New: Agent endpoints for enhanced developer experience plus control and governance

September 16, 2024

min read

Endpoints are a familiar concept in networking, and ngrok users are no strangers to them. As you know, ngrok lets you bring your endpoints online in one line from the agent using the tunnels configuration. Now, with our latest release, you can create agent endpoints – also known as ephemeral endpoints – with enhanced capabilities through our new endpoints configuration.

This update provides you with deeper insights into your endpoints. You can now find out who initiated an endpoint or a set of endpoints from the agent, identify which traffic policies were applied, and access even more details via the API. This added visibility ensures greater control and governance for NetOps and DevOps teams, empowering them to monitor, manage, and audit network activity more effectively – all while maintaining the simplicity that ngrok is known for.

Endpoint agents with ease of use and DevOps-level control

The version 3 agent configuration file introduces a new root-level key called endpoints. The agent key is now required at the root level, and agent-specific fields are nested underneath.

version: 3
agent:
  authtoken: {Your Authtoken}
endpoints:
  - name: my-endpoint
    url: example.ngrok.io
    upstream:
      url: 8080
      protocol: http2
    metadata: my endpoint metadata
    description: my endpoint description
    traffic_policy:
      inbound:
         - actions:
           - type: custom-response
             config:
               status_code: 200
               content: hello friends!
               headers:
                 content-type: text/plain
           name: my traffic policy

This configuration defines a single endpoint, example.ngrok.io, that will receive traffic via HTTPS on port 8080. Requests to this endpoint receive a jovial custom response - “hello friends!” - as specified by the traffic_policy.

Below is the complete list of supported fields for agent endpoints.

Field	Description
endpoints[*].url	A network address that receives traffic from clients
endpoints[*].name	A name for your endpoint, to be used as an argument to ngrok start
endpoints[*].metadata	User-defined metadata that is returned by the ngrok service API when listing endpoint sessions
endpoints[*].description	A user-defined description of this endpoint that is returned by ngrok service API when listing endpoint sessions
endpoints[*].traffic_policy	The traffic policy configuration for this endpoint
endpoints[*].traffic_policy_file	A path to a traffic policy configuration file
endpoints[*].upstream	The upstream service configuration
endpoints[*].upstream.url	The upstream URL
endpoints[*].upstream.protocol	The upstream application layer protocol
endpoints[*].upstream.proxy_protocol	The upstream proxy protocol

To start the endpoint named my-endpoint, use the following command:

ngrok start my-endpoint

This command will start all endpoints and tunnels:

ngrok start --all

Tunnel configurations are still supported in the v3 configuration file format. You can specify both endpoints and tunnels in the same configuration file, with endpoint configurations taking precedence over tunnels.

New flags for creating agent endpoints in the CLI

With the release of ngrok agent version 3.16.0, we've introduced several enhancements to streamline your workflow and improve usability. The ngrok agent provides full support for endpoints, making it easier than ever to manage your network configurations. We added the --url flag to simplify how you specify the endpoint network address. Instead of juggling multiple flags, you can now define your endpoint using just this single, intuitive flag.

To make transitioning between the agent configuration file and the CLI as seamless as possible, we’ve unified our naming conventions across both. This consistency ensures that whether you’re editing configuration files or using CLI commands, the terminology and options remain the same, minimizing confusion and reducing the learning curve.

Using the agent CLI, you can start the endpoint defined by the agent configuration above with the following command:

ngrok http 8080 --url "https://example.ngrok.io" --upstream-protocol http2 --metadata "my endpoint metadata" --description "my endpoint description" --traffic-policy-file my_traffic_policy.yaml

and following traffic policy configuration file:

# my_traffic_policy.yaml

inbound:
  - actions:
      - type: custom-response
        config:
          content: hello friends!
          headers:
            content-type: text/plain
          status_code: 200
    name: my traffic policy

The v3.15 agent adds five new flags and deprecates four.

Flag	Description	Deprecates/Replaces
--url	A network address that receives traffic from clients	--domain, --scheme
--description	A user-defined description of this endpoint that will appear in the ngrok service API when listing endpoint sessions	N/A
--metadata	User-defined metadata that will appear in the ngrok service API when listing endpoint sessions	N/A
--traffic-policy-file	Path to the YAML or JSON traffic policy configuration file	--policy-file
--upstream-protocol	The upstream application layer protocol	--app-protocol

Endpoint observability using the ngrok API

Along with the CLI and configuration file changes, we also bring you an updated API. With the introduction of new fields, we've enhanced observability, offering more detailed insights into your agent endpoints. These new fields are designed to provide richer data within API responses, enabling better monitoring, and optimization of your systems.

To access your agent endpoints with the API, start by generating a new API key in the ngrok dashboard. Then use the agent CLI to add your API key and list your endpoints:

ngrok config add-api-key “{Your API Key}"
ngrok api endpoints list

For an agent running the endpoint configuration above, you’ll receive a response similar to below.

{
  "endpoints": [
    {
      "id": "ep_2lIxQOi83drfJG619NsdxLup13P",
      "created_at": "2024-08-28T21:42:54Z",
      "updated_at": "2024-08-28T21:42:54Z",
      "public_url": "https://example.ngrok.io",
      "proto": "https",
      "hostport": "example.ngrok.io:443",
      "type": "ephemeral",
      "metadata": "my endpoint metadata",
      "description": "my endpoint description",
      "domain": {
        "id": "rd_2lIeBU17hG6tFE9KiSKDdxfhXr9",
        "uri": "https://api.ngrok.com/reserved_domains/rd_2lIeBU17hG6tFE9KiSKDdxfhXr9"
      },
      "tunnel": {
        "id": "tn_2lIxQOi83drfJG619NsdxLup13P",
        "uri": "https://api.ngrok.com/tunnels/tn_2lIxQOi83drfJG619NsdxLup13P"
      },
      "upstream_url": "localhost:8080",
      "upstream_proto": "http2",
      "url": "https://example.ngrok.io",
      "principal_id": {
        "id": "usr_2OOb4Hje60HdTB42lsi8bKg5kSL",
        "uri": ""
      },
      "traffic_policy": "{\"inbound\":[{\"name\":\"my traffic policy\",\"actions\":[{\"type\":\"custom-response\",\"config\":{\"content\":\"hello friends!\",\"headers\":{\"content-type\":\"text/plain\"},\"status_code\":200}}]}]}\n",
      "tunnel_session": {
        "id": "ts_2lIxQP8ujHG6Tu9af6dsxy6LpXM",
        "uri": "https://api.ngrok.com/tunnel_sessions/ts_2lIxQP8ujHG6Tu9af6dsxy6LpXM"
      }
    }
  ],
  "uri": "https://api.ngrok.com/endpoints",
  "next_page_uri": null
}

The introduction of the principal_id object in our API offers a powerful tool for investigating who initiated an endpoint, particularly when dealing with bot users. The principal_id returns a URI that you can use to simply query the API for additional information on the bot user. This capability is especially valuable when managing automated processes, allowing you to isolate and understand the specific activities of these processes. For ops and security teams, this feature is crucial for auditing activity and ensuring compliance with internal policies.

The traffic_policy field provides a straightforward way to see which policy is applied to a particular endpoint. This visibility allows for quick verification of traffic rules, ensuring that the correct policies are enforced without having to sift through configurations.

Finally, the tunnel_session object allows you to easily query the API for the status of your endpoint connections using the provided URI:

curl https://api.ngrok.com/tunnel_sessions/ts_2lIxQP8ujHG6Tu9af6dsxy6LpXM -H "authorization: Bearer {Your API Key}" -H "ngrok-version: 2"

with the returned response

{
  "agent_version": "3.16.0",
  "credential": {
    "id": "cr_2OObv0NKkYsx7s4DvlImN3GRufP",
    "uri": "https://api.ngrok.com/credentials/cr_2OObv0NKkYsx7s4DvlImN3GRufP"
  },
  "id": "ts_2lIxQP8ujHG6Tu9af6dsxy6LpXM",
  "ip": "195.55.171.137",
  "os": "linux",
  "region": "us-cal-1",
  "started_at": "2024-09-04T16:16:19Z",
  "transport": "ngrok/2",
  "uri": "https://api.ngrok.com/tunnel_sessions/ts_2lIxQP8ujHG6Tu9af6dsxy6LpXM"
}

This efficient access to session details enables richer diagnostics and more effective management of your endpoints.

Field	Description
principal_id	Describes the user or bot user responsible for initiating the endpoint
traffic_policy	The YAML or JSON content of the traffic policy configured for the endpoint
tunnel_session	Describes the active connection from the agent to ngrok

Give agent endpoints a try now!

To start creating agent endpoints from the agent configuration file or the CLI, make sure you’re running v3.16.0 of the ngrok agent with ngrok version. If you installed ngrok with a package manager like brew or apt, check those sources for updates. Or, if you installed a binary directly to your PATH, you can also try updating with ngrok update or view our downloads page.

Of course, you’ll also need to grab a free account to make your agent endpoints accessible through the ngrok network.

At ngrok, simplicity has always been at the heart of everything we do. Our goal is to empower developers and operational teams with powerful networking capabilities that remain easy to use, whether you’re spinning up a single service or applying complex traffic policy rules to your endpoints.

We’re continuing that tradition with this release, making it effortless to configure, monitor, and secure your agent endpoints – all while providing the control and visibility that NetOps and DevOps teams need. By simplifying the complex, we’re enabling you to focus on what matters most: building and delivering your applications and APIs with confidence.

p.s. We’d love to hear your feedback and feature requests, for agent endpoints and beyond, in our new ngrok community repository! ❤️

Share this post

Tammy Bailey

← back to index