Obtaining the IP address

Although providing the IP address in the event is optional, it's highly recommended. This allows the IP collected by the agent to be verified. If you don't provide it, the IP address collected by the agent will be used.

The IP address you provide in the ip field should be the end-user's IP address (i.e. the person whose profile we need to check). You can obtain this from the REMOTE_ADDR header of a HTTP request that comes from your end-user.

If your application is behind a proxy (or proxies), bear in mind that you may need to take the IP address from the X-FORWARDED-FOR header instead. This header can contain a comma-separated list of IP addresses representing all the servers the request has passed through.

Most frameworks and languages offer built-in methods or libraries to help you deduce the end-user IP address in a reliable and safe way. For example, see the information on obtaining the IP address behind a proxy for Express and Python Flask.

Whilst you can simply parse the X-FORWARDED-FOR header, it's safer to use a library or framework method to do this (since there are some edge cases that otherwise would need addressing).