Connect Ngrok to your AI agent

Developer Tools 102 actions available

Ngrok creates secure tunnels to locally hosted applications, enabling developers to share and test webhooks or services without configuring complex network settings

We set up the connection using your own Ngrok account, with keys you control, and keep it running. Your agent picks it up and starts doing the work.

Book a setup call See pricing
Actions

What your agent can do in Ngrok

Each one is a real action the agent can take on its own, the same things a person clicking around Ngrok could do. Read-only by default; write actions are confirmed against your policy.

  • Create API Key Creates a new API key for authenticating with the ngrok API. This tool allows programmatic creation of API keys that can be used to access ngrok's API services.
  • Create Tunnel Credential Creates a new tunnel authtoken credential for authenticating ngrok agents. This authtoken credential can be used to start a new tunnel session. The response to this API call is the only time the generated token is avail…
  • Create Endpoint Create a cloud endpoint on the ngrok account. Use when you need to set up a new cloud endpoint with custom traffic policies for handling HTTP traffic.
  • Create Event Source Add a new event source to an event subscription. Event sources define which types of events will trigger the subscription. Use this when you need to subscribe to additional event types for an existing event subscription.
  • Create Event Subscription Creates a new event subscription in ngrok. Event subscriptions allow you to be notified when specific events occur in your ngrok account. Use this when you need to set up webhooks or event-driven workflows for ngrok res…
  • Create HTTPS Edge Creates a new HTTPS edge in your ngrok account. HTTPS edges define how ngrok handles HTTPS traffic for your domains. Use this when you need to set up a new HTTPS endpoint with custom TLS or mutual TLS configuration.
  • Create HTTPS Edge Route Creates a new route on an HTTPS edge in ngrok. Routes define how traffic matching specific patterns should be handled and can include various security and transformation modules. Use when you need to configure routing r…
  • Create SSH Credential Creates a new SSH credential from an uploaded public SSH key. This SSH credential can be used to start new tunnels via ngrok's SSH gateway. Use when you need to authenticate SSH-based tunnel connections with ngrok.
  • Create Vault Creates a new vault in your ngrok account. Vaults are used for securely storing and managing sensitive data such as secrets, credentials, and tokens.
  • Create Vault Secret Tool to create a new secret in an ngrok vault for secure storage of sensitive data like API keys, passwords, or tokens. Use when you need to securely store sensitive information that can be referenced in traffic policie…
  • Delete API Key Delete an API key by its ID. This action permanently removes the specified API key from your ngrok account. This is an important security feature that allows users to revoke access when an API key is compromised or no l…
  • Delete Credentials Delete a tunnel authtoken credential by ID. This action permanently removes the specified credential from your ngrok account.
  • Delete HTTPS Edge Route Circuit Breaker Module Delete the Circuit Breaker module from an HTTPS Edge Route. This action removes the circuit breaker configuration that protects upstream services from being overwhelmed by automatically rejecting requests when error thr…
  • Delete Edge Route Compression Module Delete the compression module from an HTTPS edge route. Use this to remove compression settings from a specific route within an HTTPS edge configuration.
  • Delete Edge Route Request Headers Module Delete the request headers module from an HTTPS edge route. This removes any custom request header modifications configured for the specified route. Use this action when you need to stop modifying request headers on a s…
  • Delete Edge Route Response Headers Module Delete the response headers module from an HTTPS edge route. Use when you need to remove response header manipulation from a specific route.
  • Delete Edge Route SAML Module Delete the SAML module configuration from an HTTPS edge route. This action removes SAML authentication from the specified route, allowing traffic to pass through without SAML validation. The operation is idempotent and…
  • Delete Edge Route User Agent Filter Module Delete the user agent filter module from an HTTPS edge route. Use this to remove user agent filtering from a specific route within an HTTPS edge configuration.
  • Delete Edge Route Webhook Verification Module Delete the webhook verification module from an HTTPS edge route. This removes webhook signature verification configured for the specified route. Use this action when you need to stop verifying webhook signatures on a sp…
  • Delete Edge Route WebSocket TCP Converter Module Delete the WebSocket TCP converter module from an HTTPS edge route. Use when you need to remove WebSocket to TCP conversion functionality from a specific route. The operation is idempotent.
  • Delete Endpoint Delete an endpoint by ID. This action permanently removes the specified endpoint from your ngrok account. Currently only available for cloud endpoints. Cloud endpoints are those created through the ngrok dashboard or AP…
  • Delete Event Source Delete an event source from an event subscription. This removes a specific event type from the subscription, so the subscription will no longer trigger for that event. Event sources define which types of events trigger…
  • Delete Event Subscription Delete an event subscription by ID. This action permanently removes the specified event subscription from your ngrok account. Event subscriptions allow you to receive notifications when specific events occur in your ngr…
  • Delete HTTPS Edge Delete an HTTPS edge by ID. This action permanently removes the specified HTTPS edge configuration from your ngrok account. HTTPS edges define how ngrok handles HTTPS traffic for your domains. Once deleted, the edge and…
  • Delete HTTPS Edge Route Delete an HTTPS edge route by ID. This action permanently removes the specified route from an HTTPS edge configuration in your ngrok account. HTTPS edge routes define how traffic is handled for specific hostnames and pa…
  • Delete Reserved Domain Certificate Detach the certificate attached to a reserved domain. Use when you need to remove a certificate from a reserved domain without deleting the domain itself.
  • Delete Reserved Domain Certificate Management Policy Detach the certificate management policy from a reserved domain. Use this action when you need to remove certificate management configuration from a domain.
  • Delete Secret Delete a vault secret by ID. This action permanently removes the specified secret from your ngrok vault.
  • Delete SSH Credentials Delete an SSH credential by ID. This action permanently removes the specified SSH credential from your ngrok account. SSH credentials are used to authenticate SSH connections through ngrok. Once deleted, the credential…
  • Delete Vault Delete a vault by ID. This action permanently removes the specified vault from your ngrok account.
  • Get API Key Get the details of an API key by ID. Use this tool to retrieve information about a specific ngrok API key, including its description, metadata, and creation timestamp.
  • Get Credentials Tool to retrieve detailed information about a tunnel authtoken credential by ID. Use when you need to view the details, metadata, or ACL rules of an existing credential. Note: The token field will be null for existing c…
  • Get Edge Route Backend Module Retrieves the backend module configuration for an HTTPS edge route. Backend modules define where traffic is routed after passing through the edge route's modules. Use this to verify backend configuration or audit routin…
  • Get Edge Route Circuit Breaker Module Tool to retrieve the circuit breaker module configuration for a specific HTTPS edge route. Use when you need to check the current circuit breaker settings, verify protection parameters, or audit traffic protection polic…
  • Get Edge Route Compression Module Retrieves the compression module configuration for a specific HTTPS edge route. Use this to check if compression is enabled for the route.
  • Get Edge Route IP Restriction Module Retrieves the IP restriction module configuration for a specific HTTPS edge route. Use this to check which IP policies are applied to control access to the route.
  • Get Edge Route OIDC Module Retrieves the OIDC (OpenID Connect) module configuration for a specific HTTPS edge route. OIDC modules enable authentication via OpenID Connect providers on your edge routes. This action fetches the current OIDC configu…
  • Get Edge Route Request Headers Module Retrieves the request headers module configuration for a specific HTTPS edge route. The request headers module allows you to add and remove headers from HTTP requests before they are sent to your upstream server. Use th…
  • Get Edge Route Response Headers Module Get the response headers module configuration for an HTTPS edge route. Use when you need to retrieve the current response header manipulation settings for a specific route.
  • Get Edge Route SAML Module Retrieves the SAML authentication module configuration for a specific HTTPS edge route. Use this to view SAML settings including identity provider configuration, session timeouts, and authorized groups.
  • Get Edge Route Traffic Policy Retrieves the Traffic Policy module configuration for a specific HTTPS edge route. Traffic policies define how ngrok handles requests and responses on the edge route. Use this to inspect current traffic policy rules app…
  • Get Edge Route User Agent Filter Module Retrieves the user agent filter module configuration for a specific HTTPS edge route. Use this to view filtering rules that control access based on User-Agent headers.
  • Get Edge Route Webhook Verification Module Retrieves the webhook verification module configuration for an HTTPS edge route. Webhook verification modules validate incoming webhooks from supported providers. Use this to verify webhook configuration or audit webhoo…
  • Get Edge Route WebSocket TCP Converter Module Retrieves the WebSocket TCP Converter module configuration for a specific HTTPS edge route. This module converts WebSocket connections to TCP streams. Use this to inspect whether the converter is enabled.
  • Get Endpoint Get the status of an endpoint by ID. Use this tool to retrieve detailed information about a specific ngrok endpoint, including its configuration, URLs, and associated resources.
  • Get Event Source Get an event source by type for a specific event subscription. Use this tool to retrieve details about a specific event source type that triggers notifications for an event subscription.
  • Get HTTPS Edge Get the details of an HTTPS edge by ID. Use this to retrieve information about a specific HTTPS edge configuration including its hostports, TLS settings, and routes.
  • Get HTTPS Edge Mutual TLS Module Retrieves the mutual TLS module configuration for an HTTPS edge. Use this to check if mutual TLS is enabled and which certificate authorities are configured for client certificate validation.
  • Get HTTPS Edge Route Retrieves detailed information about a specific HTTPS edge route by its ID. HTTPS edge routes define how ngrok routes traffic based on path matching rules and apply various modules like authentication, compression, and…
  • Get IP Restriction Details Retrieves detailed information about a specific IP restriction by its ID. IP restrictions control which IP addresses can access various ngrok resources (dashboard, API, agents, or endpoints). This action fetches complet…
  • Get Reserved Domain Get the details of a reserved domain by ID. Use this to retrieve information about a specific reserved domain including its hostname, certificate configuration, and DNS settings.
  • Get Secret Tool to retrieve detailed information about a vault secret by ID. Use when you need to view the metadata, description, or vault information for an existing secret.
  • Get Secrets by Vault Tool to get all secrets in a vault by vault ID. Use this to retrieve the list of secrets stored in a specific ngrok vault. Supports pagination for large result sets.
  • Get SSH Credentials Tool to retrieve detailed information about an SSH credential by ID. Use when you need to view the details, public key, metadata, or ACL rules of an existing SSH credential.
  • Get Vault Get the details of a vault by ID. Use this tool to retrieve information about a specific ngrok vault, including its name, description, metadata, and timestamps.
  • List Agent Ingresses List all Agent Ingresses owned by this account. Agent Ingresses are used to configure custom domains for ngrok agent connections, allowing you to use your own domain instead of the default ngrok domains.
  • List API Keys This tool lists all API keys owned by the user. The API keys are used to authenticate API requests to ngrok's REST API. The endpoint returns a paginated list of API keys.
  • List Bot Users Tool to list all bot users on this ngrok account. Use when you need to retrieve all bot users with their status and metadata.
  • List Certificate Authorities List all certificate authorities on this account. Certificate authorities are x509 certificates used to sign other x509 certificates. Supports pagination and filtering via CEL expressions.
  • List Tunnel Credentials List all tunnel authtoken credentials on the ngrok account. Use when you need to view all credentials that can authenticate ngrok agents and start tunnel sessions.
  • List All Endpoints List all active endpoints on the ngrok account. This tool will list all active endpoints on the ngrok account, providing visibility into running tunnels and endpoints. It requires no input parameters beyond authenticati…
  • List Event Destinations List all Event Destinations on the ngrok account. Event Destinations define where and how ngrok should send event data (e.g., to AWS, Datadog, Azure). Use this to view configured event streaming targets.
  • List Event Subscriptions List all event subscriptions on the ngrok account. Event subscriptions allow you to be notified when specific events occur in your ngrok account. Use this to view all configured event subscriptions.
  • List Event Subscription Sources Tool to list the types for which this event subscription will trigger. Use when you need to see all event sources configured for a specific event subscription.
  • List Failover Backends List all failover backends on this account. Failover backends define failover behavior within a list of referenced backends where traffic is sent to the first backend, and if that backend is offline, ngrok attempts to c…
  • List HTTP Response Backends List all HTTP response backends on the account. Use this to retrieve all configured static HTTP response backends that return fixed responses with specific status codes.
  • List HTTPS Edges Lists all HTTPS Edges in your ngrok account. HTTPS edges are configurations that tell ngrok how to handle HTTPS traffic. The action returns a paginated list of all HTTPS edges associated with your account.
  • List IP Policies List all IP policies on this account. IP policies are reusable groups of CIDR ranges with an allow or deny action that can be attached to endpoints via the Endpoint Configuration IP Policy module. Supports pagination an…
  • List IP Policy Rules This tool lists all IP policy rules associated with your ngrok account. It retrieves detailed information including rule id, creation timestamp, description, metadata, CIDR, the associated IP policy, and the action (all…
  • List IP Restrictions Lists all IP restrictions configured on the ngrok account. IP restrictions control which source CIDR blocks are permitted to access specific ngrok account features such as the dashboard, API, agents, or public endpoints…
  • List Reserved Addresses List all reserved addresses on this account. Use this to retrieve all TCP addresses that have been reserved for listening to traffic on your ngrok account.
  • List Reserved Domains List all reserved domains on this account. Use this to retrieve all hostnames that have been reserved for listening to HTTP, HTTPS, and TLS traffic on your ngrok account.
  • List Service Users Tool to list all service users on this ngrok account. Use when you need to retrieve all service users with their status and metadata.
  • List SSH Certificate Authorities List all SSH Certificate Authorities on this account. SSH Certificate Authorities are pairs of SSH certificates and their private keys used to sign other SSH host and user certificates. Supports pagination and filtering…
  • List SSH Credentials List all SSH credentials on the ngrok account. Use when you need to view all SSH public keys that can authenticate to start SSH tunnels.
  • List SSH Host Certificates List all SSH Host Certificates issued on this account. SSH Host Certificates are used to sign SSH host keys and authenticate SSH servers. Supports pagination for efficient retrieval of large result sets.
  • List SSH User Certificates List all SSH user certificates on the ngrok account. Use when you need to view all SSH certificates that authenticate SSH clients to SSH servers.
  • List Static Backends List all static backends on the account. Static backends forward traffic to TCP addresses (hostname and port) that are reachable on the public internet.
  • List TCP Edges Lists all TCP Edges in your ngrok account. TCP edges are configurations that tell ngrok how to handle TCP traffic. The action returns a paginated list of all TCP edges associated with your account.
  • List TLS Certificates List all TLS certificates on the ngrok account. Use when you need to retrieve information about uploaded TLS certificates including validity, domains, and metadata.
  • List TLS Edges Lists all TLS Edges in your ngrok account. TLS edges are configurations that tell ngrok how to handle TLS traffic. The action returns a paginated list of all TLS edges associated with your account.
  • List Active Tunnels List all active tunnels in the ngrok account. This tool lists all active tunnels in the ngrok account, providing details such as tunnel ID, public URL, start time, protocol, configuration details, and metadata. It requi…
  • List Tunnel Sessions List all online tunnel sessions running on this account. Tunnel sessions represent instances of ngrok agents or SSH reverse tunnel sessions connected to the ngrok service. Each tunnel session can include one or more tun…
  • List Vaults List all vaults owned by the ngrok account. Vaults are used for securely storing and managing sensitive data such as secrets, credentials, and tokens.
  • List Vault Secrets List all vault secrets owned by the ngrok account. Use when you need to view all secrets stored in vaults for traffic policy configurations.
  • List Weighted Backends List all weighted backends on the ngrok account. Weighted backends balance traffic among referenced backends proportionally based on their assigned weights.
  • Replace Edge Route Circuit Breaker Module Replaces the circuit breaker module configuration on an HTTPS edge route. Circuit breakers protect upstream applications by rejecting traffic when error rates exceed thresholds, giving systems time to recover. Use this…
  • Replace Edge Route Compression Module Replaces the compression module configuration for an HTTPS edge route. Use this when you need to enable or disable automatic HTTP response compression for a specific route.
  • Replace Edge Route Request Headers Module Replaces the request headers module configuration for an HTTPS edge route. Use this to modify HTTP request headers before they are sent to your upstream application server. You can add new headers or remove existing one…
  • Replace Edge Route Response Headers Module Replaces the response headers module configuration for an HTTPS edge route. Use this to control which HTTP headers are added to or removed from responses sent to clients. This allows customization of response headers fo…
  • Replace Edge Route Traffic Policy Replaces the traffic policy module on an HTTPS edge route. Traffic policies allow you to control and modify HTTP traffic flowing through your ngrok endpoints. Use this action when you need to update or change the traffi…
  • Replace Edge Route User Agent Filter Module Replaces the user agent filter module configuration for an HTTPS edge route. Use this to control which User-Agent strings are allowed or denied access to your route based on regex patterns. Denied patterns take preceden…
  • Replace Edge Route Webhook Verification Module Replaces the webhook verification module configuration for an HTTPS edge route. Use this to configure ngrok to automatically verify webhook signatures from supported providers. This ensures that only authenticated webho…
  • Update API Key Updates attributes of an API key by ID. Use this to modify the description or metadata of an existing API key without changing its token or credentials.
  • Update Credentials Tool to update attributes of a tunnel authtoken credential by ID. Use when you need to modify the description, metadata, or ACL rules of an existing credential.
  • Update Endpoint Tool to update an Endpoint by ID, currently available only for cloud endpoints. Use this to modify the description, metadata, traffic policy, bindings, or other attributes of an existing endpoint.
  • Update Event Subscription Tool to update attributes of an event subscription by ID. Use when you need to modify the description, metadata, destination IDs, or sources of an existing event subscription.
  • Update HTTPS Edge Route Tool to update an HTTPS edge route by ID. Use when you need to modify route configuration for HTTPS traffic handling. Updates can include match patterns, module settings, and metadata. Unspecified modules remain unchang…
  • Update Reserved Domain Tool to update the attributes of a reserved domain by ID. Use this to modify the description, metadata, certificate configuration, or DNS resolver targets of an existing reserved domain.
  • Update Secret Tool to update a vault secret by ID. Use when you need to modify the name, description, metadata, or value of an existing secret in the ngrok vault.
  • Update SSH Credential Tool to update attributes of an SSH credential by ID. Use when you need to modify the description, metadata, or ACL rules of an existing SSH credential.
  • Update Vault Tool to update attributes of a vault by ID. Use when you need to modify the name, description, or metadata of an existing vault.
Setup

How we connect it

  1. 1

    Connect your account

    You create a key in Ngrok, a key you create and control, and paste it in once. It lives in a secrets store on your server, not with us.

  2. 2

    Set the guardrails

    Read-only by default. You choose which write actions the agent may take, and anything outside that policy gets confirmed with you first.

  3. 3

    We keep it running

    Health checks on every connection, updates handled for you, and we watch the first week of activity to make sure the work lands.

FAQ

Ngrok questions, answered.

With a key you create and control. You paste it in once, it is stored in a secrets store on your server, permissions are scoped to the minimum the agent needs, and you can revoke it at any time.
The actions Ngrok's API allows, the same things a person clicking around the app could do. Connections start read-only by default; write actions are confirmed against the policy you set before the agent takes them.
Connections are priced per tool on top of the base plan. Some are included, some are premium. See pricing for how connection charges work.
Standard tools are ready inside 7 business days of the setup call. We test the connection end to end, walk you through how the agent uses it, and watch the first week of activity.

Ready to put Ngrok to work?

Tell us what your team runs on. We set up the connection, secure it, and your agent takes it from there.

Book a setup call Browse all integrations

All product names, logos, and brands are property of their respective owners; used for identification only. ZeroToClaw is not affiliated with or endorsed by Ngrok.