How Aero uses ngrok to keep communities safe

This is our first guest post from a community member using ngrok in the Aero Project. If ngrok is solving a problem in your project, product, or system, drop me a note and let's talk about sharing it!

Who we are & What we do

During the covid pandemic in 2020, a lot of people suddenly were cut off from their usual social circles. The obvious first way to reconnect was via social media. Whatsapp and Facebook saw massive spikes of their messaging features and Discord's active user count has tripled in some regions.

These sudden changes overwhelmed human content moderation teams due to the sheer amount of content that has to be filtered, reviewed, and all of that while trying to understand the original sentiment. So, naturally, companies like Meta have invested heavily in auto moderation tools to perform the easy tasks like flagging zero-tolerance phrases or filtering known bad links.

This is where Aero comes in. We provide a comprehensive auto-moderation toolkit for Discord. Aero scans thousands of Discord communities for fraudulent urls, known malicious actors, and impersonators. We also aid moderators by scanning messages using AI models to determine the intent, and filter them if they are e.g. threatening, explicit, or contain zero-tolerance terms.

Why we’re using ngrok, how we did it

Moderators configure these filters using a chatbot. Previously, Discord handled chatbots like normal users and forwarded messages to them. Last year, Discord launched Slash Commands to give moderators a new approach.

Here's how the two differ from a technical standpoint:

Message commands:

  • Aero logs into a websocket with Discord
  • Discord sends events via that socket
  • we parse them, and if they contain a command, execute them

Slash Commands:

  • Aero provides an https endpoint
  • Discord parses the command
  • Discord sends a POST request to the endpoint

Aero is an open-source project, so we were looking for an easy way to allow us and contributors to quickly spin up this https endpoint to receive slash commands, which led us to ngrok.

To make sure this works out of the box for our contributors, we use ngrok's Node.js SDK. It allows us to programmatically define endpoints and ports, and to launch the ngrok service together with the application to save our contributors from having to spin up a server every time they're developing. In production, we pass in a static URL through environment variables so that we can remotely access the application.

Growing a project with a small team

Even though Aero is a relatively new and small application for Discord, the team behind it has worked on some of the most widely used integrations on the platform, scaling to millions of additional users in the span of days. Our growing pains there have taught us to split a project up into services and to make sure code works independent of the deployment method (e.g. when moving to Kubernetes).

Here, we're again relying on ngrok. Whether we're deploying on bare-metal hardware or inside of a Kubernetes pod, the application will always be reachable at the same static URL. This has allowed us to e.g. set up Prometheus (an industry-standard metrics monitoring system) to monitor growth, but also to find trends in malicious behavior and better protect users.

In the future, we're looking forward to using ngrok for authenticating the Prometheus requests (currently done in Express) and using its static file serving capabilities to quickly preview changes to our website.

Hazel Reimer

Hazel is Fullstack Developer and Community Architect from Berlin, working to protect online communities. Currently, she's the maintainer of Aero, an open-source spam prevention and community moderation tool. Her vision is to make the internet into a more cozy place where people can hang out, have fun, and work together.

Share this post
Keith Casey
Keith Casey serves on the Product/GTM Team at ngrok helping teams launch their systems faster and easier than ever before. Previously, he served on the Product Team at Okta working on Identity and Authentication APIs, as an early Developer Evangelist at Twilio, and worked to answer the Ultimate Geek Question at the Library of Congress. His underlying goal is to get good technology into the hands of good people to do great things. In his spare time, he writes at and lives in the woods. He is also a co-author of A Practical Approach to API Design.
Cool tools
Community projects