Glossary of Terms - ngrok documentation

The following definitions are provided to help you better understand the technical concepts related to using ngrok.

Agent Endpoint

An Agent Endpoint is an ngrok endpoint created by an ngrok agent (or Agent SDK) that connects to an upstream service. The agent establishes a secure tunnel to the ngrok cloud, which forwards traffic to your local or remote service. Learn More

ALPN

ALPN (Application-Layer Protocol Negotiation) allows a client and server to negotiate which application protocol (like HTTP/2 or HTTP/1.1) to use over a secure connection during the TLS handshake. Learn More

CEL

CEL (Common Expression Language) is a fast, safe, and portable expression language developed by Google for evaluating expressions in configuration, policy, and runtime environments. Learn More

circuit breaker

A circuit breaker is a resilience pattern that monitors for failures and temporarily stops forwarding requests to an unhealthy upstream service, allowing it time to recover. Learn More

Cloud Endpoint

A Cloud Endpoint is a persistent ngrok endpoint that runs in ngrok’s cloud service. Configured entirely in the ngrok dashboard or API, Cloud Endpoints can route traffic to upstream URLs and other endpoints, send custom responses, and more using Traffic Policy. Learn More

CORS

CORS (Cross-Origin Resource Sharing) is a browser security mechanism that controls which web domains are allowed to make requests to a different domain, preventing unauthorized cross-site interactions. Learn More

CRD

CustomResourceDefinitions allow users to extend the Kubernetes API by defining their own resource types. Learn More

Endpoint Pooling

When your create two ngrok endpoints with the same URL (and binding), those endpoints automatically form a “pool” and share incoming traffic. Learn More

Gateway API CRD

Gateway API CRDs (Custom Resource Definitions) are a set of standardized, extensible resources that manage networking configurations like routing, gateways, and Traffic Policies. Learn More

gRPC

gRPC is a high-performance, open-source remote procedure call (RPC) framework developed by Google that uses HTTP/2 for transport and Protocol Buffers for serialization. Learn More

Helm

Helm is a package manager for Kubernetes that simplifies the deployment and management of applications on Kubernetes clusters. Learn More

HMAC

HMAC (Hash-based Message Authentication Code) is a cryptographic technique that uses a secret key and a hash function to verify both the integrity and authenticity of a message. Learn More

IdP

An IdP (Identity Provider) is a service that stores and manages digital identities, authenticating users and providing identity information to other applications via protocols like SAML or OIDC. Learn More

Ingress

An ingress is an entry point into a network for traffic from outside of the network.

Internal Endpoint

Internal Endpoints are only accessible to traffic from your other ngrok endpoints, enabling service-to-service communication without exposing traffic to the public internet. Internal Endpoints use the .internal top-level domain. Learn More

CIDR

Classless Inter-Domain Routing is a method used to allocate IP addresses more efficiently and route IP packets more flexibly than older class-based systems. Learn More

JIT provisioning

Just-In-Time Single Sign-On Provisioning is a user account provisioning method that automatically creates (or updates) user accounts at the time of login via Single Sign-On, rather than pre-creating all user accounts in advance. Learn More

JWT

A JWT (JSON Web Token) is a compact, URL-safe token format used to securely transmit information between parties as a JSON object, commonly used for authentication and authorization. Learn More

K8s

K8s is an industry-standard abbreviation for Kubernetes. Learn More

Let’s Encrypt

A free, automated, and open certificate authority (CA) that provides digital certificates to enable HTTPS (SSL/TLS) for websites. Learn More

MCP

MCP (Model Context Protocol) is an open standard that allows AI models to access external data, tools, and services, and potentially use them to automate workflows. Learn More

mTLS

mTLS (Mutual TLS) is a security protocol where both the client and server authenticate each other using TLS certificates, ensuring both parties are who they claim to be. Learn More

ngrok Agent

The ngrok agent is a lightweight command-line application that you install on your machine or server. It establishes secure, outbound-only connections to the ngrok cloud to create endpoints for your upstream services. Learn More

OAuth

OAuth is an open standard for authorization that allows users to grant third-party applications limited access to their resources without sharing their credentials. Learn More

OIDC

OpenID Connect (OIDC) is an authentication protocol that enables third-party applications to confirm a user’s identity and access basic profile details through a single sign-on (SSO) process. Learn More

OWASP

The Open Web Application Security Project is a non-profit organization dedicated to improving software security through providing resources, tools, and community support. Learn More

Point of Presence

A Point of Presence (PoP) is a physical location in ngrok’s global network where traffic enters the ngrok cloud. ngrok operates PoPs around the world to minimize latency for end users. Learn More

RBAC

RBAC (Role-Based Access Control) is a method of restricting system access based on the roles assigned to individual users within an organization. Learn More

Reverse Proxy

Reverse proxies are an extra security layer between public traffic and your internal services. They live on servers or cloud services, and they intercept and forward traffic to upstream services. Learn More

Service User

A Service User (previously called a Bot User) is a service account that owns a set of credentials (authtokens, API keys, and SSH keys) independently of a person. This is useful for automated systems that programmatically interact with your ngrok accounts. Learn More

SAML

SAML (Security Assertion Markup Language) is an open standard for exchanging authentication and authorization data between an identity provider and a service provider, commonly used for enterprise single sign-on. Learn More

SCIM

SCIM (System for Cross-domain Identity Management) is an open standard for automating the exchange of user identity information between identity domains or IT systems. Learn More

Shadow IT

Shadow IT refers to IT systems, software, and cloud services used by individuals within an organization without the IT department’s knowledge or approval. Learn More

SSO

SSO (Single Sign-On) is an authentication method that allows users to log in once and gain access to multiple related applications or systems without re-entering credentials. Learn More

SNI

SNI (Server Name Indication) is a TLS extension that allows a client to specify the hostname it is trying to connect to during the TLS handshake, enabling servers to present the correct SSL/TLS certificate for that hostname. Learn More

TCP-KeepAlive

TCP KeepAlive enables TCP connections to remain active even when no data is exchanged between the connected endpoints. Learn More

TLS Certificate

A TLS certificate (or SSL certificate) is a digital certificate that ensure your connection to a website or server is securly encrypted. Learn More

TLS Termination

TLS (Transport Layer Security) termination is the process of decrypting incoming TLS traffic at a server or load balancer before passing the unencrypted traffic to internal systems. Learn More

Traffic Policy

Traffic Policy is a configuration language that enables you to filter, match, manage, and orchestrate traffic to your endpoints. For example, you can add authentication, send custom responses, rate limit traffic, and more. Learn More

upstream

An upstream is the service, server, or URL that ngrok forwards incoming traffic to. When you create an ngrok endpoint, the upstream is the destination that ultimately handles the request.

v2

v2 is shorthand for the second major version of the ngrok Agent. Learn More

v3

v3 is shorthand for the third major version of the ngrok Agent. Learn More

WAF

A web application firewall (WAF) is an intermediary service in the cloud or on a server that protects web services by filtering and monitoring HTTP traffic. Learn More

WebSocket

WebSocket is a communication protocol that provides full-duplex (two-way) communication channels over a single TCP connection, enabling real-time data exchange between a client and server. Learn More

Documentation Index

​Agent Endpoint

​ALPN

​CEL

​circuit breaker

​Cloud Endpoint

​CORS

​CRD

​Endpoint Pooling

​Gateway API CRD

​gRPC

​Helm

​HMAC

​IdP

​Ingress

​Internal Endpoint

​CIDR

​JIT provisioning

​JWT

​K8s

​Let’s Encrypt

​MCP

​mTLS

​ngrok Agent

​OAuth

​OIDC

​OWASP

​Point of Presence

​RBAC

​Reverse Proxy

​Service User

​SAML

​SCIM

​Shadow IT

​SSO

​SNI

​TCP-KeepAlive

​TLS Certificate

​TLS Termination

​Traffic Policy

​upstream

​v2

​v3

​WAF

​WebSocket