March 16, 2023
min read

Expanding ngrok's free plan with security in one line

Sam Richard

We built ngrok with a simple mission: to empower developers while keeping security teams happy. We strive to take ingress off developers’ plates with our platform, and that requires making security-focused features accessible and easy to use. Today, I'm proud to announce an important step in that direction: we're adding our security features — OAuth and Webhook validation — to our free plan.

OAuth in one line

OAuth 2.0 is a key security protocol of the internet. It is the de-facto standard that services like GitHub, Google, Meta, Twitch, and Microsoft use to share identities — together with OpenID Connect — and authorization with developer apps while protecting their users’ data and maintaining trust.

However, OAuth is very complex to implement, requiring a deep understanding of its principles, concepts, and security requirements to keep communications safe. Diligence and care are essential for a secure implementation, adding a time burden to developers.

We've integrated with the most popular OAuth providers — including Google, Microsoft, GitHub, LinkedIn — and implemented their integrations and best practices at our service edge, replacing the OAuth burden with one line:

ngrok http 80 --oauth="google"

With OAuth in one line in our free plan, developers can integrate up to 5 users a month with an OAuth provider to secure their web applications instantly.

OAuth login with ngrok and GitHub

Webhook validation in one line

Webhooks are the most popular method used by cloud services to notify developer apps of events. It is how apps ranging from DocuSign to Twilio to Stripe tell the developer service a contract is signed, a SMS was received, or a payment was processed.

To keep their apps safe, developers must validate webhook requests in many ways, including validating the message signature for authentication, validating timestamps, and if the message content is not tampered. Each provider applies different methods for validating their webhook messages, making it hard for developers.

Since many developers find ngrok by a recommendation from their favorite services, we partnered with and built integrations for 60 of the most popular services, bringing the webhook validation down to a single command:

ngrok http 80 --verify-webhook="stripe" --verify-webhook-secret="secret"

With webhook free validation, developers can secure their webhook communications up to 500 requests a month with a single command.

We share our mission with like-minded companies

To build security in one line, we had to go beyond the OAuth and Webhook protocols and navigate each solution recommendation, best security practices, and implementation specifics. That wouldn't have been possible without the help of like-minded companies that share the same passion for developers and security we do.

"We're thrilled to see ngrok expand their free plan with security features, making it incredibly easy to add OAuth and webhook validations, including to Zoom webhooks, in just one line of code. This commitment to security and ease of use is exactly what developers need to create secure applications quickly and efficiently. It aligns perfectly with our mission to securely connect people and enable them to achieve great things."

— Tim Slagle, Developer Advocacy Manager at Zoom

These additions to our free plan are just the beginning. Our team is working on exciting new ways of empowering developers with magical experiences, best practices, and like-minded partners. We can’t wait to share what’s next. We also would love to hear from you on what we should prioritize.

Get started

We are excited to see what developers will build and how they will continue to shape the future of app development. To check out OAuth and Webhooks in one line, sign up for ngrok for free. You can also try our webhook tutorials or check our get started with OAuth blog post.

Share this post
Product updates