Skip to main content
The ngrok agent authenticates with an authtoken. Your authtoken is available on the ngrok dashboard. Add your authtoken to the ngrok agent with the following command: 
ngrok config add-authtoken <TOKEN>
This command updates the authtoken property in your ngrok configuration file. Use a separate authtoken for each agent you configure. You can provision additional authtokens on your ngrok dashboard or via API. Separate authtokens isolate the security risk if an authtoken is compromised. It also allows you to configure ACLs on a per agent basis. When you provision a new authtoken, the full token is only displayed once. As a security feature, ngrok does not store a recoverable representation of the token.

Authtoken ACLs

Authtoken ACLs restrict what actions an ngrok agent connecting with that authtoken is allowed to take. You may define multiple ACLs. Authtokens with no ACLs may take all actions. The following ACLs are supported:
ExampleDescription
bind:foo.ngrok.appThe agent may only create an endpoint on foo.ngrok.app
bind:*.example.comThe agent may only create endpoints on subdomains of example.com
bind:foo=barThe agent may create a labeled endpoint with the label foo=bar
bind:app=*The agent may create labeled endpoints with labels like app=x or app=y
bind:*The agent may listen on all endpoints
For more details on authtokens, API keys, and other agent configuration, see the ngrok Agent documentation.