- It works with software running locally or in the cloud, and with devices running on-premises or distributed in the field.
- It supports TCP, TLS, and HTTP/S.
- You can deliver traffic to internal and public APIs, and orchestrate traffic across your devices.
- It’s globally distributed by default and provides support for multiple environments with minimal configuration.
Concepts
Endpoints
Create and manage endpoints to orchestrate traffic to your services.
Traffic Policy
Filter, match, manage, and orchestrate traffic to your endpoints.
AI Gateway
Route, manage, and secure traffic to any LLM whether it is local or hosted providers like OpenAI, Anthropic, and more.
Domains
Create public HTTP, HTTPS, and TLS endpoints with hostnames that match your domain.
TCP Addresses
Create public TCP endpoints on a fixed hostname and port.
TLS Certificates
Automatically manage TLS certificates for terminating TLS connections to
your endpoints.
Kubernetes Operators
Automate the creation and management of endpoints for services in your Kubernetes cluster.
Vaults & Secrets
Securely manage sensitive data such as API keys, passwords, and tokens across your endpoints using centralized and encrypted vaults.
IP Policies
Enforce reusable groups of IP/CIDR allow and deny rules.
TLS Certificate Authorities
Enforce Mutual TLS authentication (mTLS) on your endpoints with the terminate-tls Traffic Policy action.
Traffic Identities
Get visibility and control of the identities which authenticate to your endpoints with the
oauth and openid-connect Traffic Policy actions.Features
- Traffic Policy - Filter, match, manage, and orchestrate traffic to your endpoints.
- Traffic observability - Capture and replay requests and responses.
- Identity and access management - Manage credentials for human users and automated processes.
- Kubernetes support - Ingress and cross-platform Gateway API configuration resources.
- Secure tunnels - Expose local services or connect devices to ngrok’s global network.
Use cases
Route to endpoints by geography
Forward requests based on IP geolocation data for reduced latency or
country-specific features.
Create identity-based rate limits
Pre-tier requests based on your packaging or pricing model.
Secure a public Minecraft server
Restrict server access to a specific set of IP addresses.
Intercept and rewrite headers
Intercept 302 redirect headers to preserve UX and agent behavior.
What’s next?
- Proceed to the guides section to get started with ngrok as an API gateway, device gateway, identity-aware proxy, or for site-to-site connectivity.
- Check out the Universal Gateway examples collection to see how to implement even more common use cases.