Skip to main content
Site-to-site connectivity

Connect to private APIs and DBs in customer networks.

Access the services you need without debugging your customer's network. Stop hopping on calls with IT teams to open firewalls and detangle VPNs.

Follow the Quickstart
  • Calendly
  • Cyera
  • Databricks
  • GitHub
  • Grafana
  • Harvey
  • Hugging Face
  • Mercor
  • Microsoft
  • Okta
  • Open AI
  • Perplexity
  • Ramp
  • Schneider Electric
  • Twilio
  • Vercel
  • Windsurf
  • Zoom
How it works

No firewall changes, no open ports, no VPNs.

Customers run a lightweight agent that creates secure tunnels. Your traffic is relayed to your customer through the ngrok cloud.

Diagram showing how traffic flows from your cloud through ngrok to customer networks

Connections from your cloud to ngrok are authorized with your choice of mTLS, IP restrictions, or JWT.

Secure tunnels are outbound TLS connections from agents to the ngrok cloud on port 443. Your traffic is then multiplexed through to the target service.

Diagram showing private addressability with the ngrok Kubernetes Operator wrapping connections in mTLS

Connections from your cloud to ngrok are wrapped in mTLS by the ngrok Kubernetes Operator. Only your cluster can ping the URL, so there's no need for auth.

Not running in Kubernetes? We also support private URLs with our agent CLI and Go SDK. Talk to an engineer

Diagram showing multiple services and endpoints connected through ngrok

Access more services on other protocols with one setup—DBs, web apps, IoT devices, and much more.

Expand from one to many customers with the same agent configuration and new private endpoints.

Why ngrok?

It works the same way everywhere. Any cloud and on-prem.

Your customers can't screw up running an agent container. Not true for VPNs and VPC peering.

Customers onboard faster when they get their data into your product sooner.

Databricks and Copado did it. You can too.

Case Study
Ihor Leshko
Director of Engineering, Databricks

ngrok opened the door to rapidly onboard big enterprise customers. With ngrok, we get comprehensive security and the functionality we need for all of our use cases.

Databricks
Case Study
Austin Cottrell
Cloud Infrastructure Engineer, Copado

With traditional site-to-site VPNs, it would take us weeks or even months to securely connect our platform to our customers' networks. ngrok reduces the integration time to days.

Copado
Security

Sail through the most rigorous security assessments.

The ngrok agent already runs in banks, healthcare systems, and Fortune 100 networks to deliver private connectivity.

Access a service, not your customer's whole network

Tightly scope your access the APIs and databases you need and not a single port or process more.

Diagram showing scoped access to customer environment

Encrypt end-to-end with your own keys

Terminate TLS in your customer's network at the upstream service or the ngrok agent. The ngrok cloud service only sees ciphertext.

Diagram showing end-to-end encryption

Restrict traffic regions for data residency

Comply with data residency requirements by selecting the exact ngrok data centers used to relay your connections.

Safe multi-tenancy with least-privilege agent ACLs

Agents operate with only the permissions you explicitly define. ACLs control which endpoints they can create and ensure strict separation across customer environments.

All the boxes you need to check

Trust Center
SOC2 Type II
RBAC
HIPAA & BAA
SSO & SCIM
GDPR
Audit logs
CCPA
Data residency
EU-US DPF
White-labeling

Your customers have questions.
We have answers.

Send your customers a complete Q&A on how ngrok works and why it's secure.

Check it out
Reliability

Hit all the 9s in your SLA.

Network failures are inevitable. Identify and recover from them automatically.

Reconnect automatically

You can't control your customer's network. That's why the ngrok agent runs in the background and heartbeats its connection to recover quickly after it sees connection reset by peer.

Heartbeat connection recovery visualization

Alert on issues before customers notice

Publish tunnel status and connection events to your telemetry platform. When a connection drops, you'll know before your customer does.

Log export

High availability with agent redundancy

Run multiple agents in your customer's network and ngrok will balance connections among them. You'll stay connected even when a machine running one agent fails.

Stay online during region outages

Agents create secure tunnels to multiple regions of the ngrok cloud service. You won't go down when entire datacenters fail (cough, us-east-1, cough).

Production Ready

Everything you need to productize and scale.

Prepackaged for every OS, Docker & Kubernetes

The ngrok agent is a cross-platform, lightweight, dependency-free executable. We've pre-packaged it to make distribution easy for you.

SDK installation commands for Rust, Python, Node, and Go

import ngrok

Embed the ngrok agent in your own code with an SDK if a sidecar isn't right for you. Great for when your software is already running in your customer's environment (like bring-your-own-cloud).

Package installation commands for Windows, Linux, Kubernetes, and Docker

Automate everything with APIs

There's an API for every feature so it's easy to scale across all your customers. We've also integrated ngrok into the declarative IaC tools you use to manage the rest of your production infra.

White-label everything your customers see

Brand your URLs and the address the agent connects to with your own domains. You can assign them dedicated IPs, too.

Need to self-host ngrok?

Inquire about private edition
Decoration

This is the part where you start building.

No upfront costs. No contact sales. Pay only for what you use.

Follow the Quickstart
Decoration