> ## Documentation Index
> Fetch the complete documentation index at: https://ngrok.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Gateway Overview

> Learn about ngrok's building blocks for creating API and device gateways, identity-aware proxies, site-to-site connectivity, and more.

ngrok's Gateway is a platform that gives you the building blocks to create powerful API gateways, device gateways, identity-aware proxies, and site-to-site connectivity.
Across all use cases it secures, accelerates, and protects your applications.
Additionally:

* It works with software running locally or in the cloud, and with devices running on-premises or distributed in the field.
* It supports [TCP](/gateway/tcp/), [TLS](/gateway/tls/), and [HTTP/S](/gateway/http/).
* You can deliver traffic to internal and public APIs, and [orchestrate traffic](/traffic-policy/) across your devices.
* It's globally distributed by default and provides support for multiple environments with minimal configuration.

## Concepts

<Columns cols={1}>
  <Card title="Endpoints" icon="globe" href="/gateway/endpoints/" horizontal>
    Create and manage endpoints to orchestrate traffic to your services.
  </Card>

  <Card title="Traffic Policy" icon="traffic-light" href="/traffic-policy/" horizontal>
    Filter, match, manage, and orchestrate traffic to your endpoints.
  </Card>

  <Card title="AI Gateway" icon="robot" href="/ai-gateway/overview/" horizontal>
    Route, manage, and secure traffic to any LLM whether it is local or hosted providers like OpenAI, Anthropic, and more.
  </Card>

  <Card title="Domains" icon="at" href="/gateway/domains/" horizontal>
    Create public HTTP, HTTPS, and TLS endpoints with hostnames that match your domain.
  </Card>

  <Card icon="computer" title="TCP Addresses" href="/gateway/tcp-addresses/" horizontal>
    Create public TCP endpoints on a fixed hostname and port.
  </Card>

  <Card icon="address-card" title="TLS Certificates" href="/gateway/tls-certificates/" horizontal>
    Automatically manage TLS certificates for terminating TLS connections to
    your endpoints.
  </Card>

  <Card icon="dharmachakra" title="Kubernetes Operators" href="/k8s/" horizontal>
    Automate the creation and management of endpoints for services in your Kubernetes cluster.
  </Card>

  <Card title="Vaults & Secrets" href="/traffic-policy/secrets/" icon="vault" horizontal>
    Securely manage sensitive data such as API keys, passwords, and tokens across your endpoints using centralized and encrypted vaults.
  </Card>

  <Card title="IP Policies" icon="building-shield" href="/traffic-policy/concepts/ip-policies/" horizontal>
    Enforce reusable groups of IP/CIDR allow and deny rules.
  </Card>

  <Card title="TLS Certificate Authorities" icon="people-group" href="/agent/agent-mutual-tls-termination/" horizontal>
    Enforce Mutual TLS authentication (mTLS) on your endpoints with the terminate-tls Traffic Policy action.
  </Card>

  <Card title="Traffic Identities" icon="user-secret" href="/traffic-policy/actions/oauth#traffic-identities" horizontal>
    Get visibility and control of the identities which authenticate to your endpoints with the `oauth` and `openid-connect` Traffic Policy actions.
  </Card>
</Columns>

## Features

* [Traffic Policy](/traffic-policy/) - Filter, match, manage, and orchestrate traffic to your endpoints.
* [Traffic observability](/obs/) - Capture and replay requests and responses.
* [Identity and access management](/iam/) - Manage credentials for human users and automated processes.
* [Kubernetes support](/k8s/) - Ingress and cross-platform Gateway API configuration resources.
* [Secure tunnels](/agent/) - Expose local services or connect devices to ngrok's global network.

## Use cases

<Columns cols={2}>
  <Card title="Route to endpoints by geography" icon="globe" href="/gateway/examples/route-by-geography/">
    Forward requests based on IP geolocation data for reduced latency or
    country-specific features.
  </Card>

  <Card title="Create identity-based rate limits" icon="user" href="/gateway/examples/pre-tier-requests/">
    Pre-tier requests based on your packaging or pricing model.
  </Card>

  <Card title="Secure a public Minecraft server" icon="gamepad" href="/gateway/examples/minecraft/">
    Restrict server access to a specific set of IP addresses.
  </Card>

  <Card title="Intercept and rewrite headers" icon="pencil" href="/gateway/examples/rewrite-headers-redirects/">
    Intercept 302 redirect headers to preserve UX and agent behavior.
  </Card>
</Columns>

## What's next?

* Proceed to the guides section to get started with ngrok as an [API gateway](/guides/api-gateway/get-started/), [device gateway](/guides/device-gateway/overview/), [identity-aware proxy](/guides/identity-aware-proxy/securing-with-oauth/), or for [site-to-site connectivity](/guides/identity-aware-proxy/securing-with-oauth/).
* Check out the [Gateway examples collection](/gateway/examples/) to see how to implement even more common use cases.