

IP enrichment with threat intel: If you request threat intelligence for an IP that has no threat intel data, you pay 1 credit (basic lookup) instead of 3 credits.
Failed requests: 4xx or 5xx errors do not consume credits.
Empty results: Searches that return zero results are not charged.
Partial data: If you request multiple data features but only some are available, you only pay for the features that returned data.

Credit Pricing by Endpoint

Each endpoint has a base cost and optional features that may add additional credits:

Endpoint	Base Cost	Optional Features
IP Enrichment	1 credit	+2 credits for threat intel
Domain Enrichment	1 credit	+2 credits for threat intel
Hash Lookup	5 credits	Threat intel data
Observable Search	2 credits	Per query
Relationships	4 credits	Per query
Threat Context	3 credits	Per observable

Credit Usage in Response Headers

Every API response includes headers showing credit consumption:

X-Credits-Used: 3
X-Credits-Remaining: 9997
X-Credits-Reset: 2025-11-01T00:00:00Z

Subscription Tiers

See the Pricing page for tier details, credit allocations, and rate limits.

Usage Analytics

Track API consumption with granular visibility in your dashboard. Unlike other platforms that provide only aggregate usage data, Port Six gives you per-key, per-endpoint analytics to optimize your integrations.

Per-Key Analytics

Create multiple API keys for different use cases and track each independently:

Production vs. Development - Separate keys prevent dev testing from consuming production quota
Per-integration tracking - Splunk key, SOAR key, custom script key
Team attribution - Assign keys to teams for internal chargeback

Metrics Available

Metric	Description
Total Requests	Request count by time period (24h, 7d, 30d, 90d)
Avg Response Time	Performance monitoring (target: <100ms)
Success Rate	API reliability tracking (target: 99.9%)
Error Count	Failed requests for debugging integrations
Endpoint Breakdown	Usage by endpoint (/ip, /domain, etc.)
Response Time Distribution	P50, P95, P99 latency buckets

Use Cases

Budget forecasting - Project credit usage based on historical patterns
Integration health - Monitor error rates per API key to detect issues
Optimization - Identify high-volume endpoints for local caching
Chargeback - Attribute usage to teams/projects via separate keys