Secure site-to-site connectivity: Implement now with ngrok’s new guides

Many customers rely on ngrok to establish secure connections to APIs and databases running at external sites such as their customers’ networks. Connectivity to external sites unlocks a wide range of use cases, and numerous third-party providers offer APIs for interacting with their services—even those normally consumed via other means. ngrok helps you securely access APIs and databases running at external sites to offer unique capabilities to your customers. 

Who needs secure access to external networks?

Consider a SaaS vulnerability scanning application that scans data in customer databases and accesses its customer’s local JIRA instance via JIRA’s API to automatically create issues needed to mitigate security concerns. For another example, a company outside the US that uses SAP’s ERP (Enterprise Resource Planning) software can use ngrok to make their financial data available to their government for compliance reasons. Or think about a dental office application that integrates with multiple tools for scheduling, billing, and insurance verification to offer a comprehensive solution to its customers. What could you build if you could access APIs, databases, and other resources that reside in an external network? 

Site-to-site connectivity enables one organization to consume another organization's APIs, databases, and other resources in a secure, frictionless manner, without the need to ask customers to open inbound ports on their firewall. 

Connecting to customer networks typically requires reconfiguring networking resources and places a significant burden on the customer’s IT team. ngrok equips you to access these APIs and databases without setting up complicated site-to-site VPNs, VPCs, PrivateLinks, or firewall configurations. Instead, you can just offload traffic management and security to ngrok’s global network. 

Meet the guides

We’ve crafted comprehensive guides offering step-by-step instructions, with code examples, to enable you to achieve:

*While we highly recommend encrypting your traffic, we’ve provided the steps to connect to APIs and databases at external sites without mTLS to get you started with implementation and proof of concept. 

This thorough approach to our guides ensures you have all the information you need in one place to perform the following steps:

  1. Install the agent on the external site (i.e. your customer’s network)
  2. Get an ngrok API key
  3. Configure a custom agent ingress address
  4. Create a customer wildcard domain
  5. Create a bot user
  6. Create an agent authtoken with ACL
  7. Configure the ngrok agent API
  8. Start tunnels in the external site with or without mTLS
  9. Access APIs or databases—including instructions for using stunnel to encrypt TCP database traffic

These steps empower you to whitelist the address the ngrok agent uses to connect to the ngrok service and to connect to the agent running in the customer’s network using the agent API. 

Get started with ngrok for site-to-site connectivity today

Our new guides comprehensively explain how to perform the steps outlined above, enabling you to access APIs and databases at external sites independently. However, we want you to feel supported throughout this process. If you have questions, issues, or features to request, you can always find us on X, in the ngrok Slack community, or directly at

Share this post
Mandy Hubbard
Mandy Hubbard is a seasoned technologist with a strong QA and developer advocacy background. She is passionate about software quality, CI/CD, good processes, and great documentation. Mandy is currently a Sr. Technical Marketing Engineer at ngrok, where she combines her technical experience and creative skills to help bring new features to customers.
Secure tunnels