Skip to main content
Site-to-site connectivity

Connect to private APIs and DBs in customer networks.

Access the services you need without debugging your customer's network. Stop hopping on calls with IT teams to open firewalls and detangle VPNs.

  • Calendly
  • Cyera
  • Databricks
  • GitHub
  • Grafana
  • Harvey
  • Hugging Face
  • Mercor
  • Microsoft
  • Okta
  • Open AI
  • Perplexity
  • Ramp
  • Schneider Electric
  • Twilio
  • Vercel
  • Windsurf
  • Zoom
How it works

No firewall changes, no open ports, no VPNs.

Customers run a lightweight agent that creates secure tunnels. Your traffic is relayed to your customer through the ngrok cloud.

Diagram showing how traffic flows from your cloud through ngrok to customer networks

Connections from your cloud to ngrok are authorized with your choice of mTLS, IP restrictions, or JWT.

Secure tunnels are outbound TLS connections from agents to the ngrok cloud on port 443. Your traffic is then multiplexed through to the target service.

Diagram showing private addressability with the ngrok Kubernetes Operator wrapping connections in mTLS

Connections from your cloud to ngrok are wrapped in mTLS by the ngrok Kubernetes Operator. Only your cluster can ping the URL, so there's no need for auth.

Not running in Kubernetes? We also support private URLs with our agent CLI and Go SDK. Talk to an engineer

Diagram showing multiple services and endpoints connected through ngrok

Access more services on other protocols with one setup—DBs, web apps, IoT devices, and much more.

Expand from one to many customers with the same agent configuration and new private endpoints.

Why ngrok?

It works the same way everywhere. Any cloud and on-prem.

Your customers can't screw up running an agent container. Not true for VPNs and VPC peering.

Customers onboard faster when they get their data into your product sooner.

Decoration

This is the part where you start building.

No upfront costs. No contact sales. Pay only for what you use.

Decoration