Reach every device, wherever you've deployed it.
Your devices are out there, and remote networks don't always cooperate. Whether you need to ping a sensor or do remote admin without rolling trucks, ngrok makes every device securely reachable. Always.
Don't fiddle with firewalls or open ports.
Your devices run a lightweight agent that creates secure tunnels connecting outbound on port 443. Traffic to and from your devices is relayed through the ngrok cloud.
Your cloud services call device APIs through addressable endpoints that work like any other URL. Keep them always-on or spin them up on demand via API. Billing only kicks in when traffic flows.
Traffic Policy enforces access control at ngrok's edge. Configure IP restrictions, rate limits, and JWT validation once; ngrok enforces them across your entire fleet.
Techs and end users connect to devices with existing tools. ngrok tunnels any TCP-based protocol like SSH, RDP, HTTP, and the wild proprietary stuff, too.
Create endpoints when a tech needs access or a customer opens your app. Tear them down via API when you're done.
Why ngrok?
Every device gets a URL. Addressable by your cloud, technicians, and customers, without touching the network.
Policy lives in the cloud. Update access controls, authentication, and rate limits without firmware pushes or truck rolls.
Set it and forget it. Deploy the same agent to containers, VMs, and embedded Linux—scale one setup to thousands.
See how others connected tens of thousands of devices in a cinch.
10,000+ stores. 20,000 devices. 4 developers.
It used to take four weeks to connect a single store, and they were adding 300-400 a year. With ngrok, it takes them days. You know the chain—we can't name them.
ngrok allows us to easily connect to a customer's network with the secure end-to-end connection we need. ngrok helps drive our business because we don't have to jump through hoops—it's plug-and-play.
Manage thousands of devices from one account.
There's an API for every operation. Wire ngrok into your existing pipeline and manage your entire fleet programmatically.
A URL for every device, named your way
Pick a URL pattern that mirrors how you actually think about your fleet. Go with store-042.yourfleet.example.com if you'd like—each URL comes with its own authtoken and ACL scope.
Rotate and revoke credentials without truck rolls
Create, scope, rotate, and revoke authtokens from your cloud instead of fumbling hardcoded secrets or sending out techs.
No traffic, no bill
Billing is per active endpoint hour—one where traffic actually moves. Spin endpoints up and down via API for security, not cost.
Observe your fleet in real time
Watch traffic in real time and push tunnel statuses to your telemetry platform. When a device drops, you'll know before anyone else.
Here's how you pass your security review
If it has a CPU and a network connection, it can run ngrok.
Your gateway is Windows, your controller is ARM and Linux, and your sensors have 256MB of RAM. ngrok doesn't flinch.
Prepackaged for every OS, Docker & Kubernetes
The ngrok agent is a cross-platform, lightweight, dependency-free executable. We've pre-packaged it to make distribution easy for you.
import ngrok
Embed the ngrok agent in your own code with an SDK if a sidecar isn't right for you. Great for when your software is already running in your customer's environment (like bring-your-own-cloud).
One agent on a gateway handles the whole network
Skip the per-sensor install and let one local agent route to every device on the network behind it. Or, if you'd rather, put the agent on each device directly—we don't force the topology.
TCP, SSH, RDP, HTTP, proprietary, and more
Your technicians need RDP, your cloud calls HTTP APIs, your controllers speak Modbus. Same outbound connection, no rip-and-replace.
Your devices are already out in the field. Now go reach them.
No upfront costs. No contact sales. Pay only for what you use.