APIKey
api_key_created.v0
Triggers when an API key is created This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique API key resource identifier |
| uri | string | URI to the API resource of this API key |
| description | string | human-readable description of what uses the API key to authenticate. optional, max 255 bytes. |
| metadata | string | arbitrary user-defined data of this API key. optional, max 4096 bytes |
| created_at | string | timestamp when the api key was created, RFC 3339 format |
| token | string | the bearer token that can be placed into the Authorization header to authenticate request to the ngrok API. This value is only available one time, on the API response from key creation. Otherwise it is null. |
| owner_id | string | If supplied at credential creation, ownership will be assigned to the specified User or Bot. Only admins may specify an owner other than themselves. Defaults to the authenticated User or Bot. |
api_key_deleted.v0
Triggers when an API key is deleted This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique API key resource identifier |
| uri | string | URI to the API resource of this API key |
| description | string | human-readable description of what uses the API key to authenticate. optional, max 255 bytes. |
| metadata | string | arbitrary user-defined data of this API key. optional, max 4096 bytes |
| created_at | string | timestamp when the api key was created, RFC 3339 format |
| token | string | the bearer token that can be placed into the Authorization header to authenticate request to the ngrok API. This value is only available one time, on the API response from key creation. Otherwise it is null. |
| owner_id | string | If supplied at credential creation, ownership will be assigned to the specified User or Bot. Only admins may specify an owner other than themselves. Defaults to the authenticated User or Bot. |
api_key_updated.v0
Triggers when an API key is updated This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique API key resource identifier |
| uri | string | URI to the API resource of this API key |
| description | string | human-readable description of what uses the API key to authenticate. optional, max 255 bytes. |
| metadata | string | arbitrary user-defined data of this API key. optional, max 4096 bytes |
| created_at | string | timestamp when the api key was created, RFC 3339 format |
| token | string | the bearer token that can be placed into the Authorization header to authenticate request to the ngrok API. This value is only available one time, on the API response from key creation. Otherwise it is null. |
| owner_id | string | If supplied at credential creation, ownership will be assigned to the specified User or Bot. Only admins may specify an owner other than themselves. Defaults to the authenticated User or Bot. |
AgentSessionEvent
agent_session_start.v0
Triggers when an agent session starts. This event type supports filters and selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | a resource identifier |
| uri | string | a uri for locating a resource |
| id | string | a resource identifier |
| uri | string | a uri for locating a resource |
| agent_ip | string | the ip address from which the agent is connecting |
| ingress_server_ip | string | the ip address of the ingress server to which the agent is connecting |
| region | string | the region of the tunnel server |
| ingress_hostname | string | the hostname of the tunnel server |
| user_agent | string | the user agent provided to the tunnel server by the agent |
| metadata | string | the session metadata provided by the agent on connection |
| os | string | the operating system of the machine on which the agent is running |
| arch | string | the CPU architecture of the machine on which the agent is running |
| transport | string | the transport protocol used internally by the agent “muxado” for agents and agent libraries, “ssh” for reverse SSH tunnels |
| started_at | string | the time at which the session started |
| expires_at | string | the time at which the session expires |
| stopped_at | string | the time at which the session stopped |
| upcoming_minimum_version | string | the upcoming minimum supported agent version |
| upcoming_enforcement_date | string | the date by which the current agent must be upgraded to the upcoming minimum version |
| message | string | additional information about the agent deprecation |
| error | string | on a failed session start, an explanation of the failure on a successful session start, the empty string on a session stop, the reason for the session stop |
agent_session_stop.v0
Triggers when an agent session stops. This event type supports filters and selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | a resource identifier |
| uri | string | a uri for locating a resource |
| id | string | a resource identifier |
| uri | string | a uri for locating a resource |
| agent_ip | string | the ip address from which the agent is connecting |
| ingress_server_ip | string | the ip address of the ingress server to which the agent is connecting |
| region | string | the region of the tunnel server |
| ingress_hostname | string | the hostname of the tunnel server |
| user_agent | string | the user agent provided to the tunnel server by the agent |
| metadata | string | the session metadata provided by the agent on connection |
| os | string | the operating system of the machine on which the agent is running |
| arch | string | the CPU architecture of the machine on which the agent is running |
| transport | string | the transport protocol used internally by the agent “muxado” for agents and agent libraries, “ssh” for reverse SSH tunnels |
| started_at | string | the time at which the session started |
| expires_at | string | the time at which the session expires |
| stopped_at | string | the time at which the session stopped |
| upcoming_minimum_version | string | the upcoming minimum supported agent version |
| upcoming_enforcement_date | string | the date by which the current agent must be upgraded to the upcoming minimum version |
| message | string | additional information about the agent deprecation |
| error | string | on a failed session start, an explanation of the failure on a successful session start, the empty string on a session stop, the reason for the session stop |
CertificateAuthority
certificate_authority_created.v0
Triggers when a certificate authority is created This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique identifier for this Certificate Authority |
| uri | string | URI of the Certificate Authority API resource |
| created_at | string | timestamp when the Certificate Authority was created, RFC 3339 format |
| description | string | human-readable description of this Certificate Authority. optional, max 255 bytes. |
| metadata | string | arbitrary user-defined machine-readable data of this Certificate Authority. optional, max 4096 bytes. |
| ca_pem | string | raw PEM of the Certificate Authority |
| subject_common_name | string | subject common name of the Certificate Authority |
| not_before | string | timestamp when this Certificate Authority becomes valid, RFC 3339 format |
| not_after | string | timestamp when this Certificate Authority becomes invalid, RFC 3339 format |
| key_usages | List<string> | set of actions the private key of this Certificate Authority can be used for |
| extended_key_usages | List<string> | extended set of actions the private key of this Certificate Authority can be used for |
certificate_authority_deleted.v0
Triggers when a certificate authority is deleted This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique identifier for this Certificate Authority |
| uri | string | URI of the Certificate Authority API resource |
| created_at | string | timestamp when the Certificate Authority was created, RFC 3339 format |
| description | string | human-readable description of this Certificate Authority. optional, max 255 bytes. |
| metadata | string | arbitrary user-defined machine-readable data of this Certificate Authority. optional, max 4096 bytes. |
| ca_pem | string | raw PEM of the Certificate Authority |
| subject_common_name | string | subject common name of the Certificate Authority |
| not_before | string | timestamp when this Certificate Authority becomes valid, RFC 3339 format |
| not_after | string | timestamp when this Certificate Authority becomes invalid, RFC 3339 format |
| key_usages | List<string> | set of actions the private key of this Certificate Authority can be used for |
| extended_key_usages | List<string> | extended set of actions the private key of this Certificate Authority can be used for |
certificate_authority_updated.v0
Triggers when a certificate authority is updated This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique identifier for this Certificate Authority |
| uri | string | URI of the Certificate Authority API resource |
| created_at | string | timestamp when the Certificate Authority was created, RFC 3339 format |
| description | string | human-readable description of this Certificate Authority. optional, max 255 bytes. |
| metadata | string | arbitrary user-defined machine-readable data of this Certificate Authority. optional, max 4096 bytes. |
| ca_pem | string | raw PEM of the Certificate Authority |
| subject_common_name | string | subject common name of the Certificate Authority |
| not_before | string | timestamp when this Certificate Authority becomes valid, RFC 3339 format |
| not_after | string | timestamp when this Certificate Authority becomes invalid, RFC 3339 format |
| key_usages | List<string> | set of actions the private key of this Certificate Authority can be used for |
| extended_key_usages | List<string> | extended set of actions the private key of this Certificate Authority can be used for |
Credential
tunnel_credential_created.v0
Triggers when a tunnel credential is created This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique tunnel credential resource identifier |
| uri | string | URI of the tunnel credential API resource |
| created_at | string | timestamp when the tunnel credential was created, RFC 3339 format |
| description | string | human-readable description of who or what will use the credential to authenticate. Optional, max 255 bytes. |
| metadata | string | arbitrary user-defined machine-readable data of this credential. Optional, max 4096 bytes. |
| token | string | the credential’s authtoken that can be used to authenticate an ngrok agent. This value is only available one time, on the API response from credential creation, otherwise it is null. |
| acl | List<string> | optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the bind rule. The bind rule allows the caller to restrict what domains, addresses, and labels the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule bind:example.ngrok.io. Bind rules for domains may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of bind:*.example.com which will allow x.example.com, y.example.com, *.example.com, etc. Bind rules for labels may specify a wildcard key and/or value to match multiple labels. For example, you may specify a rule of bind:*=example which will allow x=example, y=example, etc. A rule of '*' is equivalent to no acl at all and will explicitly permit all actions. |
| owner_id | string | If supplied at credential creation, ownership will be assigned to the specified User or Bot. Only admins may specify an owner other than themselves. Defaults to the authenticated User or Bot. |
tunnel_credential_deleted.v0
Triggers when a tunnel credential is deleted This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique tunnel credential resource identifier |
| uri | string | URI of the tunnel credential API resource |
| created_at | string | timestamp when the tunnel credential was created, RFC 3339 format |
| description | string | human-readable description of who or what will use the credential to authenticate. Optional, max 255 bytes. |
| metadata | string | arbitrary user-defined machine-readable data of this credential. Optional, max 4096 bytes. |
| token | string | the credential’s authtoken that can be used to authenticate an ngrok agent. This value is only available one time, on the API response from credential creation, otherwise it is null. |
| acl | List<string> | optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the bind rule. The bind rule allows the caller to restrict what domains, addresses, and labels the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule bind:example.ngrok.io. Bind rules for domains may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of bind:*.example.com which will allow x.example.com, y.example.com, *.example.com, etc. Bind rules for labels may specify a wildcard key and/or value to match multiple labels. For example, you may specify a rule of bind:*=example which will allow x=example, y=example, etc. A rule of '*' is equivalent to no acl at all and will explicitly permit all actions. |
| owner_id | string | If supplied at credential creation, ownership will be assigned to the specified User or Bot. Only admins may specify an owner other than themselves. Defaults to the authenticated User or Bot. |
tunnel_credential_updated.v0
Triggers when a tunnel credential is updated This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique tunnel credential resource identifier |
| uri | string | URI of the tunnel credential API resource |
| created_at | string | timestamp when the tunnel credential was created, RFC 3339 format |
| description | string | human-readable description of who or what will use the credential to authenticate. Optional, max 255 bytes. |
| metadata | string | arbitrary user-defined machine-readable data of this credential. Optional, max 4096 bytes. |
| token | string | the credential’s authtoken that can be used to authenticate an ngrok agent. This value is only available one time, on the API response from credential creation, otherwise it is null. |
| acl | List<string> | optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the bind rule. The bind rule allows the caller to restrict what domains, addresses, and labels the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule bind:example.ngrok.io. Bind rules for domains may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of bind:*.example.com which will allow x.example.com, y.example.com, *.example.com, etc. Bind rules for labels may specify a wildcard key and/or value to match multiple labels. For example, you may specify a rule of bind:*=example which will allow x=example, y=example, etc. A rule of '*' is equivalent to no acl at all and will explicitly permit all actions. |
| owner_id | string | If supplied at credential creation, ownership will be assigned to the specified User or Bot. Only admins may specify an owner other than themselves. Defaults to the authenticated User or Bot. |
EventDestination
event_destination_created.v0
Triggers when an Event Destination is created This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | Unique identifier for this Event Destination. |
| metadata | string | Arbitrary user-defined machine-readable data of this Event Destination. Optional, max 4096 bytes. |
| created_at | string | Timestamp when the Event Destination was created, RFC 3339 format. |
| description | string | Human-readable description of the Event Destination. Optional, max 255 bytes. |
| format | string | The output format you would like to serialize events into when sending to their target. Currently the only accepted value is JSON. |
| role_arn | string | An ARN that specifies the role that ngrok should use to deliver to the configured target. |
| aws_access_key_id | string | The ID portion of an AWS access key. |
| aws_secret_access_key | string | The secret portion of an AWS access key. |
| delivery_stream_arn | string | An Amazon Resource Name specifying the Firehose delivery stream to deposit events into. |
| role_arn | string | An ARN that specifies the role that ngrok should use to deliver to the configured target. |
| aws_access_key_id | string | The ID portion of an AWS access key. |
| aws_secret_access_key | string | The secret portion of an AWS access key. |
| stream_arn | string | An Amazon Resource Name specifying the Kinesis stream to deposit events into. |
| role_arn | string | An ARN that specifies the role that ngrok should use to deliver to the configured target. |
| aws_access_key_id | string | The ID portion of an AWS access key. |
| aws_secret_access_key | string | The secret portion of an AWS access key. |
| log_group_arn | string | An Amazon Resource Name specifying the CloudWatch Logs group to deposit events into. |
| api_key | string | Datadog API key to use. |
| ddtags | string | Tags to send with the event. |
| service | string | Service name to send with the event. |
| ddsite | string | Datadog site to send event to. |
| tenant_id | string | Tenant ID for the Azure account |
| client_id | string | Client ID for the application client |
| client_secret | string | Client Secret for the application client |
| logs_ingestion_uri | string | Data collection endpoint logs ingestion URI |
| data_collection_rule_id | string | Data collection rule immutable ID |
| data_collection_stream_name | string | Data collection stream name to use as destination, located inside the DCR |
| uri | string | URI of the Event Destination API resource. |
event_destination_deleted.v0
Triggers when an Event Destination is deleted This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | Unique identifier for this Event Destination. |
| metadata | string | Arbitrary user-defined machine-readable data of this Event Destination. Optional, max 4096 bytes. |
| created_at | string | Timestamp when the Event Destination was created, RFC 3339 format. |
| description | string | Human-readable description of the Event Destination. Optional, max 255 bytes. |
| format | string | The output format you would like to serialize events into when sending to their target. Currently the only accepted value is JSON. |
| role_arn | string | An ARN that specifies the role that ngrok should use to deliver to the configured target. |
| aws_access_key_id | string | The ID portion of an AWS access key. |
| aws_secret_access_key | string | The secret portion of an AWS access key. |
| delivery_stream_arn | string | An Amazon Resource Name specifying the Firehose delivery stream to deposit events into. |
| role_arn | string | An ARN that specifies the role that ngrok should use to deliver to the configured target. |
| aws_access_key_id | string | The ID portion of an AWS access key. |
| aws_secret_access_key | string | The secret portion of an AWS access key. |
| stream_arn | string | An Amazon Resource Name specifying the Kinesis stream to deposit events into. |
| role_arn | string | An ARN that specifies the role that ngrok should use to deliver to the configured target. |
| aws_access_key_id | string | The ID portion of an AWS access key. |
| aws_secret_access_key | string | The secret portion of an AWS access key. |
| log_group_arn | string | An Amazon Resource Name specifying the CloudWatch Logs group to deposit events into. |
| api_key | string | Datadog API key to use. |
| ddtags | string | Tags to send with the event. |
| service | string | Service name to send with the event. |
| ddsite | string | Datadog site to send event to. |
| tenant_id | string | Tenant ID for the Azure account |
| client_id | string | Client ID for the application client |
| client_secret | string | Client Secret for the application client |
| logs_ingestion_uri | string | Data collection endpoint logs ingestion URI |
| data_collection_rule_id | string | Data collection rule immutable ID |
| data_collection_stream_name | string | Data collection stream name to use as destination, located inside the DCR |
| uri | string | URI of the Event Destination API resource. |
event_destination_updated.v0
Triggers when an Event Destination is updated This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | Unique identifier for this Event Destination. |
| metadata | string | Arbitrary user-defined machine-readable data of this Event Destination. Optional, max 4096 bytes. |
| created_at | string | Timestamp when the Event Destination was created, RFC 3339 format. |
| description | string | Human-readable description of the Event Destination. Optional, max 255 bytes. |
| format | string | The output format you would like to serialize events into when sending to their target. Currently the only accepted value is JSON. |
| role_arn | string | An ARN that specifies the role that ngrok should use to deliver to the configured target. |
| aws_access_key_id | string | The ID portion of an AWS access key. |
| aws_secret_access_key | string | The secret portion of an AWS access key. |
| delivery_stream_arn | string | An Amazon Resource Name specifying the Firehose delivery stream to deposit events into. |
| role_arn | string | An ARN that specifies the role that ngrok should use to deliver to the configured target. |
| aws_access_key_id | string | The ID portion of an AWS access key. |
| aws_secret_access_key | string | The secret portion of an AWS access key. |
| stream_arn | string | An Amazon Resource Name specifying the Kinesis stream to deposit events into. |
| role_arn | string | An ARN that specifies the role that ngrok should use to deliver to the configured target. |
| aws_access_key_id | string | The ID portion of an AWS access key. |
| aws_secret_access_key | string | The secret portion of an AWS access key. |
| log_group_arn | string | An Amazon Resource Name specifying the CloudWatch Logs group to deposit events into. |
| api_key | string | Datadog API key to use. |
| ddtags | string | Tags to send with the event. |
| service | string | Service name to send with the event. |
| ddsite | string | Datadog site to send event to. |
| tenant_id | string | Tenant ID for the Azure account |
| client_id | string | Client ID for the application client |
| client_secret | string | Client Secret for the application client |
| logs_ingestion_uri | string | Data collection endpoint logs ingestion URI |
| data_collection_rule_id | string | Data collection rule immutable ID |
| data_collection_stream_name | string | Data collection stream name to use as destination, located inside the DCR |
| uri | string | URI of the Event Destination API resource. |
EventSubscription
event_subscription_created.v0
Triggers when an Event Subscription is created This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | Unique identifier for this Event Subscription. |
| uri | string | URI of the Event Subscription API resource. |
| created_at | string | When the Event Subscription was created (RFC 3339 format). |
| metadata | string | Arbitrary customer supplied information intended to be machine readable. Optional, max 4096 chars. |
| description | string | Arbitrary customer supplied information intended to be human readable. Optional, max 255 chars. |
| type | string | Type of event for which an event subscription will trigger |
| uri | string | URI of the Event Source API resource. |
| id | string | a resource identifier |
| uri | string | a uri for locating a resource |
event_subscription_deleted.v0
Triggers when an Event Subscription is deleted This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | Unique identifier for this Event Subscription. |
| uri | string | URI of the Event Subscription API resource. |
| created_at | string | When the Event Subscription was created (RFC 3339 format). |
| metadata | string | Arbitrary customer supplied information intended to be machine readable. Optional, max 4096 chars. |
| description | string | Arbitrary customer supplied information intended to be human readable. Optional, max 255 chars. |
| type | string | Type of event for which an event subscription will trigger |
| uri | string | URI of the Event Source API resource. |
| id | string | a resource identifier |
| uri | string | a uri for locating a resource |
event_subscription_updated.v0
Triggers when an Event Subscription is updated This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | Unique identifier for this Event Subscription. |
| uri | string | URI of the Event Subscription API resource. |
| created_at | string | When the Event Subscription was created (RFC 3339 format). |
| metadata | string | Arbitrary customer supplied information intended to be machine readable. Optional, max 4096 chars. |
| description | string | Arbitrary customer supplied information intended to be human readable. Optional, max 255 chars. |
| type | string | Type of event for which an event subscription will trigger |
| uri | string | URI of the Event Source API resource. |
| id | string | a resource identifier |
| uri | string | a uri for locating a resource |
HTTP Request Complete
http_request_complete.v0
Triggers when an HTTP request completes. This event type supports filters and selectable fields.| Name | Type | Description | Filterable? |
|---|---|---|---|
| backend.connection_reused | bool | True if ngrok reused a TCP connection to transmit the HTTP request to the upstream service. | |
| basic_auth.decision | string | ’allow’ if the Basic Auth module permitted the request to the upstream service, otherwise ‘block’ | |
| basic_auth.username | string | The username in the HTTP basic auth credentials | |
| circuit_breaker.decision | string | Whether the HTTP request was sent to the upstream service. ‘allow’ if the breaker was closed, ‘block’ if the breaker was open, ‘allow_while_open’ if the request was allowed while the breaker is open | |
| compression.algorithm | string | The compression algorithm used to encode responses from the endpoint. Either ‘gzip’, ‘deflate’, or ‘none’. | |
| compression.bytes_saved | int64 | The difference between the size of the raw response and the size of the response as compressed by the Compression Module | |
| conn.client_ip | string | The source IP of the TCP connection to the ngrok edge | Yes |
| conn.server_ip | string | The IP address of the server that received the request | Yes |
| conn.server_name | string | The hostname associated with this connection. | Yes |
| conn.server_port | int32 | The port that the connection for this request came in on | Yes |
| conn.start_ts | timestamp | The timestamp when the TCP connection to the ngrok edge is established | |
| http.request.body_length | int64 | The size of the request body in bytes | |
| http.request.headers | Map<string, List<string>> | A map of normalized headers from the requesting client. Header keys are capitalized and header values are lowercased. | |
| http.request.method | string | The request method, normalized to lowercase | |
| http.request.url.host | string | The host component of the request URL | |
| http.request.url.path | string | The path component of the request URL | |
| http.request.url.query | string | The query string component of the request URL | |
| http.request.url.raw | string | The full URL of the request including scheme, host, path, and query string | |
| http.request.url.scheme | string | The scheme component of the request URL | |
| http.request.user_agent | string | The value of the User-Agent header in the request received by ngrok edge | |
| http.response.body_length | int64 | The size of the response body in bytes | |
| http.response.headers | Map<string, List<string>> | A map of normalized response headers. Header keys are capitalized and header values are lowercased. | |
| http.response.status_code | int32 | The status code of the response returned by the ngrok edge | |
| ip_policy.decision | string | ’allow’ if IP Policy module permitted the request to the upstream service, ‘block’ otherwise | |
| ja4_fingerprint | string | The JA4 fingerprint of the client TLS handshake | |
| oauth.app_client_id | string | The OAuth application client ID | |
| oauth.decision | string | ’allow’ if the OAuth module permitted the request to the upstream service, ‘block’ otherwise | |
| oauth.user.id | string | The authenticated user’s ID returned by the OAuth provider | |
| oauth.user.name | string | The authenticated user’s name returned by the OAuth provider | |
| tls.cipher_suite | string | The cipher suite selected during the TLS handshake | |
| tls.client_cert.serial_number | string | The serial number of the client’s leaf TLS certificate in the Mutual TLS handshake | |
| tls.client_cert.subject.cn | string | The subject common name of the client’s leaf TLS certificate in the Mutual TLS handshake | |
| tls.version | string | The version of the TLS protocol used between the client and the ngrok edge | |
| traffic_policy.logs | List<Map<string, string>> | Logs collected from the log action in a Traffic Policy | |
| webhook_verification.decision | string | ’allow’ if the Webhook Verification module permitted the request to the upstream service, ‘block’ otherwise |
IPPolicy
ip_policy_created.v0
Triggers when an IP Policy is created This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique identifier for this IP policy |
| uri | string | URI of the IP Policy API resource |
| created_at | string | timestamp when the IP policy was created, RFC 3339 format |
| description | string | human-readable description of the source IPs of this IP policy. optional, max 255 bytes. |
| metadata | string | arbitrary user-defined machine-readable data of this IP policy. optional, max 4096 bytes. |
ip_policy_deleted.v0
Triggers when an IP Policy is deleted This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique identifier for this IP policy |
| uri | string | URI of the IP Policy API resource |
| created_at | string | timestamp when the IP policy was created, RFC 3339 format |
| description | string | human-readable description of the source IPs of this IP policy. optional, max 255 bytes. |
| metadata | string | arbitrary user-defined machine-readable data of this IP policy. optional, max 4096 bytes. |
ip_policy_updated.v0
Triggers when an IP Policy is updated This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique identifier for this IP policy |
| uri | string | URI of the IP Policy API resource |
| created_at | string | timestamp when the IP policy was created, RFC 3339 format |
| description | string | human-readable description of the source IPs of this IP policy. optional, max 255 bytes. |
| metadata | string | arbitrary user-defined machine-readable data of this IP policy. optional, max 4096 bytes. |
IPPolicyRule
ip_policy_rule_created.v0
Triggers when an IP Policy Rule is created This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique identifier for this IP policy rule |
| uri | string | URI of the IP policy rule API resource |
| created_at | string | timestamp when the IP policy rule was created, RFC 3339 format |
| description | string | human-readable description of the source IPs of this IP rule. optional, max 255 bytes. |
| metadata | string | arbitrary user-defined machine-readable data of this IP policy rule. optional, max 4096 bytes. |
| cidr | string | an IP or IP range specified in CIDR notation. IPv4 and IPv6 are both supported. |
| id | string | a resource identifier |
| uri | string | a uri for locating a resource |
| action | string | the action to apply to the policy rule, either allow or deny |
ip_policy_rule_deleted.v0
Triggers when an IP Policy Rule is deleted This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique identifier for this IP policy rule |
| uri | string | URI of the IP policy rule API resource |
| created_at | string | timestamp when the IP policy rule was created, RFC 3339 format |
| description | string | human-readable description of the source IPs of this IP rule. optional, max 255 bytes. |
| metadata | string | arbitrary user-defined machine-readable data of this IP policy rule. optional, max 4096 bytes. |
| cidr | string | an IP or IP range specified in CIDR notation. IPv4 and IPv6 are both supported. |
| id | string | a resource identifier |
| uri | string | a uri for locating a resource |
| action | string | the action to apply to the policy rule, either allow or deny |
ip_policy_rule_updated.v0
Triggers when an IP Policy Rule is updated This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique identifier for this IP policy rule |
| uri | string | URI of the IP policy rule API resource |
| created_at | string | timestamp when the IP policy rule was created, RFC 3339 format |
| description | string | human-readable description of the source IPs of this IP rule. optional, max 255 bytes. |
| metadata | string | arbitrary user-defined machine-readable data of this IP policy rule. optional, max 4096 bytes. |
| cidr | string | an IP or IP range specified in CIDR notation. IPv4 and IPv6 are both supported. |
| id | string | a resource identifier |
| uri | string | a uri for locating a resource |
| action | string | the action to apply to the policy rule, either allow or deny |
IPRestriction
ip_restriction_created.v0
Triggers when an IP Restriction is created This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique identifier for this IP restriction |
| uri | string | URI of the IP restriction API resource |
| created_at | string | timestamp when the IP restriction was created, RFC 3339 format |
| description | string | human-readable description of this IP restriction. optional, max 255 bytes. |
| metadata | string | arbitrary user-defined machine-readable data of this IP restriction. optional, max 4096 bytes. |
| enforced | boolean | true if the IP restriction will be enforced. if false, only warnings will be issued |
| type | string | the type of IP restriction. this defines what traffic will be restricted with the attached policies. four values are currently supported: dashboard, api, agent, and endpoints |
| id | string | a resource identifier |
| uri | string | a uri for locating a resource |
ip_restriction_deleted.v0
Triggers when an IP Restriction is deleted This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique identifier for this IP restriction |
| uri | string | URI of the IP restriction API resource |
| created_at | string | timestamp when the IP restriction was created, RFC 3339 format |
| description | string | human-readable description of this IP restriction. optional, max 255 bytes. |
| metadata | string | arbitrary user-defined machine-readable data of this IP restriction. optional, max 4096 bytes. |
| enforced | boolean | true if the IP restriction will be enforced. if false, only warnings will be issued |
| type | string | the type of IP restriction. this defines what traffic will be restricted with the attached policies. four values are currently supported: dashboard, api, agent, and endpoints |
| id | string | a resource identifier |
| uri | string | a uri for locating a resource |
ip_restriction_updated.v0
Triggers when an IP Restriction is updated This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique identifier for this IP restriction |
| uri | string | URI of the IP restriction API resource |
| created_at | string | timestamp when the IP restriction was created, RFC 3339 format |
| description | string | human-readable description of this IP restriction. optional, max 255 bytes. |
| metadata | string | arbitrary user-defined machine-readable data of this IP restriction. optional, max 4096 bytes. |
| enforced | boolean | true if the IP restriction will be enforced. if false, only warnings will be issued |
| type | string | the type of IP restriction. this defines what traffic will be restricted with the attached policies. four values are currently supported: dashboard, api, agent, and endpoints |
| id | string | a resource identifier |
| uri | string | a uri for locating a resource |
ReservedAddr
tcp_address_created.v0
Triggers when a TCP address is created This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique reserved address resource identifier |
| uri | string | URI of the reserved address API resource |
| created_at | string | timestamp when the reserved address was created, RFC 3339 format |
| description | string | human-readable description of what this reserved address will be used for |
| metadata | string | arbitrary user-defined machine-readable data of this reserved address. Optional, max 4096 bytes. |
| addr | string | hostname:port of the reserved address that was assigned at creation time |
| region | string | reserve the address in this geographic ngrok datacenter. Optional, default is us. (au, eu, ap, us, jp, in, sa) |
tcp_address_deleted.v0
Triggers when a TCP address is deleted This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique reserved address resource identifier |
| uri | string | URI of the reserved address API resource |
| created_at | string | timestamp when the reserved address was created, RFC 3339 format |
| description | string | human-readable description of what this reserved address will be used for |
| metadata | string | arbitrary user-defined machine-readable data of this reserved address. Optional, max 4096 bytes. |
| addr | string | hostname:port of the reserved address that was assigned at creation time |
| region | string | reserve the address in this geographic ngrok datacenter. Optional, default is us. (au, eu, ap, us, jp, in, sa) |
tcp_address_updated.v0
Triggers when a TCP address is updated This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique reserved address resource identifier |
| uri | string | URI of the reserved address API resource |
| created_at | string | timestamp when the reserved address was created, RFC 3339 format |
| description | string | human-readable description of what this reserved address will be used for |
| metadata | string | arbitrary user-defined machine-readable data of this reserved address. Optional, max 4096 bytes. |
| addr | string | hostname:port of the reserved address that was assigned at creation time |
| region | string | reserve the address in this geographic ngrok datacenter. Optional, default is us. (au, eu, ap, us, jp, in, sa) |
ReservedDomain
domain_created.v0
Triggers when a domain is created This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique reserved domain resource identifier |
| uri | string | URI of the reserved domain API resource |
| created_at | string | timestamp when the reserved domain was created, RFC 3339 format |
| description | string | human-readable description of what this reserved domain will be used for |
| metadata | string | arbitrary user-defined machine-readable data of this reserved domain. Optional, max 4096 bytes. |
| domain | string | hostname of the reserved domain |
| region | string | deprecated: With the launch of the ngrok Global Network domains traffic is now handled globally. This field applied only to endpoints. Note that agents may still connect to specific regions. Optional, null by default. (au, eu, ap, us, jp, in, sa) |
| cname_target | string | DNS CNAME target for a custom hostname, or null if the reserved domain is a subdomain of an ngrok owned domain (e.g. *.ngrok.app) |
| id | string | a resource identifier |
| uri | string | a uri for locating a resource |
| authority | string | certificate authority to request certificates from. The only supported value is letsencrypt. |
| private_key_type | string | type of private key to use when requesting certificates. Defaults to ecdsa, can be either rsa or ecdsa. |
| renews_at | string | timestamp when the next renewal will be requested, RFC 3339 format |
| error_code | string | if present, an error code indicating why provisioning is failing. It may be either a temporary condition (INTERNAL_ERROR), or a permanent one the user must correct (DNS_ERROR). |
| msg | string | a message describing the current status or error |
| started_at | string | timestamp when the provisioning job started, RFC 3339 format |
| retries_at | string | timestamp when the provisioning job will be retried |
| acme_challenge_cname_target | string | DNS CNAME target for the host _acme-challenge.example.com, where example.com is your reserved domain name. This is required to issue certificates for wildcard, non-ngrok reserved domains. Must be null for non-wildcard domains and ngrok subdomains. |
domain_deleted.v0
Triggers when a domain is deleted This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique reserved domain resource identifier |
| uri | string | URI of the reserved domain API resource |
| created_at | string | timestamp when the reserved domain was created, RFC 3339 format |
| description | string | human-readable description of what this reserved domain will be used for |
| metadata | string | arbitrary user-defined machine-readable data of this reserved domain. Optional, max 4096 bytes. |
| domain | string | hostname of the reserved domain |
| region | string | deprecated: With the launch of the ngrok Global Network domains traffic is now handled globally. This field applied only to endpoints. Note that agents may still connect to specific regions. Optional, null by default. (au, eu, ap, us, jp, in, sa) |
| cname_target | string | DNS CNAME target for a custom hostname, or null if the reserved domain is a subdomain of an ngrok owned domain (e.g. *.ngrok.app) |
| id | string | a resource identifier |
| uri | string | a uri for locating a resource |
| authority | string | certificate authority to request certificates from. The only supported value is letsencrypt. |
| private_key_type | string | type of private key to use when requesting certificates. Defaults to ecdsa, can be either rsa or ecdsa. |
| renews_at | string | timestamp when the next renewal will be requested, RFC 3339 format |
| error_code | string | if present, an error code indicating why provisioning is failing. It may be either a temporary condition (INTERNAL_ERROR), or a permanent one the user must correct (DNS_ERROR). |
| msg | string | a message describing the current status or error |
| started_at | string | timestamp when the provisioning job started, RFC 3339 format |
| retries_at | string | timestamp when the provisioning job will be retried |
| acme_challenge_cname_target | string | DNS CNAME target for the host _acme-challenge.example.com, where example.com is your reserved domain name. This is required to issue certificates for wildcard, non-ngrok reserved domains. Must be null for non-wildcard domains and ngrok subdomains. |
domain_updated.v0
Triggers when a domain is updated This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique reserved domain resource identifier |
| uri | string | URI of the reserved domain API resource |
| created_at | string | timestamp when the reserved domain was created, RFC 3339 format |
| description | string | human-readable description of what this reserved domain will be used for |
| metadata | string | arbitrary user-defined machine-readable data of this reserved domain. Optional, max 4096 bytes. |
| domain | string | hostname of the reserved domain |
| region | string | deprecated: With the launch of the ngrok Global Network domains traffic is now handled globally. This field applied only to endpoints. Note that agents may still connect to specific regions. Optional, null by default. (au, eu, ap, us, jp, in, sa) |
| cname_target | string | DNS CNAME target for a custom hostname, or null if the reserved domain is a subdomain of an ngrok owned domain (e.g. *.ngrok.app) |
| id | string | a resource identifier |
| uri | string | a uri for locating a resource |
| authority | string | certificate authority to request certificates from. The only supported value is letsencrypt. |
| private_key_type | string | type of private key to use when requesting certificates. Defaults to ecdsa, can be either rsa or ecdsa. |
| renews_at | string | timestamp when the next renewal will be requested, RFC 3339 format |
| error_code | string | if present, an error code indicating why provisioning is failing. It may be either a temporary condition (INTERNAL_ERROR), or a permanent one the user must correct (DNS_ERROR). |
| msg | string | a message describing the current status or error |
| started_at | string | timestamp when the provisioning job started, RFC 3339 format |
| retries_at | string | timestamp when the provisioning job will be retried |
| acme_challenge_cname_target | string | DNS CNAME target for the host _acme-challenge.example.com, where example.com is your reserved domain name. This is required to issue certificates for wildcard, non-ngrok reserved domains. Must be null for non-wildcard domains and ngrok subdomains. |
SSHCertificateAuthority
ssh_certificate_authority_created.v0
Triggers when an SSH certificate authority is created This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique identifier for this SSH Certificate Authority |
| uri | string | URI of the SSH Certificate Authority API resource |
| created_at | string | timestamp when the SSH Certificate Authority API resource was created, RFC 3339 format |
| description | string | human-readable description of this SSH Certificate Authority. optional, max 255 bytes. |
| metadata | string | arbitrary user-defined machine-readable data of this SSH Certificate Authority. optional, max 4096 bytes. |
| public_key | string | raw public key for this SSH Certificate Authority |
| key_type | string | the type of private key for this SSH Certificate Authority |
ssh_certificate_authority_deleted.v0
Triggers when an SSH certificate authority is deleted This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique identifier for this SSH Certificate Authority |
| uri | string | URI of the SSH Certificate Authority API resource |
| created_at | string | timestamp when the SSH Certificate Authority API resource was created, RFC 3339 format |
| description | string | human-readable description of this SSH Certificate Authority. optional, max 255 bytes. |
| metadata | string | arbitrary user-defined machine-readable data of this SSH Certificate Authority. optional, max 4096 bytes. |
| public_key | string | raw public key for this SSH Certificate Authority |
| key_type | string | the type of private key for this SSH Certificate Authority |
ssh_certificate_authority_updated.v0
Triggers when an SSH certificate authority is updated This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique identifier for this SSH Certificate Authority |
| uri | string | URI of the SSH Certificate Authority API resource |
| created_at | string | timestamp when the SSH Certificate Authority API resource was created, RFC 3339 format |
| description | string | human-readable description of this SSH Certificate Authority. optional, max 255 bytes. |
| metadata | string | arbitrary user-defined machine-readable data of this SSH Certificate Authority. optional, max 4096 bytes. |
| public_key | string | raw public key for this SSH Certificate Authority |
| key_type | string | the type of private key for this SSH Certificate Authority |
SSHCredential
ssh_public_key_created.v0
Triggers when an SSH public key is created This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique ssh credential resource identifier |
| uri | string | URI of the ssh credential API resource |
| created_at | string | timestamp when the ssh credential was created, RFC 3339 format |
| description | string | human-readable description of who or what will use the ssh credential to authenticate. Optional, max 255 bytes. |
| metadata | string | arbitrary user-defined machine-readable data of this ssh credential. Optional, max 4096 bytes. |
| public_key | string | the PEM-encoded public key of the SSH keypair that will be used to authenticate |
| acl | List<string> | optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the bind rule. The bind rule allows the caller to restrict what domains, addresses, and labels the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule bind:example.ngrok.io. Bind rules for domains may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of bind:*.example.com which will allow x.example.com, y.example.com, *.example.com, etc. Bind rules for labels may specify a wildcard key and/or value to match multiple labels. For example, you may specify a rule of bind:*=example which will allow x=example, y=example, etc. A rule of '*' is equivalent to no acl at all and will explicitly permit all actions. |
| owner_id | string | If supplied at credential creation, ownership will be assigned to the specified User or Bot. Only admins may specify an owner other than themselves. Defaults to the authenticated User or Bot. |
ssh_public_key_deleted.v0
Triggers when an SSH public key is deleted This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique ssh credential resource identifier |
| uri | string | URI of the ssh credential API resource |
| created_at | string | timestamp when the ssh credential was created, RFC 3339 format |
| description | string | human-readable description of who or what will use the ssh credential to authenticate. Optional, max 255 bytes. |
| metadata | string | arbitrary user-defined machine-readable data of this ssh credential. Optional, max 4096 bytes. |
| public_key | string | the PEM-encoded public key of the SSH keypair that will be used to authenticate |
| acl | List<string> | optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the bind rule. The bind rule allows the caller to restrict what domains, addresses, and labels the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule bind:example.ngrok.io. Bind rules for domains may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of bind:*.example.com which will allow x.example.com, y.example.com, *.example.com, etc. Bind rules for labels may specify a wildcard key and/or value to match multiple labels. For example, you may specify a rule of bind:*=example which will allow x=example, y=example, etc. A rule of '*' is equivalent to no acl at all and will explicitly permit all actions. |
| owner_id | string | If supplied at credential creation, ownership will be assigned to the specified User or Bot. Only admins may specify an owner other than themselves. Defaults to the authenticated User or Bot. |
ssh_public_key_updated.v0
Triggers when an SSH public key is updated This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique ssh credential resource identifier |
| uri | string | URI of the ssh credential API resource |
| created_at | string | timestamp when the ssh credential was created, RFC 3339 format |
| description | string | human-readable description of who or what will use the ssh credential to authenticate. Optional, max 255 bytes. |
| metadata | string | arbitrary user-defined machine-readable data of this ssh credential. Optional, max 4096 bytes. |
| public_key | string | the PEM-encoded public key of the SSH keypair that will be used to authenticate |
| acl | List<string> | optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the bind rule. The bind rule allows the caller to restrict what domains, addresses, and labels the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule bind:example.ngrok.io. Bind rules for domains may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of bind:*.example.com which will allow x.example.com, y.example.com, *.example.com, etc. Bind rules for labels may specify a wildcard key and/or value to match multiple labels. For example, you may specify a rule of bind:*=example which will allow x=example, y=example, etc. A rule of '*' is equivalent to no acl at all and will explicitly permit all actions. |
| owner_id | string | If supplied at credential creation, ownership will be assigned to the specified User or Bot. Only admins may specify an owner other than themselves. Defaults to the authenticated User or Bot. |
SSHHostCertificate
ssh_host_certificate_created.v0
Triggers when an SSH host certificate is created This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique identifier for this SSH Host Certificate |
| uri | string | URI of the SSH Host Certificate API resource |
| created_at | string | timestamp when the SSH Host Certificate API resource was created, RFC 3339 format |
| description | string | human-readable description of this SSH Host Certificate. optional, max 255 bytes. |
| metadata | string | arbitrary user-defined machine-readable data of this SSH Host Certificate. optional, max 4096 bytes. |
| public_key | string | a public key in OpenSSH Authorized Keys format that this certificate signs |
| key_type | string | the key type of the public_key, one of rsa, ecdsa or ed25519 |
| ssh_certificate_authority_id | string | the ssh certificate authority that is used to sign this ssh host certificate |
| principals | List<string> | the list of principals included in the ssh host certificate. This is the list of hostnames and/or IP addresses that are authorized to serve SSH traffic with this certificate. Dangerously, if no principals are specified, this certificate is considered valid for all hosts. |
| valid_after | string | the time when the ssh host certificate becomes valid, in RFC 3339 format. |
| valid_until | string | the time after which the ssh host certificate becomes invalid, in RFC 3339 format. the OpenSSH certificates RFC calls this valid_before. |
| certificate | string | the signed SSH certificate in OpenSSH Authorized Keys format. this value should be placed in a -cert.pub certificate file on disk that should be referenced in your sshd_config configuration file with a HostCertificate directive |
ssh_host_certificate_deleted.v0
Triggers when an SSH host certificate is deleted This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique identifier for this SSH Host Certificate |
| uri | string | URI of the SSH Host Certificate API resource |
| created_at | string | timestamp when the SSH Host Certificate API resource was created, RFC 3339 format |
| description | string | human-readable description of this SSH Host Certificate. optional, max 255 bytes. |
| metadata | string | arbitrary user-defined machine-readable data of this SSH Host Certificate. optional, max 4096 bytes. |
| public_key | string | a public key in OpenSSH Authorized Keys format that this certificate signs |
| key_type | string | the key type of the public_key, one of rsa, ecdsa or ed25519 |
| ssh_certificate_authority_id | string | the ssh certificate authority that is used to sign this ssh host certificate |
| principals | List<string> | the list of principals included in the ssh host certificate. This is the list of hostnames and/or IP addresses that are authorized to serve SSH traffic with this certificate. Dangerously, if no principals are specified, this certificate is considered valid for all hosts. |
| valid_after | string | the time when the ssh host certificate becomes valid, in RFC 3339 format. |
| valid_until | string | the time after which the ssh host certificate becomes invalid, in RFC 3339 format. the OpenSSH certificates RFC calls this valid_before. |
| certificate | string | the signed SSH certificate in OpenSSH Authorized Keys format. this value should be placed in a -cert.pub certificate file on disk that should be referenced in your sshd_config configuration file with a HostCertificate directive |
ssh_host_certificate_updated.v0
Triggers when an SSH host certificate is updated This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique identifier for this SSH Host Certificate |
| uri | string | URI of the SSH Host Certificate API resource |
| created_at | string | timestamp when the SSH Host Certificate API resource was created, RFC 3339 format |
| description | string | human-readable description of this SSH Host Certificate. optional, max 255 bytes. |
| metadata | string | arbitrary user-defined machine-readable data of this SSH Host Certificate. optional, max 4096 bytes. |
| public_key | string | a public key in OpenSSH Authorized Keys format that this certificate signs |
| key_type | string | the key type of the public_key, one of rsa, ecdsa or ed25519 |
| ssh_certificate_authority_id | string | the ssh certificate authority that is used to sign this ssh host certificate |
| principals | List<string> | the list of principals included in the ssh host certificate. This is the list of hostnames and/or IP addresses that are authorized to serve SSH traffic with this certificate. Dangerously, if no principals are specified, this certificate is considered valid for all hosts. |
| valid_after | string | the time when the ssh host certificate becomes valid, in RFC 3339 format. |
| valid_until | string | the time after which the ssh host certificate becomes invalid, in RFC 3339 format. the OpenSSH certificates RFC calls this valid_before. |
| certificate | string | the signed SSH certificate in OpenSSH Authorized Keys format. this value should be placed in a -cert.pub certificate file on disk that should be referenced in your sshd_config configuration file with a HostCertificate directive |
SSHUserCertificate
ssh_user_certificate_created.v0
Triggers when an SSH user certificate is created This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique identifier for this SSH User Certificate |
| uri | string | URI of the SSH User Certificate API resource |
| created_at | string | timestamp when the SSH User Certificate API resource was created, RFC 3339 format |
| description | string | human-readable description of this SSH User Certificate. optional, max 255 bytes. |
| metadata | string | arbitrary user-defined machine-readable data of this SSH User Certificate. optional, max 4096 bytes. |
| public_key | string | a public key in OpenSSH Authorized Keys format that this certificate signs |
| key_type | string | the key type of the public_key, one of rsa, ecdsa or ed25519 |
| ssh_certificate_authority_id | string | the ssh certificate authority that is used to sign this ssh user certificate |
| principals | List<string> | the list of principals included in the ssh user certificate. This is the list of usernames that the certificate holder may sign in as on a machine authorizing the signing certificate authority. Dangerously, if no principals are specified, this certificate may be used to log in as any user. |
| critical_options | Map<string, string> | A map of critical options included in the certificate. Only two critical options are currently defined by OpenSSH: force-command and source-address. See the OpenSSH certificate protocol spec for additional details. |
| extensions | Map<string, string> | A map of extensions included in the certificate. Extensions are additional metadata that can be interpreted by the SSH server for any purpose. These can be used to permit or deny the ability to open a terminal, do port forwarding, x11 forwarding, and more. If unspecified, the certificate will include limited permissions with the following extension map: {"permit-pty": "", "permit-user-rc": ""} OpenSSH understands a number of predefined extensions. See the OpenSSH certificate protocol spec for additional details. |
| valid_after | string | the time when the ssh host certificate becomes valid, in RFC 3339 format. |
| valid_until | string | the time after which the ssh host certificate becomes invalid, in RFC 3339 format. the OpenSSH certificates RFC calls this valid_before. |
| certificate | string | the signed SSH certificate in OpenSSH Authorized Keys Format. this value should be placed in a -cert.pub certificate file on disk that should be referenced in your sshd_config configuration file with a HostCertificate directive |
ssh_user_certificate_deleted.v0
Triggers when an SSH user certificate is deleted This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique identifier for this SSH User Certificate |
| uri | string | URI of the SSH User Certificate API resource |
| created_at | string | timestamp when the SSH User Certificate API resource was created, RFC 3339 format |
| description | string | human-readable description of this SSH User Certificate. optional, max 255 bytes. |
| metadata | string | arbitrary user-defined machine-readable data of this SSH User Certificate. optional, max 4096 bytes. |
| public_key | string | a public key in OpenSSH Authorized Keys format that this certificate signs |
| key_type | string | the key type of the public_key, one of rsa, ecdsa or ed25519 |
| ssh_certificate_authority_id | string | the ssh certificate authority that is used to sign this ssh user certificate |
| principals | List<string> | the list of principals included in the ssh user certificate. This is the list of usernames that the certificate holder may sign in as on a machine authorizing the signing certificate authority. Dangerously, if no principals are specified, this certificate may be used to log in as any user. |
| critical_options | Map<string, string> | A map of critical options included in the certificate. Only two critical options are currently defined by OpenSSH: force-command and source-address. See the OpenSSH certificate protocol spec for additional details. |
| extensions | Map<string, string> | A map of extensions included in the certificate. Extensions are additional metadata that can be interpreted by the SSH server for any purpose. These can be used to permit or deny the ability to open a terminal, do port forwarding, x11 forwarding, and more. If unspecified, the certificate will include limited permissions with the following extension map: {"permit-pty": "", "permit-user-rc": ""} OpenSSH understands a number of predefined extensions. See the OpenSSH certificate protocol spec for additional details. |
| valid_after | string | the time when the ssh host certificate becomes valid, in RFC 3339 format. |
| valid_until | string | the time after which the ssh host certificate becomes invalid, in RFC 3339 format. the OpenSSH certificates RFC calls this valid_before. |
| certificate | string | the signed SSH certificate in OpenSSH Authorized Keys Format. this value should be placed in a -cert.pub certificate file on disk that should be referenced in your sshd_config configuration file with a HostCertificate directive |
ssh_user_certificate_updated.v0
Triggers when an SSH user certificate is updated This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique identifier for this SSH User Certificate |
| uri | string | URI of the SSH User Certificate API resource |
| created_at | string | timestamp when the SSH User Certificate API resource was created, RFC 3339 format |
| description | string | human-readable description of this SSH User Certificate. optional, max 255 bytes. |
| metadata | string | arbitrary user-defined machine-readable data of this SSH User Certificate. optional, max 4096 bytes. |
| public_key | string | a public key in OpenSSH Authorized Keys format that this certificate signs |
| key_type | string | the key type of the public_key, one of rsa, ecdsa or ed25519 |
| ssh_certificate_authority_id | string | the ssh certificate authority that is used to sign this ssh user certificate |
| principals | List<string> | the list of principals included in the ssh user certificate. This is the list of usernames that the certificate holder may sign in as on a machine authorizing the signing certificate authority. Dangerously, if no principals are specified, this certificate may be used to log in as any user. |
| critical_options | Map<string, string> | A map of critical options included in the certificate. Only two critical options are currently defined by OpenSSH: force-command and source-address. See the OpenSSH certificate protocol spec for additional details. |
| extensions | Map<string, string> | A map of extensions included in the certificate. Extensions are additional metadata that can be interpreted by the SSH server for any purpose. These can be used to permit or deny the ability to open a terminal, do port forwarding, x11 forwarding, and more. If unspecified, the certificate will include limited permissions with the following extension map: {"permit-pty": "", "permit-user-rc": ""} OpenSSH understands a number of predefined extensions. See the OpenSSH certificate protocol spec for additional details. |
| valid_after | string | the time when the ssh host certificate becomes valid, in RFC 3339 format. |
| valid_until | string | the time after which the ssh host certificate becomes invalid, in RFC 3339 format. the OpenSSH certificates RFC calls this valid_before. |
| certificate | string | the signed SSH certificate in OpenSSH Authorized Keys Format. this value should be placed in a -cert.pub certificate file on disk that should be referenced in your sshd_config configuration file with a HostCertificate directive |
Secret
secret_created.v0
Triggers when a secret is created. This event type supports filters and selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | identifier for Secret |
| uri | string | URI of this Secret API resource |
| created_at | string | Timestamp when the Secret was created (RFC 3339 format) |
| updated_at | string | Timestamp when the Secret was last updated (RFC 3339 format) |
| name | string | Name of secret |
| description | string | description of Secret |
| metadata | string | Arbitrary user-defined metadata for this Secret |
| id | string | a resource identifier |
| uri | string | a uri for locating a resource |
| id | string | a resource identifier |
| uri | string | a uri for locating a resource |
| id | string | a resource identifier |
| uri | string | a uri for locating a resource |
| vault_name | string | Name of the vault the secret is stored in |
secret_deleted.v0
Triggers when a secret is deleted. This event type supports filters and selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | identifier for Secret |
| uri | string | URI of this Secret API resource |
| created_at | string | Timestamp when the Secret was created (RFC 3339 format) |
| updated_at | string | Timestamp when the Secret was last updated (RFC 3339 format) |
| name | string | Name of secret |
| description | string | description of Secret |
| metadata | string | Arbitrary user-defined metadata for this Secret |
| id | string | a resource identifier |
| uri | string | a uri for locating a resource |
| id | string | a resource identifier |
| uri | string | a uri for locating a resource |
| id | string | a resource identifier |
| uri | string | a uri for locating a resource |
| vault_name | string | Name of the vault the secret is stored in |
secret_updated.v0
Triggers when a secret is updated. This event type supports filters and selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | identifier for Secret |
| uri | string | URI of this Secret API resource |
| created_at | string | Timestamp when the Secret was created (RFC 3339 format) |
| updated_at | string | Timestamp when the Secret was last updated (RFC 3339 format) |
| name | string | Name of secret |
| description | string | description of Secret |
| metadata | string | Arbitrary user-defined metadata for this Secret |
| id | string | a resource identifier |
| uri | string | a uri for locating a resource |
| id | string | a resource identifier |
| uri | string | a uri for locating a resource |
| id | string | a resource identifier |
| uri | string | a uri for locating a resource |
| vault_name | string | Name of the vault the secret is stored in |
TCP Connection Closed
tcp_connection_closed.v0
Triggers when a TCP connection to an endpoint closes. This event type supports filters and selectable fields.| Name | Type | Description | Filterable? |
|---|---|---|---|
| conn.bytes_in | int64 | The number of bytes arriving at an endpoint from the frontend | |
| conn.bytes_out | int64 | The number of bytes leaving an endpoint to the frontend | |
| conn.client_ip | string | The source IP of the TCP connection to the ngrok edge | Yes |
| conn.end_ts | timestamp | The timestamp when the TCP connection to the ngrok edge is closed | |
| conn.server_ip | string | The IP address of the server that received the request | Yes |
| conn.server_name | string | The hostname associated with this connection. | Yes |
| conn.server_port | int32 | The port that the connection for this request came in on | Yes |
| conn.start_ts | timestamp | The timestamp when the TCP connection to the ngrok edge is established | |
| ip_policy.decision | string | ’allow’ if IP Policy module permitted the request to the upstream service, ‘block’ otherwise | |
| ja4_fingerprint | string | The JA4 fingerprint of the client TLS handshake | |
| traffic_policy.logs | List<Map<string, string>> | Logs collected from the log action in a Traffic Policy |
TLSCertificate
tls_certificate_created.v0
Triggers when a TLS certificate is created This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique identifier for this TLS certificate |
| uri | string | URI of the TLS certificate API resource |
| created_at | string | timestamp when the TLS certificate was created, RFC 3339 format |
| description | string | human-readable description of this TLS certificate. optional, max 255 bytes. |
| metadata | string | arbitrary user-defined machine-readable data of this TLS certificate. optional, max 4096 bytes. |
| certificate_pem | string | chain of PEM-encoded certificates, leaf first. See Certificate Bundles. |
| subject_common_name | string | subject common name from the leaf of this TLS certificate |
| dns_names | List<string> | set of additional domains (including wildcards) this TLS certificate is valid for |
| ips | List<string> | set of IP addresses this TLS certificate is also valid for |
| issued_at | string | timestamp (in RFC 3339 format) when this TLS certificate was issued automatically, or null if this certificate was user-uploaded |
| not_before | string | timestamp when this TLS certificate becomes valid, RFC 3339 format |
| not_after | string | timestamp when this TLS certificate becomes invalid, RFC 3339 format |
| key_usages | List<string> | set of actions the private key of this TLS certificate can be used for |
| extended_key_usages | List<string> | extended set of actions the private key of this TLS certificate can be used for |
| private_key_type | string | type of the private key of this TLS certificate. One of rsa, ecdsa, or ed25519. |
| issuer_common_name | string | issuer common name from the leaf of this TLS certificate |
| serial_number | string | serial number of the leaf of this TLS certificate |
| subject_organization | string | subject organization from the leaf of this TLS certificate |
| subject_organizational_unit | string | subject organizational unit from the leaf of this TLS certificate |
| subject_locality | string | subject locality from the leaf of this TLS certificate |
| subject_province | string | subject province from the leaf of this TLS certificate |
| subject_country | string | subject country from the leaf of this TLS certificate |
tls_certificate_deleted.v0
Triggers when a TLS certificate is deleted This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique identifier for this TLS certificate |
| uri | string | URI of the TLS certificate API resource |
| created_at | string | timestamp when the TLS certificate was created, RFC 3339 format |
| description | string | human-readable description of this TLS certificate. optional, max 255 bytes. |
| metadata | string | arbitrary user-defined machine-readable data of this TLS certificate. optional, max 4096 bytes. |
| certificate_pem | string | chain of PEM-encoded certificates, leaf first. See Certificate Bundles. |
| subject_common_name | string | subject common name from the leaf of this TLS certificate |
| dns_names | List<string> | set of additional domains (including wildcards) this TLS certificate is valid for |
| ips | List<string> | set of IP addresses this TLS certificate is also valid for |
| issued_at | string | timestamp (in RFC 3339 format) when this TLS certificate was issued automatically, or null if this certificate was user-uploaded |
| not_before | string | timestamp when this TLS certificate becomes valid, RFC 3339 format |
| not_after | string | timestamp when this TLS certificate becomes invalid, RFC 3339 format |
| key_usages | List<string> | set of actions the private key of this TLS certificate can be used for |
| extended_key_usages | List<string> | extended set of actions the private key of this TLS certificate can be used for |
| private_key_type | string | type of the private key of this TLS certificate. One of rsa, ecdsa, or ed25519. |
| issuer_common_name | string | issuer common name from the leaf of this TLS certificate |
| serial_number | string | serial number of the leaf of this TLS certificate |
| subject_organization | string | subject organization from the leaf of this TLS certificate |
| subject_organizational_unit | string | subject organizational unit from the leaf of this TLS certificate |
| subject_locality | string | subject locality from the leaf of this TLS certificate |
| subject_province | string | subject province from the leaf of this TLS certificate |
| subject_country | string | subject country from the leaf of this TLS certificate |
tls_certificate_updated.v0
Triggers when a TLS certificate is updated This event type does not support filters or selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | unique identifier for this TLS certificate |
| uri | string | URI of the TLS certificate API resource |
| created_at | string | timestamp when the TLS certificate was created, RFC 3339 format |
| description | string | human-readable description of this TLS certificate. optional, max 255 bytes. |
| metadata | string | arbitrary user-defined machine-readable data of this TLS certificate. optional, max 4096 bytes. |
| certificate_pem | string | chain of PEM-encoded certificates, leaf first. See Certificate Bundles. |
| subject_common_name | string | subject common name from the leaf of this TLS certificate |
| dns_names | List<string> | set of additional domains (including wildcards) this TLS certificate is valid for |
| ips | List<string> | set of IP addresses this TLS certificate is also valid for |
| issued_at | string | timestamp (in RFC 3339 format) when this TLS certificate was issued automatically, or null if this certificate was user-uploaded |
| not_before | string | timestamp when this TLS certificate becomes valid, RFC 3339 format |
| not_after | string | timestamp when this TLS certificate becomes invalid, RFC 3339 format |
| key_usages | List<string> | set of actions the private key of this TLS certificate can be used for |
| extended_key_usages | List<string> | extended set of actions the private key of this TLS certificate can be used for |
| private_key_type | string | type of the private key of this TLS certificate. One of rsa, ecdsa, or ed25519. |
| issuer_common_name | string | issuer common name from the leaf of this TLS certificate |
| serial_number | string | serial number of the leaf of this TLS certificate |
| subject_organization | string | subject organization from the leaf of this TLS certificate |
| subject_organizational_unit | string | subject organizational unit from the leaf of this TLS certificate |
| subject_locality | string | subject locality from the leaf of this TLS certificate |
| subject_province | string | subject province from the leaf of this TLS certificate |
| subject_country | string | subject country from the leaf of this TLS certificate |
Vault
vault_created.v0
Triggers when a vault is created. This event type supports filters and selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | identifier for Vault |
| uri | string | URI of this Vault API resource |
| created_at | string | Timestamp when the Vault was created (RFC 3339 format) |
| updated_at | string | Timestamp when the Vault was last updated (RFC 3339 format) |
| name | string | Name of vault |
| description | string | description of Vault |
| metadata | string | Arbitrary user-defined metadata for this Vault |
| created_by | string | Reference to who created this Vault |
| last_updated_by | string | Reference to who created this Vault |
vault_deleted.v0
Triggers when a vault is deleted. This event type supports filters and selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | identifier for Vault |
| uri | string | URI of this Vault API resource |
| created_at | string | Timestamp when the Vault was created (RFC 3339 format) |
| updated_at | string | Timestamp when the Vault was last updated (RFC 3339 format) |
| name | string | Name of vault |
| description | string | description of Vault |
| metadata | string | Arbitrary user-defined metadata for this Vault |
| created_by | string | Reference to who created this Vault |
| last_updated_by | string | Reference to who created this Vault |
vault_updated.v0
Triggers when a vault is updated. This event type supports filters and selectable fields.| Name | Type | Description |
|---|---|---|
| id | string | identifier for Vault |
| uri | string | URI of this Vault API resource |
| created_at | string | Timestamp when the Vault was created (RFC 3339 format) |
| updated_at | string | Timestamp when the Vault was last updated (RFC 3339 format) |
| name | string | Name of vault |
| description | string | description of Vault |
| metadata | string | Arbitrary user-defined metadata for this Vault |
| created_by | string | Reference to who created this Vault |
| last_updated_by | string | Reference to who created this Vault |