ngrok Agent CLI API Commands

With the ngrok agent CLI, you can use built-in commands to interact with the ngrok API. For more information about the ngrok API and interfacing with it directly, see see the ngrok api page.

tip

If you want to programmatically control the ngrok agent, the Agent SDKs are usually a more flexible and powerful choice.

ngrok api

The api command provides access to ngrok's API. You can use the API through one of the api subcommmands.

All api subcommands require an API key. You can configure it either through a command flag (--api-key) or add it in ngrok's configuration file (api_key).

You can get get the initial API key at https://dashboard.ngrok.com/api. Additional keys can be created through 'ngrok api api-key create' subcommand.

SubCommands

Command	Description
abuse-reports	Abuse Reports allow you to submit take-down requests for URLs hoste...
agent-ingresses
api-keys	API Keys are used to authenticate to the ngrok
API (https://ngrok....
application-sessions
application-users
backends
bot-users
certificate-authorities	Certificate Authorities are x509 certificates that are used to sign...
credentials	Tunnel Credentials are ngrok agent authtokens. They authorize the n...
edge-modules
edges
endpoint-configurations	Endpoint Configurations are a reusable group of modules that encaps...
endpoints	Endpoints provides an API for querying the endpoint objects
which ...
event-destinations
event-sources
event-subscriptions
ip-policies	IP Policies are reusable groups of CIDR ranges with an allow or den...
ip-policy-rules	IP Policy Rules are the IPv4 or IPv6 CIDRs entries that
make up an...
ip-restrictions	An IP restriction is a restriction placed on the CIDRs that are all...
kubernetes-operators	KubernetesOperators is used by the Kubernetes Operator to register ...
pointcfg-module
reserved-addrs	Reserved Addresses are TCP addresses that can be used to listen for...
reserved-domains	Reserved Domains are hostnames that you can listen for traffic on. ...
root
ssh-certificate-authorities	An SSH Certificate Authority is a pair of an SSH Certificate and it...
ssh-credentials	SSH Credentials are SSH public keys that can be used to start SSH t...
ssh-host-certificates	SSH Host Certificates along with the corresponding private key allo...
ssh-user-certificates	SSH User Certificates are presented by SSH clients when connecting ...
tls-certificates	TLS Certificates are pairs of x509 certificates and their matching ...
tunnel-sessions	Tunnel Sessions represent instances of ngrok agents or SSH reverse ...
tunnels	Tunnels provide endpoints to access services exposed by a running n...

Flags

Flag	Description
`--config`	path to config files; they are merged if multiple

ngrok api abuse-reports

Abuse Reports allow you to submit take-down requests for URLs hosted by ngrok that violate ngrok's terms of service.

SubCommands

Command	Description
create	Creates a new abuse report which will be review...
get	Get the detailed status of abuse report by ID.

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api abuse-reports create

Creates a new abuse report which will be reviewed by our system and abuse response team. This API is only available to authorized accounts. Contact abuse@ngrok.com to request access

Usage

ngrok api abuse-reports create [flags]

Flags

Flag	Description
`--metadata`	arbitrary user-defined data about this abuse report. Optional, max 4096 bytes.
`--urls`	a list of URLs containing suspected abusive content
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api abuse-reports get

Get the detailed status of abuse report by ID.

Usage

ngrok api abuse-reports get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api agent-ingresses

SubCommands

Command	Description
create	Create a new Agent Ingress. The ngrok agent can...
delete	Delete an Agent Ingress by ID
get	Get the details of an Agent Ingress by ID.
list	List all Agent Ingresses owned by this account
update	Update attributes of an Agent Ingress by ID.

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api agent-ingresses create

Create a new Agent Ingress. The ngrok agent can be configured to connect to ngrok via the new set of addresses on the returned Agent Ingress.

Usage

ngrok api agent-ingresses create [flags]

Flags

Flag	Description
`--certificate-management-policy.authority`	certificate authority to request certificates from. The only supported value is letsencrypt.
`--certificate-management-policy.private-key-type`	type of private key to use when requesting certificates. Defaults to rsa, can be either rsa or ecdsa.
`--description`	human-readable description of the use of this Agent Ingress. optional, max 255 bytes.
`--domain`	the domain that you own to be used as the base domain name to generate regional agent ingress domains.
`--metadata`	arbitrary user-defined machine-readable data of this Agent Ingress. optional, max 4096 bytes
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api agent-ingresses delete

Delete an Agent Ingress by ID

Usage

ngrok api agent-ingresses delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api agent-ingresses get

Get the details of an Agent Ingress by ID.

Usage

ngrok api agent-ingresses get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api agent-ingresses list

List all Agent Ingresses owned by this account

Usage

ngrok api agent-ingresses list [flags]

Flags

Flag	Description
`--before-id`
`--limit`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api agent-ingresses update

Update attributes of an Agent Ingress by ID.

Usage

ngrok api agent-ingresses update <id> [flags]

Flags

Flag	Description
`--certificate-management-policy.authority`	certificate authority to request certificates from. The only supported value is letsencrypt.
`--certificate-management-policy.private-key-type`	type of private key to use when requesting certificates. Defaults to rsa, can be either rsa or ecdsa.
`--description`	human-readable description of the use of this Agent Ingress. optional, max 255 bytes.
`--metadata`	arbitrary user-defined machine-readable data of this Agent Ingress. optional, max 4096 bytes
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api api-keys

API Keys are used to authenticate to the ngrok API (https://ngrok.com/docs/api#authentication). You may use the API itself to provision and manage API Keys but you'll need to provision your first API key from the API Keys page (https://dashboard.ngrok.com/api/keys) on your ngrok.com dashboard.

SubCommands

Command	Description
create	Create a new API key. The generated API key can...
delete	Delete an API key by ID
get	Get the details of an API key by ID.
list	List all API keys owned by this account
update	Update attributes of an API key by ID.

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api api-keys create

Create a new API key. The generated API key can be used to authenticate to the ngrok API.

Usage

ngrok api api-keys create [flags]

Flags

Flag	Description
`--description`	human-readable description of what uses the API key to authenticate. optional, max 255 bytes.
`--metadata`	arbitrary user-defined data of this API key. optional, max 4096 bytes
`--owner-email`	If supplied at credential creation, ownership will be assigned to the specified User. Only admins may specify an owner other than themselves. Both owner_id and owner_email may not be specified.
`--owner-id`	If supplied at credential creation, ownership will be assigned to the specified User or Bot. Only admins may specify an owner other than themselves. Defaults to the authenticated User or Bot.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api api-keys delete

Delete an API key by ID

Usage

ngrok api api-keys delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api api-keys get

Get the details of an API key by ID.

Usage

ngrok api api-keys get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api api-keys list

List all API keys owned by this account

Usage

ngrok api api-keys list [flags]

Flags

Flag	Description
`--before-id`
`--limit`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api api-keys update

Update attributes of an API key by ID.

Usage

ngrok api api-keys update <id> [flags]

Flags

Flag	Description
`--description`	human-readable description of what uses the API key to authenticate. optional, max 255 bytes.
`--metadata`	arbitrary user-defined data of this API key. optional, max 4096 bytes
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api application-sessions

SubCommands

Command	Description
delete	Delete an application session by ID.
get	Get an application session by ID.
list	List all application sessions for this account.

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api application-sessions delete

Delete an application session by ID.

Usage

ngrok api application-sessions delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api application-sessions get

Get an application session by ID.

Usage

ngrok api application-sessions get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api application-sessions list

List all application sessions for this account.

Usage

ngrok api application-sessions list [flags]

Flags

Flag	Description
`--before-id`
`--limit`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api application-users

SubCommands

Command	Description
delete	Delete an application user by ID.
get	Get an application user by ID.
list	List all application users for this account.

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api application-users delete

Delete an application user by ID.

Usage

ngrok api application-users delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api application-users get

Get an application user by ID.

Usage

ngrok api application-users get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api application-users list

List all application users for this account.

Usage

ngrok api application-users list [flags]

Flags

Flag	Description
`--before-id`
`--limit`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api backends

SubCommands

Command	Description
failover	A Failover backend defines failover behavior within a list of refer...
http-response
static-address	A static backend sends traffic to a TCP address (hostname and port)...
tunnel-group	A Tunnel Group Backend balances traffic among all online tunnels th...
weighted	A Weighted Backend balances traffic among the referenced backends. ...

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api backends failover

A Failover backend defines failover behavior within a list of referenced backends. Traffic is sent to the first backend in the list. If that backend is offline or no connection can be established, ngrok attempts to connect to the next backend in the list until one is successful.

SubCommands

Command	Description
create	Create a new Failover backend
delete	Delete a Failover backend by ID.
get	Get detailed information about a Failover backe...
list	List all Failover backends on this account
update	Update Failover backend by ID

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api backends failover create

Create a new Failover backend

Usage

ngrok api backends failover create [flags]

Flags

Flag	Description
`--backends`	the ids of the child backends in order
`--description`	human-readable description of this backend. Optional
`--metadata`	arbitrary user-defined machine-readable data of this backend. Optional
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api backends failover delete

Delete a Failover backend by ID.

Usage

ngrok api backends failover delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api backends failover get

Get detailed information about a Failover backend by ID

Usage

ngrok api backends failover get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api backends failover list

List all Failover backends on this account

Usage

ngrok api backends failover list [flags]

Flags

Flag	Description
`--before-id`
`--limit`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api backends failover update

Update Failover backend by ID

Usage

ngrok api backends failover update <id> [flags]

Flags

Flag	Description
`--backends`	the ids of the child backends in order
`--description`	human-readable description of this backend. Optional
`--metadata`	arbitrary user-defined machine-readable data of this backend. Optional
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api backends http-response

SubCommands

Command	Description
create
delete
get
list
update

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api backends http-response create

Usage

ngrok api backends http-response create [flags]

Flags

Flag	Description
`--body`	body to return as fixed content
`--description`	human-readable description of this backend. Optional
`--headers`	headers to return
`--metadata`	arbitrary user-defined machine-readable data of this backend. Optional
`--status-code`	status code to return
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api backends http-response delete

Usage

ngrok api backends http-response delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api backends http-response get

Usage

ngrok api backends http-response get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api backends http-response list

Usage

ngrok api backends http-response list [flags]

Flags

Flag	Description
`--before-id`
`--limit`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api backends http-response update

Usage

ngrok api backends http-response update <id> [flags]

Flags

Flag	Description
`--body`	body to return as fixed content
`--description`	human-readable description of this backend. Optional
`--headers`	headers to return
`--metadata`	arbitrary user-defined machine-readable data of this backend. Optional
`--status-code`	status code to return
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api backends static-address

A static backend sends traffic to a TCP address (hostname and port) that is reachable on the public internet.

SubCommands

Command	Description
create	Create a new static backend
delete	Delete a static backend by ID.
get	Get detailed information about a static backend...
list	List all static backends on this account
update	Update static backend by ID

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api backends static-address create

Create a new static backend

Usage

ngrok api backends static-address create [flags]

Flags

Flag	Description
`--address`	the address to forward to
`--description`	human-readable description of this backend. Optional
`--metadata`	arbitrary user-defined machine-readable data of this backend. Optional
`--tls.enabled`	if TLS is checked
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api backends static-address delete

Delete a static backend by ID.

Usage

ngrok api backends static-address delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api backends static-address get

Get detailed information about a static backend by ID

Usage

ngrok api backends static-address get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api backends static-address list

List all static backends on this account

Usage

ngrok api backends static-address list [flags]

Flags

Flag	Description
`--before-id`
`--limit`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api backends static-address update

Update static backend by ID

Usage

ngrok api backends static-address update <id> [flags]

Flags

Flag	Description
`--address`	the address to forward to
`--description`	human-readable description of this backend. Optional
`--metadata`	arbitrary user-defined machine-readable data of this backend. Optional
`--tls.enabled`	if TLS is checked
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api backends tunnel-group

A Tunnel Group Backend balances traffic among all online tunnels that match a label selector.

SubCommands

Command	Description
create	Create a new TunnelGroup backend
delete	Delete a TunnelGroup backend by ID.
get	Get detailed information about a TunnelGroup ba...
list	List all TunnelGroup backends on this account
update	Update TunnelGroup backend by ID

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api backends tunnel-group create

Create a new TunnelGroup backend

Usage

ngrok api backends tunnel-group create [flags]

Flags

Flag	Description
`--description`	human-readable description of this backend. Optional
`--labels`	labels to watch for tunnels on, e.g. app->foo, dc->bar
`--metadata`	arbitrary user-defined machine-readable data of this backend. Optional
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api backends tunnel-group delete

Delete a TunnelGroup backend by ID.

Usage

ngrok api backends tunnel-group delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api backends tunnel-group get

Get detailed information about a TunnelGroup backend by ID

Usage

ngrok api backends tunnel-group get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api backends tunnel-group list

List all TunnelGroup backends on this account

Usage

ngrok api backends tunnel-group list [flags]

Flags

Flag	Description
`--before-id`
`--limit`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api backends tunnel-group update

Update TunnelGroup backend by ID

Usage

ngrok api backends tunnel-group update <id> [flags]

Flags

Flag	Description
`--description`	human-readable description of this backend. Optional
`--labels`	labels to watch for tunnels on, e.g. app->foo, dc->bar
`--metadata`	arbitrary user-defined machine-readable data of this backend. Optional
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api backends weighted

A Weighted Backend balances traffic among the referenced backends. Traffic is assigned proportionally to each based on its weight. The percentage of traffic is calculated by dividing a backend's weight by the sum of all weights.

SubCommands

Command	Description
create	Create a new Weighted backend
delete	Delete a Weighted backend by ID.
get	Get detailed information about a Weighted backe...
list	List all Weighted backends on this account
update	Update Weighted backend by ID

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api backends weighted create

Create a new Weighted backend

Usage

ngrok api backends weighted create [flags]

Flags

Flag	Description
`--backends`	the ids of the child backends to their weights [0-10000]
`--description`	human-readable description of this backend. Optional
`--metadata`	arbitrary user-defined machine-readable data of this backend. Optional
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api backends weighted delete

Delete a Weighted backend by ID.

Usage

ngrok api backends weighted delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api backends weighted get

Get detailed information about a Weighted backend by ID

Usage

ngrok api backends weighted get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api backends weighted list

List all Weighted backends on this account

Usage

ngrok api backends weighted list [flags]

Flags

Flag	Description
`--before-id`
`--limit`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api backends weighted update

Update Weighted backend by ID

Usage

ngrok api backends weighted update <id> [flags]

Flags

Flag	Description
`--backends`	the ids of the child backends to their weights [0-10000]
`--description`	human-readable description of this backend. Optional
`--metadata`	arbitrary user-defined machine-readable data of this backend. Optional
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api bot-users

SubCommands

Command	Description
create	Create a new bot user
delete	Delete a bot user by ID
get	Get the details of a Bot User by ID.
list	List all bot users in this account.
update	Update attributes of a bot user by ID.

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api bot-users create

Create a new bot user

Usage

ngrok api bot-users create [flags]

Flags

Flag	Description
`--active`	whether or not the bot is active
`--name`	human-readable name used to identify the bot
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api bot-users delete

Delete a bot user by ID

Usage

ngrok api bot-users delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api bot-users get

Get the details of a Bot User by ID.

Usage

ngrok api bot-users get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api bot-users list

List all bot users in this account.

Usage

ngrok api bot-users list [flags]

Flags

Flag	Description
`--before-id`
`--limit`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api bot-users update

Update attributes of a bot user by ID.

Usage

ngrok api bot-users update <id> [flags]

Flags

Flag	Description
`--active`	whether or not the bot is active
`--name`	human-readable name used to identify the bot
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api certificate-authorities

Certificate Authorities are x509 certificates that are used to sign other x509 certificates. Attach a Certificate Authority to the Mutual TLS module to verify that the TLS certificate presented by a client has been signed by this CA. Certificate Authorities are used only for mTLS validation only and thus a private key is not included in the resource.

SubCommands

Command	Description
create	Upload a new Certificate Authority
delete	Delete a Certificate Authority
get	Get detailed information about a certficate aut...
list	List all Certificate Authority on this account
update	Update attributes of a Certificate Authority by...

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api certificate-authorities create

Upload a new Certificate Authority

Usage

ngrok api certificate-authorities create [flags]

Flags

Flag	Description
`--ca-pem`	raw PEM of the Certificate Authority
`--description`	human-readable description of this Certificate Authority. optional, max 255 bytes.
`--metadata`	arbitrary user-defined machine-readable data of this Certificate Authority. optional, max 4096 bytes.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api certificate-authorities delete

Delete a Certificate Authority

Usage

ngrok api certificate-authorities delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api certificate-authorities get

Get detailed information about a certficate authority

Usage

ngrok api certificate-authorities get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api certificate-authorities list

List all Certificate Authority on this account

Usage

ngrok api certificate-authorities list [flags]

Flags

Flag	Description
`--before-id`
`--limit`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api certificate-authorities update

Update attributes of a Certificate Authority by ID

Usage

ngrok api certificate-authorities update <id> [flags]

Flags

Flag	Description
`--description`	human-readable description of this Certificate Authority. optional, max 255 bytes.
`--metadata`	arbitrary user-defined machine-readable data of this Certificate Authority. optional, max 4096 bytes.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api credentials

Tunnel Credentials are ngrok agent authtokens. They authorize the ngrok agent to connect the ngrok service as your account. They are installed with the ngrok config add-authtoken command or by specifying it in the ngrok.yml configuration file with the authtoken property.

SubCommands

Command	Description
create	Create a new tunnel authtoken credential. This ...
delete	Delete a tunnel authtoken credential by ID
get	Get detailed information about a tunnel authtok...
list	List all tunnel authtoken credentials on this a...
update	Update attributes of an tunnel authtoken creden...

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api credentials create

Create a new tunnel authtoken credential. This authtoken credential can be used to start a new tunnel session. The response to this API call is the only time the generated token is available. If you need it for future use, you must save it securely yourself.

Usage

ngrok api credentials create [flags]

Flags

Flag	Description
`--acl`	optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the bind rule. The bind rule allows the caller to restrict what domains, addresses, and labels the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule bind:example.ngrok.io. Bind rules for domains may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of bind:.example.com which will allow x.example.com, y.example.com, .example.com, etc. Bind rules for labels may specify a wildcard key and/or value to match multiple labels. For example, you may specify a rule of bind:=example which will allow x=example, y=example, etc. A rule of '' is equivalent to no acl at all and will explicitly permit all actions.
`--description`	human-readable description of who or what will use the credential to authenticate. Optional, max 255 bytes.
`--metadata`	arbitrary user-defined machine-readable data of this credential. Optional, max 4096 bytes.
`--owner-email`	If supplied at credential creation, ownership will be assigned to the specified User. Only admins may specify an owner other than themselves. Both owner_id and owner_email may not be specified.
`--owner-id`	If supplied at credential creation, ownership will be assigned to the specified User or Bot. Only admins may specify an owner other than themselves. Defaults to the authenticated User or Bot.
`--precomputed-token`	Only authorized accounts may supply a pre-computed token that will be associated with the created credentials.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api credentials delete

Delete a tunnel authtoken credential by ID

Usage

ngrok api credentials delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api credentials get

Get detailed information about a tunnel authtoken credential

Usage

ngrok api credentials get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api credentials list

List all tunnel authtoken credentials on this account

Usage

ngrok api credentials list [flags]

Flags

Flag	Description
`--before-id`
`--limit`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api credentials update

Update attributes of an tunnel authtoken credential by ID

Usage

ngrok api credentials update <id> [flags]

Flags

Flag	Description
`--acl`	optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the bind rule. The bind rule allows the caller to restrict what domains, addresses, and labels the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule bind:example.ngrok.io. Bind rules for domains may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of bind:.example.com which will allow x.example.com, y.example.com, .example.com, etc. Bind rules for labels may specify a wildcard key and/or value to match multiple labels. For example, you may specify a rule of bind:=example which will allow x=example, y=example, etc. A rule of '' is equivalent to no acl at all and will explicitly permit all actions.
`--description`	human-readable description of who or what will use the credential to authenticate. Optional, max 255 bytes.
`--metadata`	arbitrary user-defined machine-readable data of this credential. Optional, max 4096 bytes.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules

SubCommands

Command	Description
https-edge-mutual-tls
https-edge-route-backend
https-edge-route-circuit-breaker
https-edge-route-compression
https-edge-route-ip-restriction
https-edge-route-oauth
https-edge-route-oidc
https-edge-route-request-headers
https-edge-route-response-headers
https-edge-route-saml
https-edge-route-traffic-policy
https-edge-route-user-agent-filter
https-edge-route-webhook-verification
https-edge-route-websocket-tcp-converter
https-edge-tls-termination
tcp-edge-backend
tcp-edge-ip-restriction
tcp-edge-traffic-policy
tls-edge-backend
tls-edge-ip-restriction
tls-edge-mutual-tls
tls-edge-tls-termination
tls-edge-traffic-policy

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-mutual-tls

SubCommands

Command	Description
delete
get
replace

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-mutual-tls delete

Usage

ngrok api edge-modules https-edge-mutual-tls delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-mutual-tls get

Usage

ngrok api edge-modules https-edge-mutual-tls get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-mutual-tls replace

Usage

ngrok api edge-modules https-edge-mutual-tls replace <id> [flags]

Flags

Flag	Description
`--module.certificate-authority-ids`	list of certificate authorities that will be used to validate the TLS client certificate presented by the initiator of the TLS connection
`--module.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-backend

SubCommands

Command	Description
delete
get
replace

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-backend delete

Usage

ngrok api edge-modules https-edge-route-backend delete <edge-id> <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-backend get

Usage

ngrok api edge-modules https-edge-route-backend get <edge-id> <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-backend replace

Usage

ngrok api edge-modules https-edge-route-backend replace <edge-id> <id> [flags]

Flags

Flag	Description
`--module.backend-id`	backend to be used to back this endpoint
`--module.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-circuit-breaker

SubCommands

Command	Description
delete
get
replace

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-circuit-breaker delete

Usage

ngrok api edge-modules https-edge-route-circuit-breaker delete <edge-id> <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-circuit-breaker get

Usage

ngrok api edge-modules https-edge-route-circuit-breaker get <edge-id> <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-circuit-breaker replace

Usage

ngrok api edge-modules https-edge-route-circuit-breaker replace <edge-id> <id> [flags]

Flags

Flag	Description
`--module.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--module.error-threshold-percentage`	Error threshold percentage should be between 0 - 1.0, not 0-100.0
`--module.num-buckets`	Integer number of buckets into which metrics are retained. Max 128.
`--module.rolling-window`	Integer number of seconds in the statistical rolling window that metrics are retained for.
`--module.tripped-duration`	Integer number of seconds after which the circuit is tripped to wait before re-evaluating upstream health
`--module.volume-threshold`	Integer number of requests in a rolling window that will trip the circuit. Helpful if traffic volume is low.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-compression

SubCommands

Command	Description
delete
get
replace

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-compression delete

Usage

ngrok api edge-modules https-edge-route-compression delete <edge-id> <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-compression get

Usage

ngrok api edge-modules https-edge-route-compression get <edge-id> <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-compression replace

Usage

ngrok api edge-modules https-edge-route-compression replace <edge-id> <id> [flags]

Flags

Flag	Description
`--module.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-ip-restriction

SubCommands

Command	Description
delete
get
replace

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-ip-restriction delete

Usage

ngrok api edge-modules https-edge-route-ip-restriction delete <edge-id> <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-ip-restriction get

Usage

ngrok api edge-modules https-edge-route-ip-restriction get <edge-id> <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-ip-restriction replace

Usage

ngrok api edge-modules https-edge-route-ip-restriction replace <edge-id> <id> [flags]

Flags

Flag	Description
`--module.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--module.ip-policy-ids`	list of all IP policies that will be used to check if a source IP is allowed access to the endpoint
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-oauth

SubCommands

Command	Description
delete
get
replace

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-oauth delete

Usage

ngrok api edge-modules https-edge-route-oauth delete <edge-id> <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-oauth get

Usage

ngrok api edge-modules https-edge-route-oauth get <edge-id> <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-oauth replace

Usage

ngrok api edge-modules https-edge-route-oauth replace <edge-id> <id> [flags]

Flags

Flag	Description
`--module.auth-check-interval`	Integer number of seconds after which ngrok guarantees it will refresh user state from the identity provider and recheck whether the user is still authorized to access the endpoint. This is the preferred tunable to use to enforce a minimum amount of time after which a revoked user will no longer be able to access the resource.
`--module.cookie-prefix`	the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'
`--module.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--module.inactivity-timeout`	Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.
`--module.maximum-duration`	Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.
`--module.options-passthrough`	Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.
`--module.provider.amazon.client-id`
`--module.provider.amazon.client-secret`
`--module.provider.amazon.email-addresses`
`--module.provider.amazon.email-domains`
`--module.provider.amazon.scopes`
`--module.provider.facebook.client-id`	the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well.
`--module.provider.facebook.client-secret`	the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id.
`--module.provider.facebook.email-addresses`	a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint
`--module.provider.facebook.email-domains`	a list of email domains of users authenticated by identity provider who are allowed access to the endpoint
`--module.provider.facebook.scopes`	a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes)
`--module.provider.github.client-id`	the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well.
`--module.provider.github.client-secret`	the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id.
`--module.provider.github.email-addresses`	a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint
`--module.provider.github.email-domains`	a list of email domains of users authenticated by identity provider who are allowed access to the endpoint
`--module.provider.github.organizations`	a list of github org identifiers. users who are members of any of the listed organizations will be allowed access. identifiers should be the organization's 'slug'
`--module.provider.github.scopes`	a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes)
`--module.provider.github.teams`	a list of github teams identifiers. users will be allowed access to the endpoint if they are a member of any of these teams. identifiers should be in the 'slug' format qualified with the org name, e.g. org-name/team-name
`--module.provider.gitlab.client-id`
`--module.provider.gitlab.client-secret`
`--module.provider.gitlab.email-addresses`
`--module.provider.gitlab.email-domains`
`--module.provider.gitlab.scopes`
`--module.provider.google.client-id`	the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well.
`--module.provider.google.client-secret`	the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id.
`--module.provider.google.email-addresses`	a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint
`--module.provider.google.email-domains`	a list of email domains of users authenticated by identity provider who are allowed access to the endpoint
`--module.provider.google.scopes`	a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes)
`--module.provider.linkedin.client-id`
`--module.provider.linkedin.client-secret`
`--module.provider.linkedin.email-addresses`
`--module.provider.linkedin.email-domains`
`--module.provider.linkedin.scopes`
`--module.provider.microsoft.client-id`	the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well.
`--module.provider.microsoft.client-secret`	the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id.
`--module.provider.microsoft.email-addresses`	a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint
`--module.provider.microsoft.email-domains`	a list of email domains of users authenticated by identity provider who are allowed access to the endpoint
`--module.provider.microsoft.scopes`	a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes)
`--module.provider.twitch.client-id`
`--module.provider.twitch.client-secret`
`--module.provider.twitch.email-addresses`
`--module.provider.twitch.email-domains`
`--module.provider.twitch.scopes`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-oidc

SubCommands

Command	Description
delete
get
replace

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-oidc delete

Usage

ngrok api edge-modules https-edge-route-oidc delete <edge-id> <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-oidc get

Usage

ngrok api edge-modules https-edge-route-oidc get <edge-id> <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-oidc replace

Usage

ngrok api edge-modules https-edge-route-oidc replace <edge-id> <id> [flags]

Flags

Flag	Description
`--module.client-id`	The OIDC app's client ID and OIDC audience.
`--module.client-secret`	The OIDC app's client secret.
`--module.cookie-prefix`	the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'
`--module.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--module.inactivity-timeout`	Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.
`--module.issuer`	URL of the OIDC "OpenID provider". This is the base URL used for discovery.
`--module.maximum-duration`	Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.
`--module.options-passthrough`	Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.
`--module.scopes`	The set of scopes to request from the OIDC identity provider.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-request-headers

SubCommands

Command	Description
delete
get
replace

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-request-headers delete

Usage

ngrok api edge-modules https-edge-route-request-headers delete <edge-id> <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-request-headers get

Usage

ngrok api edge-modules https-edge-route-request-headers get <edge-id> <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-request-headers replace

Usage

ngrok api edge-modules https-edge-route-request-headers replace <edge-id> <id> [flags]

Flags

Flag	Description
`--module.add`	a map of header key to header value that will be injected into the HTTP Request before being sent to the upstream application server
`--module.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--module.remove`	a list of header names that will be removed from the HTTP Request before being sent to the upstream application server
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-response-headers

SubCommands

Command	Description
delete
get
replace

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-response-headers delete

Usage

ngrok api edge-modules https-edge-route-response-headers delete <edge-id> <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-response-headers get

Usage

ngrok api edge-modules https-edge-route-response-headers get <edge-id> <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-response-headers replace

Usage

ngrok api edge-modules https-edge-route-response-headers replace <edge-id> <id> [flags]

Flags

Flag	Description
`--module.add`	a map of header key to header value that will be injected into the HTTP Response returned to the HTTP client
`--module.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--module.remove`	a list of header names that will be removed from the HTTP Response returned to the HTTP client
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-saml

SubCommands

Command	Description
delete
get
replace

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-saml delete

Usage

ngrok api edge-modules https-edge-route-saml delete <edge-id> <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-saml get

Usage

ngrok api edge-modules https-edge-route-saml get <edge-id> <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-saml replace

Usage

ngrok api edge-modules https-edge-route-saml replace <edge-id> <id> [flags]

Flags

Flag	Description
`--module.allow-idp-initiated`	If true, the IdP may initiate a login directly (e.g. the user does not need to visit the endpoint first and then be redirected). The IdP should set the RelayState parameter to the target URL of the resource they want the user to be redirected to after the SAML login assertion has been processed.
`--module.authorized-groups`	If present, only users who are a member of one of the listed groups may access the target endpoint.
`--module.cookie-prefix`	the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'
`--module.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--module.force-authn`	If true, indicates that whenever we redirect a user to the IdP for authentication that the IdP must prompt the user for authentication credentials even if the user already has a valid session with the IdP.
`--module.idp-metadata`	The full XML IdP EntityDescriptor. Your IdP may provide this to you as a a file to download or as a URL.
`--module.idp-metadata-url`	The IdP's metadata URL which returns the XML IdP EntityDescriptor. The IdP's metadata URL specifies how to connect to the IdP as well as its public key which is then used to validate the signature on incoming SAML assertions to the ACS endpoint.
`--module.inactivity-timeout`	Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.
`--module.maximum-duration`	Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.
`--module.nameid-format`	Defines the name identifier format the SP expects the IdP to use in its assertions to identify subjects. If unspecified, a default value of urn:oasis:names:tc:SAML:2.0:nameid-format:persistent will be used. A subset of the allowed values enumerated by the SAML specification are supported.
`--module.options-passthrough`	Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-traffic-policy

SubCommands

Command	Description
delete
get
replace

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-traffic-policy delete

Usage

ngrok api edge-modules https-edge-route-traffic-policy delete <edge-id> <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-traffic-policy get

Usage

ngrok api edge-modules https-edge-route-traffic-policy get <edge-id> <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-traffic-policy replace

Usage

ngrok api edge-modules https-edge-route-traffic-policy replace <edge-id> <id> [flags]

Flags

Flag	Description
`--module.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--module.value`	the traffic policy that should be applied to the traffic on your endpoint.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-user-agent-filter

SubCommands

Command	Description
delete
get
replace

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-user-agent-filter delete

Usage

ngrok api edge-modules https-edge-route-user-agent-filter delete <edge-id> <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-user-agent-filter get

Usage

ngrok api edge-modules https-edge-route-user-agent-filter get <edge-id> <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-user-agent-filter replace

Usage

ngrok api edge-modules https-edge-route-user-agent-filter replace <edge-id> <id> [flags]

Flags

Flag	Description
`--module.allow`
`--module.deny`
`--module.enabled`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-webhook-verification

SubCommands

Command	Description
delete
get
replace

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-webhook-verification delete

Usage

ngrok api edge-modules https-edge-route-webhook-verification delete <edge-id> <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-webhook-verification get

Usage

ngrok api edge-modules https-edge-route-webhook-verification get <edge-id> <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-webhook-verification replace

Usage

ngrok api edge-modules https-edge-route-webhook-verification replace <edge-id> <id> [flags]

Flags

Flag	Description
`--module.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--module.provider`	a string indicating which webhook provider will be sending webhooks to this endpoint. Value must be one of the supported providers defined at https://ngrok.com/docs/cloud-edge/modules/webhook-verification (https://ngrok.com/docs/cloud-edge/modules/webhook-verification)
`--module.secret`	a string secret used to validate requests from the given provider. All providers except AWS SNS require a secret
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-websocket-tcp-converter

SubCommands

Command	Description
delete
get
replace

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-websocket-tcp-converter delete

Usage

ngrok api edge-modules https-edge-route-websocket-tcp-converter delete <edge-id> <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-websocket-tcp-converter get

Usage

ngrok api edge-modules https-edge-route-websocket-tcp-converter get <edge-id> <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-route-websocket-tcp-converter replace

Usage

ngrok api edge-modules https-edge-route-websocket-tcp-converter replace <edge-id> <id> [flags]

Flags

Flag	Description
`--module.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-tls-termination

SubCommands

Command	Description
delete
get
replace

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-tls-termination delete

Usage

ngrok api edge-modules https-edge-tls-termination delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-tls-termination get

Usage

ngrok api edge-modules https-edge-tls-termination get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules https-edge-tls-termination replace

Usage

ngrok api edge-modules https-edge-tls-termination replace <id> [flags]

Flags

Flag	Description
`--module.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--module.min-version`	The minimum TLS version used for termination and advertised to the client during the TLS handshake. if unspecified, ngrok will choose an industry-safe default. This value must be null if terminate_at is set to upstream.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules tcp-edge-backend

SubCommands

Command	Description
delete
get
replace

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules tcp-edge-backend delete

Usage

ngrok api edge-modules tcp-edge-backend delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules tcp-edge-backend get

Usage

ngrok api edge-modules tcp-edge-backend get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules tcp-edge-backend replace

Usage

ngrok api edge-modules tcp-edge-backend replace <id> [flags]

Flags

Flag	Description
`--module.backend-id`	backend to be used to back this endpoint
`--module.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules tcp-edge-ip-restriction

SubCommands

Command	Description
delete
get
replace

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules tcp-edge-ip-restriction delete

Usage

ngrok api edge-modules tcp-edge-ip-restriction delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules tcp-edge-ip-restriction get

Usage

ngrok api edge-modules tcp-edge-ip-restriction get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules tcp-edge-ip-restriction replace

Usage

ngrok api edge-modules tcp-edge-ip-restriction replace <id> [flags]

Flags

Flag	Description
`--module.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--module.ip-policy-ids`	list of all IP policies that will be used to check if a source IP is allowed access to the endpoint
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules tcp-edge-traffic-policy

SubCommands

Command	Description
delete
get
replace

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules tcp-edge-traffic-policy delete

Usage

ngrok api edge-modules tcp-edge-traffic-policy delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules tcp-edge-traffic-policy get

Usage

ngrok api edge-modules tcp-edge-traffic-policy get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules tcp-edge-traffic-policy replace

Usage

ngrok api edge-modules tcp-edge-traffic-policy replace <id> [flags]

Flags

Flag	Description
`--module.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--module.value`	the traffic policy that should be applied to the traffic on your endpoint.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules tls-edge-backend

SubCommands

Command	Description
delete
get
replace

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules tls-edge-backend delete

Usage

ngrok api edge-modules tls-edge-backend delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules tls-edge-backend get

Usage

ngrok api edge-modules tls-edge-backend get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules tls-edge-backend replace

Usage

ngrok api edge-modules tls-edge-backend replace <id> [flags]

Flags

Flag	Description
`--module.backend-id`	backend to be used to back this endpoint
`--module.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules tls-edge-ip-restriction

SubCommands

Command	Description
delete
get
replace

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules tls-edge-ip-restriction delete

Usage

ngrok api edge-modules tls-edge-ip-restriction delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules tls-edge-ip-restriction get

Usage

ngrok api edge-modules tls-edge-ip-restriction get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules tls-edge-ip-restriction replace

Usage

ngrok api edge-modules tls-edge-ip-restriction replace <id> [flags]

Flags

Flag	Description
`--module.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--module.ip-policy-ids`	list of all IP policies that will be used to check if a source IP is allowed access to the endpoint
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules tls-edge-mutual-tls

SubCommands

Command	Description
delete
get
replace

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules tls-edge-mutual-tls delete

Usage

ngrok api edge-modules tls-edge-mutual-tls delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules tls-edge-mutual-tls get

Usage

ngrok api edge-modules tls-edge-mutual-tls get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules tls-edge-mutual-tls replace

Usage

ngrok api edge-modules tls-edge-mutual-tls replace <id> [flags]

Flags

Flag	Description
`--module.certificate-authority-ids`	list of certificate authorities that will be used to validate the TLS client certificate presented by the initiator of the TLS connection
`--module.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules tls-edge-tls-termination

SubCommands

Command	Description
delete
get
replace

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules tls-edge-tls-termination delete

Usage

ngrok api edge-modules tls-edge-tls-termination delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules tls-edge-tls-termination get

Usage

ngrok api edge-modules tls-edge-tls-termination get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules tls-edge-tls-termination replace

Usage

ngrok api edge-modules tls-edge-tls-termination replace <id> [flags]

Flags

Flag	Description
`--module.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--module.min-version`	The minimum TLS version used for termination and advertised to the client during the TLS handshake. if unspecified, ngrok will choose an industry-safe default. This value must be null if terminate_at is set to upstream.
`--module.terminate-at`	edge if the ngrok edge should terminate TLS traffic, upstream if TLS traffic should be passed through to the upstream ngrok agent / application server for termination. if upstream is chosen, most other modules will be disallowed because they rely on the ngrok edge being able to access the underlying traffic.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules tls-edge-traffic-policy

SubCommands

Command	Description
delete
get
replace

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules tls-edge-traffic-policy delete

Usage

ngrok api edge-modules tls-edge-traffic-policy delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules tls-edge-traffic-policy get

Usage

ngrok api edge-modules tls-edge-traffic-policy get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edge-modules tls-edge-traffic-policy replace

Usage

ngrok api edge-modules tls-edge-traffic-policy replace <id> [flags]

Flags

Flag	Description
`--module.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--module.value`	the traffic policy that should be applied to the traffic on your endpoint.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edges

SubCommands

Command	Description
https
https-routes
tcp
tls

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edges https

SubCommands

Command	Description
create	Create an HTTPS Edge
delete	Delete an HTTPS Edge by ID
get	Get an HTTPS Edge by ID
list	Returns a list of all HTTPS Edges on this account
update	Updates an HTTPS Edge by ID. If a module is not...

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edges https create

Create an HTTPS Edge

Usage

ngrok api edges https create [flags]

Flags

Flag	Description
`--description`	human-readable description of what this edge will be used for; optional, max 255 bytes.
`--hostports`	hostports served by this edge
`--metadata`	arbitrary user-defined machine-readable data of this edge; optional, max 4096 bytes.
`--mutual-tls.certificate-authority-ids`	list of certificate authorities that will be used to validate the TLS client certificate presented by the initiator of the TLS connection
`--mutual-tls.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--tls-termination.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--tls-termination.min-version`	The minimum TLS version used for termination and advertised to the client during the TLS handshake. if unspecified, ngrok will choose an industry-safe default. This value must be null if terminate_at is set to upstream.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edges https delete

Delete an HTTPS Edge by ID

Usage

ngrok api edges https delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edges https get

Get an HTTPS Edge by ID

Usage

ngrok api edges https get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edges https list

Returns a list of all HTTPS Edges on this account

Usage

ngrok api edges https list [flags]

Flags

Flag	Description
`--before-id`
`--limit`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edges https update

Updates an HTTPS Edge by ID. If a module is not specified in the update, it will not be modified. However, each module configuration that is specified will completely replace the existing value. There is no way to delete an existing module via this API, instead use the delete module API.

Usage

ngrok api edges https update <id> [flags]

Flags

Flag	Description
`--description`	human-readable description of what this edge will be used for; optional, max 255 bytes.
`--hostports`	hostports served by this edge
`--metadata`	arbitrary user-defined machine-readable data of this edge; optional, max 4096 bytes.
`--mutual-tls.certificate-authority-ids`	list of certificate authorities that will be used to validate the TLS client certificate presented by the initiator of the TLS connection
`--mutual-tls.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--tls-termination.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--tls-termination.min-version`	The minimum TLS version used for termination and advertised to the client during the TLS handshake. if unspecified, ngrok will choose an industry-safe default. This value must be null if terminate_at is set to upstream.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edges https-routes

SubCommands

Command	Description
create	Create an HTTPS Edge Route
delete	Delete an HTTPS Edge Route by ID
get	Get an HTTPS Edge Route by ID
update	Updates an HTTPS Edge Route by ID. If a module ...

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edges https-routes create

Create an HTTPS Edge Route

Usage

ngrok api edges https-routes create <edge-id> [flags]

Flags

Flag	Description
`--backend.backend-id`	backend to be used to back this endpoint
`--backend.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--circuit-breaker.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--circuit-breaker.error-threshold-percentage`	Error threshold percentage should be between 0 - 1.0, not 0-100.0
`--circuit-breaker.num-buckets`	Integer number of buckets into which metrics are retained. Max 128.
`--circuit-breaker.rolling-window`	Integer number of seconds in the statistical rolling window that metrics are retained for.
`--circuit-breaker.tripped-duration`	Integer number of seconds after which the circuit is tripped to wait before re-evaluating upstream health
`--circuit-breaker.volume-threshold`	Integer number of requests in a rolling window that will trip the circuit. Helpful if traffic volume is low.
`--compression.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--description`	human-readable description of what this edge will be used for; optional, max 255 bytes.
`--ip-restriction.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--ip-restriction.ip-policy-ids`	list of all IP policies that will be used to check if a source IP is allowed access to the endpoint
`--match`	Route selector: "/blog" or "example.com" or "example.com/blog"
`--match-type`	Type of match to use for this route. Valid values are "exact_path" and "path_prefix".
`--metadata`	arbitrary user-defined machine-readable data of this edge. Optional, max 4096 bytes.
`--oauth.auth-check-interval`	Integer number of seconds after which ngrok guarantees it will refresh user state from the identity provider and recheck whether the user is still authorized to access the endpoint. This is the preferred tunable to use to enforce a minimum amount of time after which a revoked user will no longer be able to access the resource.
`--oauth.cookie-prefix`	the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'
`--oauth.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--oauth.inactivity-timeout`	Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.
`--oauth.maximum-duration`	Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.
`--oauth.options-passthrough`	Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.
`--oauth.provider.amazon.client-id`
`--oauth.provider.amazon.client-secret`
`--oauth.provider.amazon.email-addresses`
`--oauth.provider.amazon.email-domains`
`--oauth.provider.amazon.scopes`
`--oauth.provider.facebook.client-id`	the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well.
`--oauth.provider.facebook.client-secret`	the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id.
`--oauth.provider.facebook.email-addresses`	a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint
`--oauth.provider.facebook.email-domains`	a list of email domains of users authenticated by identity provider who are allowed access to the endpoint
`--oauth.provider.facebook.scopes`	a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes)
`--oauth.provider.github.client-id`	the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well.
`--oauth.provider.github.client-secret`	the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id.
`--oauth.provider.github.email-addresses`	a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint
`--oauth.provider.github.email-domains`	a list of email domains of users authenticated by identity provider who are allowed access to the endpoint
`--oauth.provider.github.organizations`	a list of github org identifiers. users who are members of any of the listed organizations will be allowed access. identifiers should be the organization's 'slug'
`--oauth.provider.github.scopes`	a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes)
`--oauth.provider.github.teams`	a list of github teams identifiers. users will be allowed access to the endpoint if they are a member of any of these teams. identifiers should be in the 'slug' format qualified with the org name, e.g. org-name/team-name
`--oauth.provider.gitlab.client-id`
`--oauth.provider.gitlab.client-secret`
`--oauth.provider.gitlab.email-addresses`
`--oauth.provider.gitlab.email-domains`
`--oauth.provider.gitlab.scopes`
`--oauth.provider.google.client-id`	the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well.
`--oauth.provider.google.client-secret`	the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id.
`--oauth.provider.google.email-addresses`	a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint
`--oauth.provider.google.email-domains`	a list of email domains of users authenticated by identity provider who are allowed access to the endpoint
`--oauth.provider.google.scopes`	a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes)
`--oauth.provider.linkedin.client-id`
`--oauth.provider.linkedin.client-secret`
`--oauth.provider.linkedin.email-addresses`
`--oauth.provider.linkedin.email-domains`
`--oauth.provider.linkedin.scopes`
`--oauth.provider.microsoft.client-id`	the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well.
`--oauth.provider.microsoft.client-secret`	the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id.
`--oauth.provider.microsoft.email-addresses`	a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint
`--oauth.provider.microsoft.email-domains`	a list of email domains of users authenticated by identity provider who are allowed access to the endpoint
`--oauth.provider.microsoft.scopes`	a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes)
`--oauth.provider.twitch.client-id`
`--oauth.provider.twitch.client-secret`
`--oauth.provider.twitch.email-addresses`
`--oauth.provider.twitch.email-domains`
`--oauth.provider.twitch.scopes`
`--oidc.client-id`	The OIDC app's client ID and OIDC audience.
`--oidc.client-secret`	The OIDC app's client secret.
`--oidc.cookie-prefix`	the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'
`--oidc.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--oidc.inactivity-timeout`	Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.
`--oidc.issuer`	URL of the OIDC "OpenID provider". This is the base URL used for discovery.
`--oidc.maximum-duration`	Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.
`--oidc.options-passthrough`	Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.
`--oidc.scopes`	The set of scopes to request from the OIDC identity provider.
`--request-headers.add`	a map of header key to header value that will be injected into the HTTP Request before being sent to the upstream application server
`--request-headers.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--request-headers.remove`	a list of header names that will be removed from the HTTP Request before being sent to the upstream application server
`--response-headers.add`	a map of header key to header value that will be injected into the HTTP Response returned to the HTTP client
`--response-headers.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--response-headers.remove`	a list of header names that will be removed from the HTTP Response returned to the HTTP client
`--saml.allow-idp-initiated`	If true, the IdP may initiate a login directly (e.g. the user does not need to visit the endpoint first and then be redirected). The IdP should set the RelayState parameter to the target URL of the resource they want the user to be redirected to after the SAML login assertion has been processed.
`--saml.authorized-groups`	If present, only users who are a member of one of the listed groups may access the target endpoint.
`--saml.cookie-prefix`	the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'
`--saml.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--saml.force-authn`	If true, indicates that whenever we redirect a user to the IdP for authentication that the IdP must prompt the user for authentication credentials even if the user already has a valid session with the IdP.
`--saml.idp-metadata`	The full XML IdP EntityDescriptor. Your IdP may provide this to you as a a file to download or as a URL.
`--saml.idp-metadata-url`	The IdP's metadata URL which returns the XML IdP EntityDescriptor. The IdP's metadata URL specifies how to connect to the IdP as well as its public key which is then used to validate the signature on incoming SAML assertions to the ACS endpoint.
`--saml.inactivity-timeout`	Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.
`--saml.maximum-duration`	Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.
`--saml.nameid-format`	Defines the name identifier format the SP expects the IdP to use in its assertions to identify subjects. If unspecified, a default value of urn:oasis:names:tc:SAML:2.0:nameid-format:persistent will be used. A subset of the allowed values enumerated by the SAML specification are supported.
`--saml.options-passthrough`	Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.
`--traffic-policy.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--traffic-policy.value`	the traffic policy that should be applied to the traffic on your endpoint.
`--user-agent-filter.allow`
`--user-agent-filter.deny`
`--user-agent-filter.enabled`
`--webhook-verification.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--webhook-verification.provider`	a string indicating which webhook provider will be sending webhooks to this endpoint. Value must be one of the supported providers defined at https://ngrok.com/docs/cloud-edge/modules/webhook-verification (https://ngrok.com/docs/cloud-edge/modules/webhook-verification)
`--webhook-verification.secret`	a string secret used to validate requests from the given provider. All providers except AWS SNS require a secret
`--websocket-tcp-converter.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edges https-routes delete

Delete an HTTPS Edge Route by ID

Usage

ngrok api edges https-routes delete <edge-id> <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edges https-routes get

Get an HTTPS Edge Route by ID

Usage

ngrok api edges https-routes get <edge-id> <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edges https-routes update

Updates an HTTPS Edge Route by ID. If a module is not specified in the update, it will not be modified. However, each module configuration that is specified will completely replace the existing value. There is no way to delete an existing module via this API, instead use the delete module API.

Usage

ngrok api edges https-routes update <edge-id> <id> [flags]

Flags

Flag	Description
`--backend.backend-id`	backend to be used to back this endpoint
`--backend.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--circuit-breaker.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--circuit-breaker.error-threshold-percentage`	Error threshold percentage should be between 0 - 1.0, not 0-100.0
`--circuit-breaker.num-buckets`	Integer number of buckets into which metrics are retained. Max 128.
`--circuit-breaker.rolling-window`	Integer number of seconds in the statistical rolling window that metrics are retained for.
`--circuit-breaker.tripped-duration`	Integer number of seconds after which the circuit is tripped to wait before re-evaluating upstream health
`--circuit-breaker.volume-threshold`	Integer number of requests in a rolling window that will trip the circuit. Helpful if traffic volume is low.
`--compression.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--description`	human-readable description of what this edge will be used for; optional, max 255 bytes.
`--ip-restriction.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--ip-restriction.ip-policy-ids`	list of all IP policies that will be used to check if a source IP is allowed access to the endpoint
`--match`	Route selector: "/blog" or "example.com" or "example.com/blog"
`--match-type`	Type of match to use for this route. Valid values are "exact_path" and "path_prefix".
`--metadata`	arbitrary user-defined machine-readable data of this edge. Optional, max 4096 bytes.
`--oauth.auth-check-interval`	Integer number of seconds after which ngrok guarantees it will refresh user state from the identity provider and recheck whether the user is still authorized to access the endpoint. This is the preferred tunable to use to enforce a minimum amount of time after which a revoked user will no longer be able to access the resource.
`--oauth.cookie-prefix`	the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'
`--oauth.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--oauth.inactivity-timeout`	Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.
`--oauth.maximum-duration`	Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.
`--oauth.options-passthrough`	Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.
`--oauth.provider.amazon.client-id`
`--oauth.provider.amazon.client-secret`
`--oauth.provider.amazon.email-addresses`
`--oauth.provider.amazon.email-domains`
`--oauth.provider.amazon.scopes`
`--oauth.provider.facebook.client-id`	the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well.
`--oauth.provider.facebook.client-secret`	the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id.
`--oauth.provider.facebook.email-addresses`	a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint
`--oauth.provider.facebook.email-domains`	a list of email domains of users authenticated by identity provider who are allowed access to the endpoint
`--oauth.provider.facebook.scopes`	a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes)
`--oauth.provider.github.client-id`	the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well.
`--oauth.provider.github.client-secret`	the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id.
`--oauth.provider.github.email-addresses`	a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint
`--oauth.provider.github.email-domains`	a list of email domains of users authenticated by identity provider who are allowed access to the endpoint
`--oauth.provider.github.organizations`	a list of github org identifiers. users who are members of any of the listed organizations will be allowed access. identifiers should be the organization's 'slug'
`--oauth.provider.github.scopes`	a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes)
`--oauth.provider.github.teams`	a list of github teams identifiers. users will be allowed access to the endpoint if they are a member of any of these teams. identifiers should be in the 'slug' format qualified with the org name, e.g. org-name/team-name
`--oauth.provider.gitlab.client-id`
`--oauth.provider.gitlab.client-secret`
`--oauth.provider.gitlab.email-addresses`
`--oauth.provider.gitlab.email-domains`
`--oauth.provider.gitlab.scopes`
`--oauth.provider.google.client-id`	the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well.
`--oauth.provider.google.client-secret`	the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id.
`--oauth.provider.google.email-addresses`	a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint
`--oauth.provider.google.email-domains`	a list of email domains of users authenticated by identity provider who are allowed access to the endpoint
`--oauth.provider.google.scopes`	a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes)
`--oauth.provider.linkedin.client-id`
`--oauth.provider.linkedin.client-secret`
`--oauth.provider.linkedin.email-addresses`
`--oauth.provider.linkedin.email-domains`
`--oauth.provider.linkedin.scopes`
`--oauth.provider.microsoft.client-id`	the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well.
`--oauth.provider.microsoft.client-secret`	the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id.
`--oauth.provider.microsoft.email-addresses`	a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint
`--oauth.provider.microsoft.email-domains`	a list of email domains of users authenticated by identity provider who are allowed access to the endpoint
`--oauth.provider.microsoft.scopes`	a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes)
`--oauth.provider.twitch.client-id`
`--oauth.provider.twitch.client-secret`
`--oauth.provider.twitch.email-addresses`
`--oauth.provider.twitch.email-domains`
`--oauth.provider.twitch.scopes`
`--oidc.client-id`	The OIDC app's client ID and OIDC audience.
`--oidc.client-secret`	The OIDC app's client secret.
`--oidc.cookie-prefix`	the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'
`--oidc.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--oidc.inactivity-timeout`	Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.
`--oidc.issuer`	URL of the OIDC "OpenID provider". This is the base URL used for discovery.
`--oidc.maximum-duration`	Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.
`--oidc.options-passthrough`	Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.
`--oidc.scopes`	The set of scopes to request from the OIDC identity provider.
`--request-headers.add`	a map of header key to header value that will be injected into the HTTP Request before being sent to the upstream application server
`--request-headers.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--request-headers.remove`	a list of header names that will be removed from the HTTP Request before being sent to the upstream application server
`--response-headers.add`	a map of header key to header value that will be injected into the HTTP Response returned to the HTTP client
`--response-headers.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--response-headers.remove`	a list of header names that will be removed from the HTTP Response returned to the HTTP client
`--saml.allow-idp-initiated`	If true, the IdP may initiate a login directly (e.g. the user does not need to visit the endpoint first and then be redirected). The IdP should set the RelayState parameter to the target URL of the resource they want the user to be redirected to after the SAML login assertion has been processed.
`--saml.authorized-groups`	If present, only users who are a member of one of the listed groups may access the target endpoint.
`--saml.cookie-prefix`	the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'
`--saml.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--saml.force-authn`	If true, indicates that whenever we redirect a user to the IdP for authentication that the IdP must prompt the user for authentication credentials even if the user already has a valid session with the IdP.
`--saml.idp-metadata`	The full XML IdP EntityDescriptor. Your IdP may provide this to you as a a file to download or as a URL.
`--saml.idp-metadata-url`	The IdP's metadata URL which returns the XML IdP EntityDescriptor. The IdP's metadata URL specifies how to connect to the IdP as well as its public key which is then used to validate the signature on incoming SAML assertions to the ACS endpoint.
`--saml.inactivity-timeout`	Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.
`--saml.maximum-duration`	Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.
`--saml.nameid-format`	Defines the name identifier format the SP expects the IdP to use in its assertions to identify subjects. If unspecified, a default value of urn:oasis:names:tc:SAML:2.0:nameid-format:persistent will be used. A subset of the allowed values enumerated by the SAML specification are supported.
`--saml.options-passthrough`	Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.
`--traffic-policy.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--traffic-policy.value`	the traffic policy that should be applied to the traffic on your endpoint.
`--user-agent-filter.allow`
`--user-agent-filter.deny`
`--user-agent-filter.enabled`
`--webhook-verification.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--webhook-verification.provider`	a string indicating which webhook provider will be sending webhooks to this endpoint. Value must be one of the supported providers defined at https://ngrok.com/docs/cloud-edge/modules/webhook-verification (https://ngrok.com/docs/cloud-edge/modules/webhook-verification)
`--webhook-verification.secret`	a string secret used to validate requests from the given provider. All providers except AWS SNS require a secret
`--websocket-tcp-converter.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edges tcp

SubCommands

Command	Description
create	Create a TCP Edge
delete	Delete a TCP Edge by ID
get	Get a TCP Edge by ID
list	Returns a list of all TCP Edges on this account
update	Updates a TCP Edge by ID. If a module is not sp...

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edges tcp create

Create a TCP Edge

Usage

ngrok api edges tcp create [flags]

Flags

Flag	Description
`--backend.backend-id`	backend to be used to back this endpoint
`--backend.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--description`	human-readable description of what this edge will be used for; optional, max 255 bytes.
`--hostports`	hostports served by this edge
`--ip-restriction.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--ip-restriction.ip-policy-ids`	list of all IP policies that will be used to check if a source IP is allowed access to the endpoint
`--metadata`	arbitrary user-defined machine-readable data of this edge. Optional, max 4096 bytes.
`--traffic-policy.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--traffic-policy.value`	the traffic policy that should be applied to the traffic on your endpoint.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edges tcp delete

Delete a TCP Edge by ID

Usage

ngrok api edges tcp delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edges tcp get

Get a TCP Edge by ID

Usage

ngrok api edges tcp get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edges tcp list

Returns a list of all TCP Edges on this account

Usage

ngrok api edges tcp list [flags]

Flags

Flag	Description
`--before-id`
`--limit`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edges tcp update

Updates a TCP Edge by ID. If a module is not specified in the update, it will not be modified. However, each module configuration that is specified will completely replace the existing value. There is no way to delete an existing module via this API, instead use the delete module API.

Usage

ngrok api edges tcp update <id> [flags]

Flags

Flag	Description
`--backend.backend-id`	backend to be used to back this endpoint
`--backend.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--description`	human-readable description of what this edge will be used for; optional, max 255 bytes.
`--hostports`	hostports served by this edge
`--ip-restriction.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--ip-restriction.ip-policy-ids`	list of all IP policies that will be used to check if a source IP is allowed access to the endpoint
`--metadata`	arbitrary user-defined machine-readable data of this edge. Optional, max 4096 bytes.
`--traffic-policy.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--traffic-policy.value`	the traffic policy that should be applied to the traffic on your endpoint.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edges tls

SubCommands

Command	Description
create	Create a TLS Edge
delete	Delete a TLS Edge by ID
get	Get a TLS Edge by ID
list	Returns a list of all TLS Edges on this account
update	Updates a TLS Edge by ID. If a module is not sp...

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edges tls create

Create a TLS Edge

Usage

ngrok api edges tls create [flags]

Flags

Flag	Description
`--backend.backend-id`	backend to be used to back this endpoint
`--backend.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--description`	human-readable description of what this edge will be used for; optional, max 255 bytes.
`--hostports`	hostports served by this edge
`--ip-restriction.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--ip-restriction.ip-policy-ids`	list of all IP policies that will be used to check if a source IP is allowed access to the endpoint
`--metadata`	arbitrary user-defined machine-readable data of this edge. Optional, max 4096 bytes.
`--mutual-tls.certificate-authority-ids`	list of certificate authorities that will be used to validate the TLS client certificate presented by the initiator of the TLS connection
`--mutual-tls.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--tls-termination.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--tls-termination.min-version`	The minimum TLS version used for termination and advertised to the client during the TLS handshake. if unspecified, ngrok will choose an industry-safe default. This value must be null if terminate_at is set to upstream.
`--tls-termination.terminate-at`	edge if the ngrok edge should terminate TLS traffic, upstream if TLS traffic should be passed through to the upstream ngrok agent / application server for termination. if upstream is chosen, most other modules will be disallowed because they rely on the ngrok edge being able to access the underlying traffic.
`--traffic-policy.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--traffic-policy.value`	the traffic policy that should be applied to the traffic on your endpoint.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edges tls delete

Delete a TLS Edge by ID

Usage

ngrok api edges tls delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edges tls get

Get a TLS Edge by ID

Usage

ngrok api edges tls get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edges tls list

Returns a list of all TLS Edges on this account

Usage

ngrok api edges tls list [flags]

Flags

Flag	Description
`--before-id`
`--limit`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api edges tls update

Updates a TLS Edge by ID. If a module is not specified in the update, it will not be modified. However, each module configuration that is specified will completely replace the existing value. There is no way to delete an existing module via this API, instead use the delete module API.

Usage

ngrok api edges tls update <id> [flags]

Flags

Flag	Description
`--backend.backend-id`	backend to be used to back this endpoint
`--backend.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--description`	human-readable description of what this edge will be used for; optional, max 255 bytes.
`--hostports`	hostports served by this edge
`--ip-restriction.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--ip-restriction.ip-policy-ids`	list of all IP policies that will be used to check if a source IP is allowed access to the endpoint
`--metadata`	arbitrary user-defined machine-readable data of this edge. Optional, max 4096 bytes.
`--mutual-tls.certificate-authority-ids`	list of certificate authorities that will be used to validate the TLS client certificate presented by the initiator of the TLS connection
`--mutual-tls.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--tls-termination.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--tls-termination.min-version`	The minimum TLS version used for termination and advertised to the client during the TLS handshake. if unspecified, ngrok will choose an industry-safe default. This value must be null if terminate_at is set to upstream.
`--tls-termination.terminate-at`	edge if the ngrok edge should terminate TLS traffic, upstream if TLS traffic should be passed through to the upstream ngrok agent / application server for termination. if upstream is chosen, most other modules will be disallowed because they rely on the ngrok edge being able to access the underlying traffic.
`--traffic-policy.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--traffic-policy.value`	the traffic policy that should be applied to the traffic on your endpoint.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api endpoint-configurations

Endpoint Configurations are a reusable group of modules that encapsulate how traffic to a domain or address is handled. Endpoint configurations are only applied to Domains and TCP Addresses they have been attached to.

SubCommands

Command	Description
create	Create a new endpoint configuration
delete	Delete an endpoint configuration. This operatio...
get	Returns detailed information about an endpoint ...
list	Returns a list of all endpoint configurations o...
update	Updates an endpoint configuration. If a module ...

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api endpoint-configurations create

Create a new endpoint configuration

Usage

ngrok api endpoint-configurations create [flags]

Flags

Flag	Description
`--backend.backend-id`	backend to be used to back this endpoint
`--backend.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--basic-auth.allow-options`	true or false indicating whether to allow OPTIONS requests through without authentication which is necessary for CORS. default is false
`--basic-auth.auth-provider-id`	determines how the basic auth credentials are validated. Currently only the value agent is supported which means that credentials will be validated against the username and password specified by the ngrok agent's --basic-auth flag, if any.
`--basic-auth.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--basic-auth.realm`	an arbitrary string to be specified in as the 'realm' value in the WWW-Authenticate header. default is ngrok
`--circuit-breaker.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--circuit-breaker.error-threshold-percentage`	Error threshold percentage should be between 0 - 1.0, not 0-100.0
`--circuit-breaker.num-buckets`	Integer number of buckets into which metrics are retained. Max 128.
`--circuit-breaker.rolling-window`	Integer number of seconds in the statistical rolling window that metrics are retained for.
`--circuit-breaker.tripped-duration`	Integer number of seconds after which the circuit is tripped to wait before re-evaluating upstream health
`--circuit-breaker.volume-threshold`	Integer number of requests in a rolling window that will trip the circuit. Helpful if traffic volume is low.
`--compression.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--description`	human-readable description of what this endpoint configuration will be do when applied or what traffic it will be applied to. Optional, max 255 bytes
`--ip-policy.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--ip-policy.ip-policy-ids`	list of all IP policies that will be used to check if a source IP is allowed access to the endpoint
`--metadata`	arbitrary user-defined machine-readable data of this endpoint configuration. Optional, max 4096 bytes.
`--mutual-tls.certificate-authority-ids`	list of certificate authorities that will be used to validate the TLS client certificate presented by the initiator of the TLS connection
`--mutual-tls.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--oauth.auth-check-interval`	Integer number of seconds after which ngrok guarantees it will refresh user state from the identity provider and recheck whether the user is still authorized to access the endpoint. This is the preferred tunable to use to enforce a minimum amount of time after which a revoked user will no longer be able to access the resource.
`--oauth.cookie-prefix`	the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'
`--oauth.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--oauth.inactivity-timeout`	Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.
`--oauth.maximum-duration`	Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.
`--oauth.options-passthrough`	Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.
`--oauth.provider.amazon.client-id`
`--oauth.provider.amazon.client-secret`
`--oauth.provider.amazon.email-addresses`
`--oauth.provider.amazon.email-domains`
`--oauth.provider.amazon.scopes`
`--oauth.provider.facebook.client-id`	the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well.
`--oauth.provider.facebook.client-secret`	the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id.
`--oauth.provider.facebook.email-addresses`	a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint
`--oauth.provider.facebook.email-domains`	a list of email domains of users authenticated by identity provider who are allowed access to the endpoint
`--oauth.provider.facebook.scopes`	a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes)
`--oauth.provider.github.client-id`	the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well.
`--oauth.provider.github.client-secret`	the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id.
`--oauth.provider.github.email-addresses`	a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint
`--oauth.provider.github.email-domains`	a list of email domains of users authenticated by identity provider who are allowed access to the endpoint
`--oauth.provider.github.organizations`	a list of github org identifiers. users who are members of any of the listed organizations will be allowed access. identifiers should be the organization's 'slug'
`--oauth.provider.github.scopes`	a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes)
`--oauth.provider.github.teams`	a list of github teams identifiers. users will be allowed access to the endpoint if they are a member of any of these teams. identifiers should be in the 'slug' format qualified with the org name, e.g. org-name/team-name
`--oauth.provider.gitlab.client-id`
`--oauth.provider.gitlab.client-secret`
`--oauth.provider.gitlab.email-addresses`
`--oauth.provider.gitlab.email-domains`
`--oauth.provider.gitlab.scopes`
`--oauth.provider.google.client-id`	the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well.
`--oauth.provider.google.client-secret`	the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id.
`--oauth.provider.google.email-addresses`	a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint
`--oauth.provider.google.email-domains`	a list of email domains of users authenticated by identity provider who are allowed access to the endpoint
`--oauth.provider.google.scopes`	a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes)
`--oauth.provider.linkedin.client-id`
`--oauth.provider.linkedin.client-secret`
`--oauth.provider.linkedin.email-addresses`
`--oauth.provider.linkedin.email-domains`
`--oauth.provider.linkedin.scopes`
`--oauth.provider.microsoft.client-id`	the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well.
`--oauth.provider.microsoft.client-secret`	the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id.
`--oauth.provider.microsoft.email-addresses`	a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint
`--oauth.provider.microsoft.email-domains`	a list of email domains of users authenticated by identity provider who are allowed access to the endpoint
`--oauth.provider.microsoft.scopes`	a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes)
`--oauth.provider.twitch.client-id`
`--oauth.provider.twitch.client-secret`
`--oauth.provider.twitch.email-addresses`
`--oauth.provider.twitch.email-domains`
`--oauth.provider.twitch.scopes`
`--oidc.client-id`	The OIDC app's client ID and OIDC audience.
`--oidc.client-secret`	The OIDC app's client secret.
`--oidc.cookie-prefix`	the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'
`--oidc.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--oidc.inactivity-timeout`	Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.
`--oidc.issuer`	URL of the OIDC "OpenID provider". This is the base URL used for discovery.
`--oidc.maximum-duration`	Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.
`--oidc.options-passthrough`	Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.
`--oidc.scopes`	The set of scopes to request from the OIDC identity provider.
`--request-headers.add`	a map of header key to header value that will be injected into the HTTP Request before being sent to the upstream application server
`--request-headers.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--request-headers.remove`	a list of header names that will be removed from the HTTP Request before being sent to the upstream application server
`--response-headers.add`	a map of header key to header value that will be injected into the HTTP Response returned to the HTTP client
`--response-headers.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--response-headers.remove`	a list of header names that will be removed from the HTTP Response returned to the HTTP client
`--saml.allow-idp-initiated`	If true, the IdP may initiate a login directly (e.g. the user does not need to visit the endpoint first and then be redirected). The IdP should set the RelayState parameter to the target URL of the resource they want the user to be redirected to after the SAML login assertion has been processed.
`--saml.authorized-groups`	If present, only users who are a member of one of the listed groups may access the target endpoint.
`--saml.cookie-prefix`	the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'
`--saml.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--saml.force-authn`	If true, indicates that whenever we redirect a user to the IdP for authentication that the IdP must prompt the user for authentication credentials even if the user already has a valid session with the IdP.
`--saml.idp-metadata`	The full XML IdP EntityDescriptor. Your IdP may provide this to you as a a file to download or as a URL.
`--saml.idp-metadata-url`	The IdP's metadata URL which returns the XML IdP EntityDescriptor. The IdP's metadata URL specifies how to connect to the IdP as well as its public key which is then used to validate the signature on incoming SAML assertions to the ACS endpoint.
`--saml.inactivity-timeout`	Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.
`--saml.maximum-duration`	Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.
`--saml.nameid-format`	Defines the name identifier format the SP expects the IdP to use in its assertions to identify subjects. If unspecified, a default value of urn:oasis:names:tc:SAML:2.0:nameid-format:persistent will be used. A subset of the allowed values enumerated by the SAML specification are supported.
`--saml.options-passthrough`	Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.
`--tls-termination.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--tls-termination.min-version`	The minimum TLS version used for termination and advertised to the client during the TLS handshake. if unspecified, ngrok will choose an industry-safe default. This value must be null if terminate_at is set to upstream.
`--tls-termination.terminate-at`	edge if the ngrok edge should terminate TLS traffic, upstream if TLS traffic should be passed through to the upstream ngrok agent / application server for termination. if upstream is chosen, most other modules will be disallowed because they rely on the ngrok edge being able to access the underlying traffic.
`--type`	they type of traffic this endpoint configuration can be applied to. one of: http, https, tcp
`--webhook-validation.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--webhook-validation.provider`	a string indicating which webhook provider will be sending webhooks to this endpoint. Value must be one of the supported providers defined at https://ngrok.com/docs/cloud-edge/modules/webhook-verification (https://ngrok.com/docs/cloud-edge/modules/webhook-verification)
`--webhook-validation.secret`	a string secret used to validate requests from the given provider. All providers except AWS SNS require a secret
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api endpoint-configurations delete

Delete an endpoint configuration. This operation will fail if the endpoint configuration is still referenced by any reserved domain or reserved address.

Usage

ngrok api endpoint-configurations delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api endpoint-configurations get

Returns detailed information about an endpoint configuration

Usage

ngrok api endpoint-configurations get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api endpoint-configurations list

Returns a list of all endpoint configurations on this account

Usage

ngrok api endpoint-configurations list [flags]

Flags

Flag	Description
`--before-id`
`--limit`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api endpoint-configurations update

Updates an endpoint configuration. If a module is not specified in the update, it will not be modified. However, each module configuration that is specified will completely replace the existing value. There is no way to delete an existing module via this API, instead use the delete module API.

Usage

ngrok api endpoint-configurations update <id> [flags]

Flags

Flag	Description
`--backend.backend-id`	backend to be used to back this endpoint
`--backend.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--basic-auth.allow-options`	true or false indicating whether to allow OPTIONS requests through without authentication which is necessary for CORS. default is false
`--basic-auth.auth-provider-id`	determines how the basic auth credentials are validated. Currently only the value agent is supported which means that credentials will be validated against the username and password specified by the ngrok agent's --basic-auth flag, if any.
`--basic-auth.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--basic-auth.realm`	an arbitrary string to be specified in as the 'realm' value in the WWW-Authenticate header. default is ngrok
`--circuit-breaker.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--circuit-breaker.error-threshold-percentage`	Error threshold percentage should be between 0 - 1.0, not 0-100.0
`--circuit-breaker.num-buckets`	Integer number of buckets into which metrics are retained. Max 128.
`--circuit-breaker.rolling-window`	Integer number of seconds in the statistical rolling window that metrics are retained for.
`--circuit-breaker.tripped-duration`	Integer number of seconds after which the circuit is tripped to wait before re-evaluating upstream health
`--circuit-breaker.volume-threshold`	Integer number of requests in a rolling window that will trip the circuit. Helpful if traffic volume is low.
`--compression.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--description`	human-readable description of what this endpoint configuration will be do when applied or what traffic it will be applied to. Optional, max 255 bytes
`--ip-policy.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--ip-policy.ip-policy-ids`	list of all IP policies that will be used to check if a source IP is allowed access to the endpoint
`--metadata`	arbitrary user-defined machine-readable data of this endpoint configuration. Optional, max 4096 bytes.
`--mutual-tls.certificate-authority-ids`	list of certificate authorities that will be used to validate the TLS client certificate presented by the initiator of the TLS connection
`--mutual-tls.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--oauth.auth-check-interval`	Integer number of seconds after which ngrok guarantees it will refresh user state from the identity provider and recheck whether the user is still authorized to access the endpoint. This is the preferred tunable to use to enforce a minimum amount of time after which a revoked user will no longer be able to access the resource.
`--oauth.cookie-prefix`	the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'
`--oauth.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--oauth.inactivity-timeout`	Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.
`--oauth.maximum-duration`	Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.
`--oauth.options-passthrough`	Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.
`--oauth.provider.amazon.client-id`
`--oauth.provider.amazon.client-secret`
`--oauth.provider.amazon.email-addresses`
`--oauth.provider.amazon.email-domains`
`--oauth.provider.amazon.scopes`
`--oauth.provider.facebook.client-id`	the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well.
`--oauth.provider.facebook.client-secret`	the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id.
`--oauth.provider.facebook.email-addresses`	a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint
`--oauth.provider.facebook.email-domains`	a list of email domains of users authenticated by identity provider who are allowed access to the endpoint
`--oauth.provider.facebook.scopes`	a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes)
`--oauth.provider.github.client-id`	the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well.
`--oauth.provider.github.client-secret`	the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id.
`--oauth.provider.github.email-addresses`	a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint
`--oauth.provider.github.email-domains`	a list of email domains of users authenticated by identity provider who are allowed access to the endpoint
`--oauth.provider.github.organizations`	a list of github org identifiers. users who are members of any of the listed organizations will be allowed access. identifiers should be the organization's 'slug'
`--oauth.provider.github.scopes`	a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes)
`--oauth.provider.github.teams`	a list of github teams identifiers. users will be allowed access to the endpoint if they are a member of any of these teams. identifiers should be in the 'slug' format qualified with the org name, e.g. org-name/team-name
`--oauth.provider.gitlab.client-id`
`--oauth.provider.gitlab.client-secret`
`--oauth.provider.gitlab.email-addresses`
`--oauth.provider.gitlab.email-domains`
`--oauth.provider.gitlab.scopes`
`--oauth.provider.google.client-id`	the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well.
`--oauth.provider.google.client-secret`	the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id.
`--oauth.provider.google.email-addresses`	a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint
`--oauth.provider.google.email-domains`	a list of email domains of users authenticated by identity provider who are allowed access to the endpoint
`--oauth.provider.google.scopes`	a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes)
`--oauth.provider.linkedin.client-id`
`--oauth.provider.linkedin.client-secret`
`--oauth.provider.linkedin.email-addresses`
`--oauth.provider.linkedin.email-domains`
`--oauth.provider.linkedin.scopes`
`--oauth.provider.microsoft.client-id`	the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well.
`--oauth.provider.microsoft.client-secret`	the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id.
`--oauth.provider.microsoft.email-addresses`	a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint
`--oauth.provider.microsoft.email-domains`	a list of email domains of users authenticated by identity provider who are allowed access to the endpoint
`--oauth.provider.microsoft.scopes`	a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes)
`--oauth.provider.twitch.client-id`
`--oauth.provider.twitch.client-secret`
`--oauth.provider.twitch.email-addresses`
`--oauth.provider.twitch.email-domains`
`--oauth.provider.twitch.scopes`
`--oidc.client-id`	The OIDC app's client ID and OIDC audience.
`--oidc.client-secret`	The OIDC app's client secret.
`--oidc.cookie-prefix`	the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'
`--oidc.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--oidc.inactivity-timeout`	Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.
`--oidc.issuer`	URL of the OIDC "OpenID provider". This is the base URL used for discovery.
`--oidc.maximum-duration`	Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.
`--oidc.options-passthrough`	Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.
`--oidc.scopes`	The set of scopes to request from the OIDC identity provider.
`--request-headers.add`	a map of header key to header value that will be injected into the HTTP Request before being sent to the upstream application server
`--request-headers.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--request-headers.remove`	a list of header names that will be removed from the HTTP Request before being sent to the upstream application server
`--response-headers.add`	a map of header key to header value that will be injected into the HTTP Response returned to the HTTP client
`--response-headers.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--response-headers.remove`	a list of header names that will be removed from the HTTP Response returned to the HTTP client
`--saml.allow-idp-initiated`	If true, the IdP may initiate a login directly (e.g. the user does not need to visit the endpoint first and then be redirected). The IdP should set the RelayState parameter to the target URL of the resource they want the user to be redirected to after the SAML login assertion has been processed.
`--saml.authorized-groups`	If present, only users who are a member of one of the listed groups may access the target endpoint.
`--saml.cookie-prefix`	the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'
`--saml.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--saml.force-authn`	If true, indicates that whenever we redirect a user to the IdP for authentication that the IdP must prompt the user for authentication credentials even if the user already has a valid session with the IdP.
`--saml.idp-metadata`	The full XML IdP EntityDescriptor. Your IdP may provide this to you as a a file to download or as a URL.
`--saml.idp-metadata-url`	The IdP's metadata URL which returns the XML IdP EntityDescriptor. The IdP's metadata URL specifies how to connect to the IdP as well as its public key which is then used to validate the signature on incoming SAML assertions to the ACS endpoint.
`--saml.inactivity-timeout`	Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.
`--saml.maximum-duration`	Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.
`--saml.nameid-format`	Defines the name identifier format the SP expects the IdP to use in its assertions to identify subjects. If unspecified, a default value of urn:oasis:names:tc:SAML:2.0:nameid-format:persistent will be used. A subset of the allowed values enumerated by the SAML specification are supported.
`--saml.options-passthrough`	Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.
`--tls-termination.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--tls-termination.min-version`	The minimum TLS version used for termination and advertised to the client during the TLS handshake. if unspecified, ngrok will choose an industry-safe default. This value must be null if terminate_at is set to upstream.
`--tls-termination.terminate-at`	edge if the ngrok edge should terminate TLS traffic, upstream if TLS traffic should be passed through to the upstream ngrok agent / application server for termination. if upstream is chosen, most other modules will be disallowed because they rely on the ngrok edge being able to access the underlying traffic.
`--webhook-validation.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--webhook-validation.provider`	a string indicating which webhook provider will be sending webhooks to this endpoint. Value must be one of the supported providers defined at https://ngrok.com/docs/cloud-edge/modules/webhook-verification (https://ngrok.com/docs/cloud-edge/modules/webhook-verification)
`--webhook-validation.secret`	a string secret used to validate requests from the given provider. All providers except AWS SNS require a secret
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api endpoints

Endpoints provides an API for querying the endpoint objects which define what tunnel or edge is used to serve a hostport. Only active endpoints associated with a tunnel or backend are returned.

SubCommands

Command	Description
create	Create an endpoint, currently available only fo...
delete	Delete an Endpoint by ID, currently available o...
get	Get the status of an endpoint by ID
list	List all active endpoints on the account
update	Update an Endpoint by ID, currently available o...

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api endpoints create

Create an endpoint, currently available only for cloud endpoints

Usage

ngrok api endpoints create [flags]

Flags

Flag	Description
`--bindings`	the bindings associated with this endpoint
`--description`	user-supplied description of the associated tunnel
`--metadata`	user-supplied metadata of the associated tunnel or edge object
`--traffic-policy`	The traffic policy attached to this endpoint
`--type`	whether the endpoint is ephemeral (served directly by an agent-initiated tunnel) or edge (served by an edge) or cloud (represents a cloud endpoint)
`--url`	the url of the endpoint
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api endpoints delete

Delete an Endpoint by ID, currently available only for cloud endpoints

Usage

ngrok api endpoints delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api endpoints get

Get the status of an endpoint by ID

Usage

ngrok api endpoints get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api endpoints list

List all active endpoints on the account

Usage

ngrok api endpoints list [flags]

Flags

Flag	Description
`--before-id`
`--limit`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api endpoints update

Update an Endpoint by ID, currently available only for cloud endpoints

Usage

ngrok api endpoints update <id> [flags]

Flags

Flag	Description
`--bindings`	the bindings associated with this endpoint
`--description`	user-supplied description of the associated tunnel
`--metadata`	user-supplied metadata of the associated tunnel or edge object
`--traffic-policy`	The traffic policy attached to this endpoint
`--url`	the url of the endpoint
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api event-destinations

SubCommands

Command	Description
create	Create a new Event Destination. It will not app...
delete	Delete an Event Destination. If the Event Desti...
get	Get detailed information about an Event Destina...
list	List all Event Destinations on this account.
send-test-event	Send a test event to an Event Destination
update	Update attributes of an Event Destination.

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api event-destinations create

Create a new Event Destination. It will not apply to anything until it is associated with an Event Subscription.

Usage

ngrok api event-destinations create [flags]

Flags

Flag	Description
`--description`	Human-readable description of the Event Destination. Optional, max 255 bytes.
`--format`	The output format you would like to serialize events into when sending to their target. Currently the only accepted value is JSON.
`--metadata`	Arbitrary user-defined machine-readable data of this Event Destination. Optional, max 4096 bytes.
`--target.azure-logs-ingestion.client-id`	Client ID for the application client
`--target.azure-logs-ingestion.client-secret`	Client Secret for the application client
`--target.azure-logs-ingestion.data-collection-rule-id`	Data collection rule immutable ID
`--target.azure-logs-ingestion.data-collection-stream-name`	Data collection stream name to use as destination, located inside the DCR
`--target.azure-logs-ingestion.logs-ingestion-uri`	Data collection endpoint logs ingestion URI
`--target.azure-logs-ingestion.tenant-id`	Tenant ID for the Azure account
`--target.cloudwatch-logs.auth.creds.aws-access-key-id`	The ID portion of an AWS access key.
`--target.cloudwatch-logs.auth.creds.aws-secret-access-key`	The secret portion of an AWS access key.
`--target.cloudwatch-logs.auth.role.role-arn`	An ARN that specifies the role that ngrok should use to deliver to the configured target.
`--target.cloudwatch-logs.log-group-arn`	An Amazon Resource Name specifying the CloudWatch Logs group to deposit events into.
`--target.datadog.api-key`	Datadog API key to use.
`--target.datadog.ddsite`	Datadog site to send event to.
`--target.datadog.ddtags`	Tags to send with the event.
`--target.datadog.service`	Service name to send with the event.
`--target.debug.callback-url`	URL to send events to.
`--target.debug.log`	Whether or not to output to publisher service logs.
`--target.firehose.auth.creds.aws-access-key-id`	The ID portion of an AWS access key.
`--target.firehose.auth.creds.aws-secret-access-key`	The secret portion of an AWS access key.
`--target.firehose.auth.role.role-arn`	An ARN that specifies the role that ngrok should use to deliver to the configured target.
`--target.firehose.delivery-stream-arn`	An Amazon Resource Name specifying the Firehose delivery stream to deposit events into.
`--target.kinesis.auth.creds.aws-access-key-id`	The ID portion of an AWS access key.
`--target.kinesis.auth.creds.aws-secret-access-key`	The secret portion of an AWS access key.
`--target.kinesis.auth.role.role-arn`	An ARN that specifies the role that ngrok should use to deliver to the configured target.
`--target.kinesis.stream-arn`	An Amazon Resource Name specifying the Kinesis stream to deposit events into.
`--verify-with-test-event`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api event-destinations delete

Delete an Event Destination. If the Event Destination is still referenced by an Event Subscription.

Usage

ngrok api event-destinations delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api event-destinations get

Get detailed information about an Event Destination by ID.

Usage

ngrok api event-destinations get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api event-destinations list

List all Event Destinations on this account.

Usage

ngrok api event-destinations list [flags]

Flags

Flag	Description
`--before-id`
`--limit`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api event-destinations send-test-event

Send a test event to an Event Destination

Usage

ngrok api event-destinations send-test-event <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api event-destinations update

Update attributes of an Event Destination.

Usage

ngrok api event-destinations update <id> [flags]

Flags

Flag	Description
`--description`	Human-readable description of the Event Destination. Optional, max 255 bytes.
`--format`	The output format you would like to serialize events into when sending to their target. Currently the only accepted value is JSON.
`--metadata`	Arbitrary user-defined machine-readable data of this Event Destination. Optional, max 4096 bytes.
`--target.azure-logs-ingestion.client-id`	Client ID for the application client
`--target.azure-logs-ingestion.client-secret`	Client Secret for the application client
`--target.azure-logs-ingestion.data-collection-rule-id`	Data collection rule immutable ID
`--target.azure-logs-ingestion.data-collection-stream-name`	Data collection stream name to use as destination, located inside the DCR
`--target.azure-logs-ingestion.logs-ingestion-uri`	Data collection endpoint logs ingestion URI
`--target.azure-logs-ingestion.tenant-id`	Tenant ID for the Azure account
`--target.cloudwatch-logs.auth.creds.aws-access-key-id`	The ID portion of an AWS access key.
`--target.cloudwatch-logs.auth.creds.aws-secret-access-key`	The secret portion of an AWS access key.
`--target.cloudwatch-logs.auth.role.role-arn`	An ARN that specifies the role that ngrok should use to deliver to the configured target.
`--target.cloudwatch-logs.log-group-arn`	An Amazon Resource Name specifying the CloudWatch Logs group to deposit events into.
`--target.datadog.api-key`	Datadog API key to use.
`--target.datadog.ddsite`	Datadog site to send event to.
`--target.datadog.ddtags`	Tags to send with the event.
`--target.datadog.service`	Service name to send with the event.
`--target.debug.callback-url`	URL to send events to.
`--target.debug.log`	Whether or not to output to publisher service logs.
`--target.firehose.auth.creds.aws-access-key-id`	The ID portion of an AWS access key.
`--target.firehose.auth.creds.aws-secret-access-key`	The secret portion of an AWS access key.
`--target.firehose.auth.role.role-arn`	An ARN that specifies the role that ngrok should use to deliver to the configured target.
`--target.firehose.delivery-stream-arn`	An Amazon Resource Name specifying the Firehose delivery stream to deposit events into.
`--target.kinesis.auth.creds.aws-access-key-id`	The ID portion of an AWS access key.
`--target.kinesis.auth.creds.aws-secret-access-key`	The secret portion of an AWS access key.
`--target.kinesis.auth.role.role-arn`	An ARN that specifies the role that ngrok should use to deliver to the configured target.
`--target.kinesis.stream-arn`	An Amazon Resource Name specifying the Kinesis stream to deposit events into.
`--verify-with-test-event`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api event-sources

SubCommands

Command	Description
create	Add an additional type for which this event sub...
delete	Remove a type for which this event subscription...
get	Get the details for a given type that triggers ...
list	List the types for which this event subscriptio...
update	Update the type for which this event subscripti...

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api event-sources create

Add an additional type for which this event subscription will trigger

Usage

ngrok api event-sources create [flags]

Flags

Flag	Description
`--fields`	TODO
`--filter`	TODO
`--subscription-id`	The unique identifier for the Event Subscription that this Event Source is attached to.
`--type`	Type of event for which an event subscription will trigger
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api event-sources delete

Remove a type for which this event subscription will trigger

Usage

ngrok api event-sources delete [flags]

Flags

Flag	Description
`--subscription-id`	The unique identifier for the Event Subscription that this Event Source is attached to.
`--type`	Type of event for which an event subscription will trigger
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api event-sources get

Get the details for a given type that triggers for the given event subscription

Usage

ngrok api event-sources get [flags]

Flags

Flag	Description
`--subscription-id`	The unique identifier for the Event Subscription that this Event Source is attached to.
`--type`	Type of event for which an event subscription will trigger
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api event-sources list

List the types for which this event subscription will trigger

Usage

ngrok api event-sources list <subscription-id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api event-sources update

Update the type for which this event subscription will trigger

Usage

ngrok api event-sources update [flags]

Flags

Flag	Description
`--fields`	TODO
`--filter`	TODO
`--subscription-id`	The unique identifier for the Event Subscription that this Event Source is attached to.
`--type`	Type of event for which an event subscription will trigger
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api event-subscriptions

SubCommands

Command	Description
create	Create an Event Subscription.
delete	Delete an Event Subscription.
get	Get an Event Subscription by ID.
list	List this Account's Event Subscriptions.
update	Update an Event Subscription.

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api event-subscriptions create

Create an Event Subscription.

Usage

ngrok api event-subscriptions create [flags]

Flags

Flag	Description
`--description`	Arbitrary customer supplied information intended to be human readable. Optional, max 255 chars.
`--destination-ids`	A list of Event Destination IDs which should be used for this Event Subscription.
`--metadata`	Arbitrary customer supplied information intended to be machine readable. Optional, max 4096 chars.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api event-subscriptions delete

Delete an Event Subscription.

Usage

ngrok api event-subscriptions delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api event-subscriptions get

Get an Event Subscription by ID.

Usage

ngrok api event-subscriptions get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api event-subscriptions list

List this Account's Event Subscriptions.

Usage

ngrok api event-subscriptions list [flags]

Flags

Flag	Description
`--before-id`
`--limit`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api event-subscriptions update

Update an Event Subscription.

Usage

ngrok api event-subscriptions update <id> [flags]

Flags

Flag	Description
`--description`	Arbitrary customer supplied information intended to be human readable. Optional, max 255 chars.
`--destination-ids`	A list of Event Destination IDs which should be used for this Event Subscription.
`--metadata`	Arbitrary customer supplied information intended to be machine readable. Optional, max 4096 chars.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ip-policies

IP Policies are reusable groups of CIDR ranges with an allow or deny action. They can be attached to endpoints via the Endpoint Configuration IP Policy module. They can also be used with IP Restrictions to control source IP ranges that can start tunnel sessions and connect to the API and dashboard.

SubCommands

Command	Description
create	Create a new IP policy. It will not apply to an...
delete	Delete an IP policy. If the IP policy is refere...
get	Get detailed information about an IP policy by ...
list	List all IP policies on this account
update	Update attributes of an IP policy by ID

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ip-policies create

Create a new IP policy. It will not apply to any traffic until you associate to a traffic source via an endpoint configuration or IP restriction.

Usage

ngrok api ip-policies create [flags]

Flags

Flag	Description
`--action`	this field is deprecated. Please leave it empty and use the ip policy rule object's "action" field instead. It is temporarily retained for backwards compatibility reasons.
`--description`	human-readable description of the source IPs of this IP policy. optional, max 255 bytes.
`--metadata`	arbitrary user-defined machine-readable data of this IP policy. optional, max 4096 bytes.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ip-policies delete

Delete an IP policy. If the IP policy is referenced by another object for the purposes of traffic restriction it will be treated as if the IP policy remains but has zero rules.

Usage

ngrok api ip-policies delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ip-policies get

Get detailed information about an IP policy by ID.

Usage

ngrok api ip-policies get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ip-policies list

List all IP policies on this account

Usage

ngrok api ip-policies list [flags]

Flags

Flag	Description
`--before-id`
`--limit`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ip-policies update

Update attributes of an IP policy by ID

Usage

ngrok api ip-policies update <id> [flags]

Flags

Flag	Description
`--description`	human-readable description of the source IPs of this IP policy. optional, max 255 bytes.
`--metadata`	arbitrary user-defined machine-readable data of this IP policy. optional, max 4096 bytes.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ip-policy-rules

IP Policy Rules are the IPv4 or IPv6 CIDRs entries that make up an IP Policy.

SubCommands

Command	Description
create	Create a new IP policy rule attached to an IP P...
delete	Delete an IP policy rule.
get	Get detailed information about an IP policy rul...
list	List all IP policy rules on this account
update	Update attributes of an IP policy rule by ID

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ip-policy-rules create

Create a new IP policy rule attached to an IP Policy.

Usage

ngrok api ip-policy-rules create [flags]

Flags

Flag	Description
`--action`	the action to apply to the policy rule, either allow or deny
`--cidr`	an IP or IP range specified in CIDR notation. IPv4 and IPv6 are both supported.
`--description`	human-readable description of the source IPs of this IP rule. optional, max 255 bytes.
`--ip-policy-id`	ID of the IP policy this IP policy rule will be attached to
`--metadata`	arbitrary user-defined machine-readable data of this IP policy rule. optional, max 4096 bytes.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ip-policy-rules delete

Delete an IP policy rule.

Usage

ngrok api ip-policy-rules delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ip-policy-rules get

Get detailed information about an IP policy rule by ID.

Usage

ngrok api ip-policy-rules get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ip-policy-rules list

List all IP policy rules on this account

Usage

ngrok api ip-policy-rules list [flags]

Flags

Flag	Description
`--before-id`
`--limit`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ip-policy-rules update

Update attributes of an IP policy rule by ID

Usage

ngrok api ip-policy-rules update <id> [flags]

Flags

Flag	Description
`--cidr`	an IP or IP range specified in CIDR notation. IPv4 and IPv6 are both supported.
`--description`	human-readable description of the source IPs of this IP rule. optional, max 255 bytes.
`--metadata`	arbitrary user-defined machine-readable data of this IP policy rule. optional, max 4096 bytes.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ip-restrictions

An IP restriction is a restriction placed on the CIDRs that are allowed to initiate traffic to a specific aspect of your ngrok account. An IP restriction has a type which defines the ingress it applies to. IP restrictions can be used to enforce the source IPs that can make API requests, log in to the dashboard, start ngrok agents, and connect to your public-facing endpoints.

SubCommands

Command	Description
create	Create a new IP restriction
delete	Delete an IP restriction
get	Get detailed information about an IP restriction
list	List all IP restrictions on this account
update	Update attributes of an IP restriction by ID

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ip-restrictions create

Create a new IP restriction

Usage

ngrok api ip-restrictions create [flags]

Flags

Flag	Description
`--description`	human-readable description of this IP restriction. optional, max 255 bytes.
`--enforced`	true if the IP restriction will be enforced. if false, only warnings will be issued
`--ip-policy-ids`	the set of IP policy identifiers that are used to enforce the restriction
`--metadata`	arbitrary user-defined machine-readable data of this IP restriction. optional, max 4096 bytes.
`--type`	the type of IP restriction. this defines what traffic will be restricted with the attached policies. four values are currently supported: dashboard, api, agent, and endpoints
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ip-restrictions delete

Delete an IP restriction

Usage

ngrok api ip-restrictions delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ip-restrictions get

Get detailed information about an IP restriction

Usage

ngrok api ip-restrictions get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ip-restrictions list

List all IP restrictions on this account

Usage

ngrok api ip-restrictions list [flags]

Flags

Flag	Description
`--before-id`
`--limit`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ip-restrictions update

Update attributes of an IP restriction by ID

Usage

ngrok api ip-restrictions update <id> [flags]

Flags

Flag	Description
`--description`	human-readable description of this IP restriction. optional, max 255 bytes.
`--enforced`	true if the IP restriction will be enforced. if false, only warnings will be issued
`--ip-policy-ids`	the set of IP policy identifiers that are used to enforce the restriction
`--metadata`	arbitrary user-defined machine-readable data of this IP restriction. optional, max 4096 bytes.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api kubernetes-operators

KubernetesOperators is used by the Kubernetes Operator to register and manage its own resource, as well as for users to see active kubernetes clusters.

SubCommands

Command	Description
create	Create a new Kubernetes Operator
delete	Delete a Kubernetes Operator
get	Get of a Kubernetes Operator
get-bound-endpoints	List Endpoints bound to a Kubernetes Operator
list	List all Kubernetes Operators owned by this acc...
update	Update an existing Kubernetes operator by ID.

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api kubernetes-operators create

Create a new Kubernetes Operator

Usage

ngrok api kubernetes-operators create [flags]

Flags

Flag	Description
`--binding.allowed-urls`	the regexes for urls allowed to be bound to this operator
`--binding.csr`	CSR is supplied during initial creation to enable creating a mutual TLS secured connection between ngrok and the operator. This is an internal implementation detail and subject to change.
`--binding.ingress-endpoint`	the public ingress endpoint for this Kubernetes Operator
`--binding.name`	the name by which endpoints can be bound to this Kubernetes Operator. starts with "k8s/"
`--deployment.name`	the deployment name
`--deployment.namespace`	the namespace this Kubernetes Operator is deployed to
`--deployment.version`	the version of this Kubernetes Operator
`--description`	human-readable description of this Kubernetes Operator. optional, max 255 bytes.
`--enabled-features`	features enabled for this Kubernetes Operator. a subset of {"bindings", "ingress", and "gateway"}
`--metadata`	arbitrary user-defined machine-readable data of this Kubernetes Operator. optional, max 4096 bytes.
`--region`	the ngrok region in which the ingress for this operator is served. defaults to "global"
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api kubernetes-operators delete

Delete a Kubernetes Operator

Usage

ngrok api kubernetes-operators delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api kubernetes-operators get

Get of a Kubernetes Operator

Usage

ngrok api kubernetes-operators get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api kubernetes-operators get-bound-endpoints

List Endpoints bound to a Kubernetes Operator

Usage

ngrok api kubernetes-operators get-bound-endpoints <id> [flags]

Flags

Flag	Description
`--before-id`
`--limit`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api kubernetes-operators list

List all Kubernetes Operators owned by this account

Usage

ngrok api kubernetes-operators list [flags]

Flags

Flag	Description
`--before-id`
`--limit`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api kubernetes-operators update

Update an existing Kubernetes operator by ID.

Usage

ngrok api kubernetes-operators update <id> [flags]

Flags

Flag	Description
`--binding.allowed-urls`	the regexes for urls allowed to be bound to this operator
`--binding.csr`	CSR is supplied during initial creation to enable creating a mutual TLS secured connection between ngrok and the operator. This is an internal implementation detail and subject to change.
`--binding.ingress-endpoint`	the public ingress endpoint for this Kubernetes Operator
`--binding.name`	the name by which endpoints can be bound to this Kubernetes Operator. starts with "k8s/"
`--description`	human-readable description of this Kubernetes Operator. optional, max 255 bytes.
`--enabled-features`	features enabled for this Kubernetes Operator. a subset of {"bindings", "ingress", and "gateway"}
`--metadata`	arbitrary user-defined machine-readable data of this Kubernetes Operator. optional, max 4096 bytes.
`--region`	the ngrok region in which the ingress for this operator is served. defaults to "global"
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module

SubCommands

Command	Description
backend
basic-auth
circuit-breaker
compression
ip-policy
mutual-tls
oauth
oidc
request-headers
response-headers
saml
tls-termination
webhook-validation

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module backend

SubCommands

Command	Description
delete
get
replace

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module backend delete

Usage

ngrok api pointcfg-module backend delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module backend get

Usage

ngrok api pointcfg-module backend get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module backend replace

Usage

ngrok api pointcfg-module backend replace <id> [flags]

Flags

Flag	Description
`--module.backend-id`	backend to be used to back this endpoint
`--module.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module basic-auth

SubCommands

Command	Description
delete
get
replace

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module basic-auth delete

Usage

ngrok api pointcfg-module basic-auth delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module basic-auth get

Usage

ngrok api pointcfg-module basic-auth get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module basic-auth replace

Usage

ngrok api pointcfg-module basic-auth replace <id> [flags]

Flags

Flag	Description
`--module.allow-options`	true or false indicating whether to allow OPTIONS requests through without authentication which is necessary for CORS. default is false
`--module.auth-provider-id`	determines how the basic auth credentials are validated. Currently only the value agent is supported which means that credentials will be validated against the username and password specified by the ngrok agent's --basic-auth flag, if any.
`--module.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--module.realm`	an arbitrary string to be specified in as the 'realm' value in the WWW-Authenticate header. default is ngrok
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module circuit-breaker

SubCommands

Command	Description
delete
get
replace

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module circuit-breaker delete

Usage

ngrok api pointcfg-module circuit-breaker delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module circuit-breaker get

Usage

ngrok api pointcfg-module circuit-breaker get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module circuit-breaker replace

Usage

ngrok api pointcfg-module circuit-breaker replace <id> [flags]

Flags

Flag	Description
`--module.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--module.error-threshold-percentage`	Error threshold percentage should be between 0 - 1.0, not 0-100.0
`--module.num-buckets`	Integer number of buckets into which metrics are retained. Max 128.
`--module.rolling-window`	Integer number of seconds in the statistical rolling window that metrics are retained for.
`--module.tripped-duration`	Integer number of seconds after which the circuit is tripped to wait before re-evaluating upstream health
`--module.volume-threshold`	Integer number of requests in a rolling window that will trip the circuit. Helpful if traffic volume is low.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module compression

SubCommands

Command	Description
delete
get
replace

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module compression delete

Usage

ngrok api pointcfg-module compression delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module compression get

Usage

ngrok api pointcfg-module compression get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module compression replace

Usage

ngrok api pointcfg-module compression replace <id> [flags]

Flags

Flag	Description
`--module.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module ip-policy

SubCommands

Command	Description
delete
get
replace

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module ip-policy delete

Usage

ngrok api pointcfg-module ip-policy delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module ip-policy get

Usage

ngrok api pointcfg-module ip-policy get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module ip-policy replace

Usage

ngrok api pointcfg-module ip-policy replace <id> [flags]

Flags

Flag	Description
`--module.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--module.ip-policy-ids`	list of all IP policies that will be used to check if a source IP is allowed access to the endpoint
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module mutual-tls

SubCommands

Command	Description
delete
get
replace

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module mutual-tls delete

Usage

ngrok api pointcfg-module mutual-tls delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module mutual-tls get

Usage

ngrok api pointcfg-module mutual-tls get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module mutual-tls replace

Usage

ngrok api pointcfg-module mutual-tls replace <id> [flags]

Flags

Flag	Description
`--module.certificate-authority-ids`	list of certificate authorities that will be used to validate the TLS client certificate presented by the initiator of the TLS connection
`--module.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module oauth

SubCommands

Command	Description
delete
get
replace

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module oauth delete

Usage

ngrok api pointcfg-module oauth delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module oauth get

Usage

ngrok api pointcfg-module oauth get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module oauth replace

Usage

ngrok api pointcfg-module oauth replace <id> [flags]

Flags

Flag	Description
`--module.auth-check-interval`	Integer number of seconds after which ngrok guarantees it will refresh user state from the identity provider and recheck whether the user is still authorized to access the endpoint. This is the preferred tunable to use to enforce a minimum amount of time after which a revoked user will no longer be able to access the resource.
`--module.cookie-prefix`	the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'
`--module.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--module.inactivity-timeout`	Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.
`--module.maximum-duration`	Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.
`--module.options-passthrough`	Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.
`--module.provider.amazon.client-id`
`--module.provider.amazon.client-secret`
`--module.provider.amazon.email-addresses`
`--module.provider.amazon.email-domains`
`--module.provider.amazon.scopes`
`--module.provider.facebook.client-id`	the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well.
`--module.provider.facebook.client-secret`	the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id.
`--module.provider.facebook.email-addresses`	a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint
`--module.provider.facebook.email-domains`	a list of email domains of users authenticated by identity provider who are allowed access to the endpoint
`--module.provider.facebook.scopes`	a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes)
`--module.provider.github.client-id`	the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well.
`--module.provider.github.client-secret`	the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id.
`--module.provider.github.email-addresses`	a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint
`--module.provider.github.email-domains`	a list of email domains of users authenticated by identity provider who are allowed access to the endpoint
`--module.provider.github.organizations`	a list of github org identifiers. users who are members of any of the listed organizations will be allowed access. identifiers should be the organization's 'slug'
`--module.provider.github.scopes`	a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes)
`--module.provider.github.teams`	a list of github teams identifiers. users will be allowed access to the endpoint if they are a member of any of these teams. identifiers should be in the 'slug' format qualified with the org name, e.g. org-name/team-name
`--module.provider.gitlab.client-id`
`--module.provider.gitlab.client-secret`
`--module.provider.gitlab.email-addresses`
`--module.provider.gitlab.email-domains`
`--module.provider.gitlab.scopes`
`--module.provider.google.client-id`	the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well.
`--module.provider.google.client-secret`	the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id.
`--module.provider.google.email-addresses`	a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint
`--module.provider.google.email-domains`	a list of email domains of users authenticated by identity provider who are allowed access to the endpoint
`--module.provider.google.scopes`	a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes)
`--module.provider.linkedin.client-id`
`--module.provider.linkedin.client-secret`
`--module.provider.linkedin.email-addresses`
`--module.provider.linkedin.email-domains`
`--module.provider.linkedin.scopes`
`--module.provider.microsoft.client-id`	the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well.
`--module.provider.microsoft.client-secret`	the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id.
`--module.provider.microsoft.email-addresses`	a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint
`--module.provider.microsoft.email-domains`	a list of email domains of users authenticated by identity provider who are allowed access to the endpoint
`--module.provider.microsoft.scopes`	a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes)
`--module.provider.twitch.client-id`
`--module.provider.twitch.client-secret`
`--module.provider.twitch.email-addresses`
`--module.provider.twitch.email-domains`
`--module.provider.twitch.scopes`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module oidc

SubCommands

Command	Description
delete
get
replace

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module oidc delete

Usage

ngrok api pointcfg-module oidc delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module oidc get

Usage

ngrok api pointcfg-module oidc get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module oidc replace

Usage

ngrok api pointcfg-module oidc replace <id> [flags]

Flags

Flag	Description
`--module.client-id`	The OIDC app's client ID and OIDC audience.
`--module.client-secret`	The OIDC app's client secret.
`--module.cookie-prefix`	the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'
`--module.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--module.inactivity-timeout`	Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.
`--module.issuer`	URL of the OIDC "OpenID provider". This is the base URL used for discovery.
`--module.maximum-duration`	Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.
`--module.options-passthrough`	Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.
`--module.scopes`	The set of scopes to request from the OIDC identity provider.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module request-headers

SubCommands

Command	Description
delete
get
replace

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module request-headers delete

Usage

ngrok api pointcfg-module request-headers delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module request-headers get

Usage

ngrok api pointcfg-module request-headers get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module request-headers replace

Usage

ngrok api pointcfg-module request-headers replace <id> [flags]

Flags

Flag	Description
`--module.add`	a map of header key to header value that will be injected into the HTTP Request before being sent to the upstream application server
`--module.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--module.remove`	a list of header names that will be removed from the HTTP Request before being sent to the upstream application server
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module response-headers

SubCommands

Command	Description
delete
get
replace

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module response-headers delete

Usage

ngrok api pointcfg-module response-headers delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module response-headers get

Usage

ngrok api pointcfg-module response-headers get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module response-headers replace

Usage

ngrok api pointcfg-module response-headers replace <id> [flags]

Flags

Flag	Description
`--module.add`	a map of header key to header value that will be injected into the HTTP Response returned to the HTTP client
`--module.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--module.remove`	a list of header names that will be removed from the HTTP Response returned to the HTTP client
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module saml

SubCommands

Command	Description
delete
get
replace

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module saml delete

Usage

ngrok api pointcfg-module saml delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module saml get

Usage

ngrok api pointcfg-module saml get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module saml replace

Usage

ngrok api pointcfg-module saml replace <id> [flags]

Flags

Flag	Description
`--module.allow-idp-initiated`	If true, the IdP may initiate a login directly (e.g. the user does not need to visit the endpoint first and then be redirected). The IdP should set the RelayState parameter to the target URL of the resource they want the user to be redirected to after the SAML login assertion has been processed.
`--module.authorized-groups`	If present, only users who are a member of one of the listed groups may access the target endpoint.
`--module.cookie-prefix`	the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'
`--module.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--module.force-authn`	If true, indicates that whenever we redirect a user to the IdP for authentication that the IdP must prompt the user for authentication credentials even if the user already has a valid session with the IdP.
`--module.idp-metadata`	The full XML IdP EntityDescriptor. Your IdP may provide this to you as a a file to download or as a URL.
`--module.idp-metadata-url`	The IdP's metadata URL which returns the XML IdP EntityDescriptor. The IdP's metadata URL specifies how to connect to the IdP as well as its public key which is then used to validate the signature on incoming SAML assertions to the ACS endpoint.
`--module.inactivity-timeout`	Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.
`--module.maximum-duration`	Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.
`--module.nameid-format`	Defines the name identifier format the SP expects the IdP to use in its assertions to identify subjects. If unspecified, a default value of urn:oasis:names:tc:SAML:2.0:nameid-format:persistent will be used. A subset of the allowed values enumerated by the SAML specification are supported.
`--module.options-passthrough`	Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module tls-termination

SubCommands

Command	Description
delete
get
replace

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module tls-termination delete

Usage

ngrok api pointcfg-module tls-termination delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module tls-termination get

Usage

ngrok api pointcfg-module tls-termination get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module tls-termination replace

Usage

ngrok api pointcfg-module tls-termination replace <id> [flags]

Flags

Flag	Description
`--module.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--module.min-version`	The minimum TLS version used for termination and advertised to the client during the TLS handshake. if unspecified, ngrok will choose an industry-safe default. This value must be null if terminate_at is set to upstream.
`--module.terminate-at`	edge if the ngrok edge should terminate TLS traffic, upstream if TLS traffic should be passed through to the upstream ngrok agent / application server for termination. if upstream is chosen, most other modules will be disallowed because they rely on the ngrok edge being able to access the underlying traffic.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module webhook-validation

SubCommands

Command	Description
delete
get
replace

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module webhook-validation delete

Usage

ngrok api pointcfg-module webhook-validation delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module webhook-validation get

Usage

ngrok api pointcfg-module webhook-validation get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api pointcfg-module webhook-validation replace

Usage

ngrok api pointcfg-module webhook-validation replace <id> [flags]

Flags

Flag	Description
`--module.enabled`	true if the module will be applied to traffic, false to disable. default true if unspecified
`--module.provider`	a string indicating which webhook provider will be sending webhooks to this endpoint. Value must be one of the supported providers defined at https://ngrok.com/docs/cloud-edge/modules/webhook-verification (https://ngrok.com/docs/cloud-edge/modules/webhook-verification)
`--module.secret`	a string secret used to validate requests from the given provider. All providers except AWS SNS require a secret
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api reserved-addrs

Reserved Addresses are TCP addresses that can be used to listen for traffic. TCP address hostnames and ports are assigned by ngrok, they cannot be chosen.

SubCommands

Command	Description
create	Create a new reserved address.
delete	Delete a reserved address.
delete-endpoint-config	Detach the endpoint configuration attached to a...
get	Get the details of a reserved address.
list	List all reserved addresses on this account.
update	Update the attributes of a reserved address.

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api reserved-addrs create

Create a new reserved address.

Usage

ngrok api reserved-addrs create [flags]

Flags

Flag	Description
`--description`	human-readable description of what this reserved address will be used for
`--endpoint-configuration-id`	ID of an endpoint configuration of type tcp that will be used to handle inbound traffic to this address
`--metadata`	arbitrary user-defined machine-readable data of this reserved address. Optional, max 4096 bytes.
`--region`	reserve the address in this geographic ngrok datacenter. Optional, default is us. (au, eu, ap, us, jp, in, sa)
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api reserved-addrs delete

Delete a reserved address.

Usage

ngrok api reserved-addrs delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api reserved-addrs delete-endpoint-config

Detach the endpoint configuration attached to a reserved address.

Usage

ngrok api reserved-addrs delete-endpoint-config <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api reserved-addrs get

Get the details of a reserved address.

Usage

ngrok api reserved-addrs get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api reserved-addrs list

List all reserved addresses on this account.

Usage

ngrok api reserved-addrs list [flags]

Flags

Flag	Description
`--before-id`
`--limit`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api reserved-addrs update

Update the attributes of a reserved address.

Usage

ngrok api reserved-addrs update <id> [flags]

Flags

Flag	Description
`--description`	human-readable description of what this reserved address will be used for
`--endpoint-configuration-id`	ID of an endpoint configuration of type tcp that will be used to handle inbound traffic to this address
`--metadata`	arbitrary user-defined machine-readable data of this reserved address. Optional, max 4096 bytes.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api reserved-domains

Reserved Domains are hostnames that you can listen for traffic on. Domains can be used to listen for http, https or tls traffic. You may use a domain that you own by creating a CNAME record specified in the returned resource. This CNAME record points traffic for that domain to ngrok's edge servers.

SubCommands

Command	Description
create	Create a new reserved domain.
delete	Delete a reserved domain.
delete-certificate	Detach the certificate attached to a reserved d...
delete-certificate-management-policy	Detach the certificate management policy attach...
delete-http-endpoint-config	Detach the http endpoint configuration attached...
delete-https-endpoint-config	Detach the https endpoint configuration attache...
get	Get the details of a reserved domain.
list	List all reserved domains on this account.
update	Update the attributes of a reserved domain.

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api reserved-domains create

Create a new reserved domain.

Usage

ngrok api reserved-domains create [flags]

Flags

Flag	Description
`--certificate-id`	ID of a user-uploaded TLS certificate to use for connections to targeting this domain. Optional, mutually exclusive with certificate_management_policy.
`--certificate-management-policy.authority`	certificate authority to request certificates from. The only supported value is letsencrypt.
`--certificate-management-policy.private-key-type`	type of private key to use when requesting certificates. Defaults to ecdsa, can be either rsa or ecdsa.
`--description`	human-readable description of what this reserved domain will be used for
`--domain`	hostname of the reserved domain
`--http-endpoint-configuration-id`	ID of an endpoint configuration of type http that will be used to handle inbound http traffic to this domain
`--https-endpoint-configuration-id`	ID of an endpoint configuration of type https that will be used to handle inbound https traffic to this domain
`--metadata`	arbitrary user-defined machine-readable data of this reserved domain. Optional, max 4096 bytes.
`--name`	the domain name to reserve. It may be a full domain name like app.example.com. If the name does not contain a '.' it will reserve that subdomain on ngrok.io.
`--region`	deprecated: With the launch of the ngrok Global Network domains traffic is now handled globally. This field applied only to endpoints. Note that agents may still connect to specific regions. Optional, null by default. (au, eu, ap, us, jp, in, sa)
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api reserved-domains delete

Delete a reserved domain.

Usage

ngrok api reserved-domains delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api reserved-domains delete-certificate

Detach the certificate attached to a reserved domain.

Usage

ngrok api reserved-domains delete-certificate <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api reserved-domains delete-certificate-management-policy

Detach the certificate management policy attached to a reserved domain.

Usage

ngrok api reserved-domains delete-certificate-management-policy <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api reserved-domains delete-http-endpoint-config

Detach the http endpoint configuration attached to a reserved domain.

Usage

ngrok api reserved-domains delete-http-endpoint-config <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api reserved-domains delete-https-endpoint-config

Detach the https endpoint configuration attached to a reserved domain.

Usage

ngrok api reserved-domains delete-https-endpoint-config <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api reserved-domains get

Get the details of a reserved domain.

Usage

ngrok api reserved-domains get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api reserved-domains list

List all reserved domains on this account.

Usage

ngrok api reserved-domains list [flags]

Flags

Flag	Description
`--before-id`
`--limit`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api reserved-domains update

Update the attributes of a reserved domain.

Usage

ngrok api reserved-domains update <id> [flags]

Flags

Flag	Description
`--certificate-id`	ID of a user-uploaded TLS certificate to use for connections to targeting this domain. Optional, mutually exclusive with certificate_management_policy.
`--certificate-management-policy.authority`	certificate authority to request certificates from. The only supported value is letsencrypt.
`--certificate-management-policy.private-key-type`	type of private key to use when requesting certificates. Defaults to ecdsa, can be either rsa or ecdsa.
`--description`	human-readable description of what this reserved domain will be used for
`--http-endpoint-configuration-id`	ID of an endpoint configuration of type http that will be used to handle inbound http traffic to this domain
`--https-endpoint-configuration-id`	ID of an endpoint configuration of type https that will be used to handle inbound https traffic to this domain
`--metadata`	arbitrary user-defined machine-readable data of this reserved domain. Optional, max 4096 bytes.
`--region`	deprecated: With the launch of the ngrok Global Network domains traffic is now handled globally. This field applied only to endpoints. Note that agents may still connect to specific regions. Optional, null by default. (au, eu, ap, us, jp, in, sa)
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api root

SubCommands

Command	Description
get

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api root get

Usage

ngrok api root get [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ssh-certificate-authorities

An SSH Certificate Authority is a pair of an SSH Certificate and its private key that can be used to sign other SSH host and user certificates.

SubCommands

Command	Description
create	Create a new SSH Certificate Authority
delete	Delete an SSH Certificate Authority
get	Get detailed information about an SSH Certficat...
list	List all SSH Certificate Authorities on this ac...
update	Update an SSH Certificate Authority

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ssh-certificate-authorities create

Create a new SSH Certificate Authority

Usage

ngrok api ssh-certificate-authorities create [flags]

Flags

Flag	Description
`--description`	human-readable description of this SSH Certificate Authority. optional, max 255 bytes.
`--elliptic-curve`	the type of elliptic curve to use when creating an ECDSA key
`--key-size`	the key size to use when creating an RSA key. one of 2048 or 4096
`--metadata`	arbitrary user-defined machine-readable data of this SSH Certificate Authority. optional, max 4096 bytes.
`--private-key-type`	the type of private key to generate. one of rsa, ecdsa, ed25519
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ssh-certificate-authorities delete

Delete an SSH Certificate Authority

Usage

ngrok api ssh-certificate-authorities delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ssh-certificate-authorities get

Get detailed information about an SSH Certficate Authority

Usage

ngrok api ssh-certificate-authorities get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ssh-certificate-authorities list

List all SSH Certificate Authorities on this account

Usage

ngrok api ssh-certificate-authorities list [flags]

Flags

Flag	Description
`--before-id`
`--limit`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ssh-certificate-authorities update

Update an SSH Certificate Authority

Usage

ngrok api ssh-certificate-authorities update <id> [flags]

Flags

Flag	Description
`--description`	human-readable description of this SSH Certificate Authority. optional, max 255 bytes.
`--metadata`	arbitrary user-defined machine-readable data of this SSH Certificate Authority. optional, max 4096 bytes.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ssh-credentials

SSH Credentials are SSH public keys that can be used to start SSH tunnels via the ngrok SSH tunnel gateway.

SubCommands

Command	Description
create	Create a new ssh_credential from an uploaded pu...
delete	Delete an ssh_credential by ID
get	Get detailed information about an ssh_credential
list	List all ssh credentials on this account
update	Update attributes of an ssh_credential by ID

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ssh-credentials create

Create a new ssh_credential from an uploaded public SSH key. This ssh credential can be used to start new tunnels via ngrok's SSH gateway.

Usage

ngrok api ssh-credentials create [flags]

Flags

Flag	Description
`--acl`	optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the bind rule. The bind rule allows the caller to restrict what domains, addresses, and labels the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule bind:example.ngrok.io. Bind rules for domains may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of bind:.example.com which will allow x.example.com, y.example.com, .example.com, etc. Bind rules for labels may specify a wildcard key and/or value to match multiple labels. For example, you may specify a rule of bind:=example which will allow x=example, y=example, etc. A rule of '' is equivalent to no acl at all and will explicitly permit all actions.
`--description`	human-readable description of who or what will use the ssh credential to authenticate. Optional, max 255 bytes.
`--metadata`	arbitrary user-defined machine-readable data of this ssh credential. Optional, max 4096 bytes.
`--owner-email`	If supplied at credential creation, ownership will be assigned to the specified User. Only admins may specify an owner other than themselves. Both owner_id and owner_email may not be specified.
`--owner-id`	If supplied at credential creation, ownership will be assigned to the specified User or Bot. Only admins may specify an owner other than themselves. Defaults to the authenticated User or Bot.
`--public-key`	the PEM-encoded public key of the SSH keypair that will be used to authenticate
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ssh-credentials delete

Delete an ssh_credential by ID

Usage

ngrok api ssh-credentials delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ssh-credentials get

Get detailed information about an ssh_credential

Usage

ngrok api ssh-credentials get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ssh-credentials list

List all ssh credentials on this account

Usage

ngrok api ssh-credentials list [flags]

Flags

Flag	Description
`--before-id`
`--limit`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ssh-credentials update

Update attributes of an ssh_credential by ID

Usage

ngrok api ssh-credentials update <id> [flags]

Flags

Flag	Description
`--acl`	optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the bind rule. The bind rule allows the caller to restrict what domains, addresses, and labels the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule bind:example.ngrok.io. Bind rules for domains may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of bind:.example.com which will allow x.example.com, y.example.com, .example.com, etc. Bind rules for labels may specify a wildcard key and/or value to match multiple labels. For example, you may specify a rule of bind:=example which will allow x=example, y=example, etc. A rule of '' is equivalent to no acl at all and will explicitly permit all actions.
`--description`	human-readable description of who or what will use the ssh credential to authenticate. Optional, max 255 bytes.
`--metadata`	arbitrary user-defined machine-readable data of this ssh credential. Optional, max 4096 bytes.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ssh-host-certificates

SSH Host Certificates along with the corresponding private key allows an SSH server to assert its authenticity to connecting SSH clients who trust the SSH Certificate Authority that was used to sign the certificate.

SubCommands

Command	Description
create	Create a new SSH Host Certificate
delete	Delete an SSH Host Certificate
get	Get detailed information about an SSH Host Cert...
list	List all SSH Host Certificates issued on this a...
update	Update an SSH Host Certificate

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ssh-host-certificates create

Create a new SSH Host Certificate

Usage

ngrok api ssh-host-certificates create [flags]

Flags

Flag	Description
`--description`	human-readable description of this SSH Host Certificate. optional, max 255 bytes.
`--metadata`	arbitrary user-defined machine-readable data of this SSH Host Certificate. optional, max 4096 bytes.
`--principals`	the list of principals included in the ssh host certificate. This is the list of hostnames and/or IP addresses that are authorized to serve SSH traffic with this certificate. Dangerously, if no principals are specified, this certificate is considered valid for all hosts.
`--public-key`	a public key in OpenSSH Authorized Keys format that this certificate signs
`--ssh-certificate-authority-id`	the ssh certificate authority that is used to sign this ssh host certificate
`--valid-after`	The time when the host certificate becomes valid, in RFC 3339 format. Defaults to the current time if unspecified.
`--valid-until`	The time when this host certificate becomes invalid, in RFC 3339 format. If unspecified, a default value of one year in the future will be used. The OpenSSH certificates RFC calls this valid_before.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ssh-host-certificates delete

Delete an SSH Host Certificate

Usage

ngrok api ssh-host-certificates delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ssh-host-certificates get

Get detailed information about an SSH Host Certficate

Usage

ngrok api ssh-host-certificates get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ssh-host-certificates list

List all SSH Host Certificates issued on this account

Usage

ngrok api ssh-host-certificates list [flags]

Flags

Flag	Description
`--before-id`
`--limit`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ssh-host-certificates update

Update an SSH Host Certificate

Usage

ngrok api ssh-host-certificates update <id> [flags]

Flags

Flag	Description
`--description`	human-readable description of this SSH Host Certificate. optional, max 255 bytes.
`--metadata`	arbitrary user-defined machine-readable data of this SSH Host Certificate. optional, max 4096 bytes.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ssh-user-certificates

SSH User Certificates are presented by SSH clients when connecting to an SSH server to authenticate their connection. The SSH server must trust the SSH Certificate Authority used to sign the certificate.

SubCommands

Command	Description
create	Create a new SSH User Certificate
delete	Delete an SSH User Certificate
get	Get detailed information about an SSH User Cert...
list	List all SSH User Certificates issued on this a...
update	Update an SSH User Certificate

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ssh-user-certificates create

Create a new SSH User Certificate

Usage

ngrok api ssh-user-certificates create [flags]

Flags

Flag	Description
`--critical-options`	A map of critical options included in the certificate. Only two critical options are currently defined by OpenSSH: force-command and source-address. See the OpenSSH certificate protocol spec (https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys) for additional details.
`--description`	human-readable description of this SSH User Certificate. optional, max 255 bytes.
`--extensions`	A map of extensions included in the certificate. Extensions are additional metadata that can be interpreted by the SSH server for any purpose. These can be used to permit or deny the ability to open a terminal, do port forwarding, x11 forwarding, and more. If unspecified, the certificate will include limited permissions with the following extension map: {"permit-pty": "", "permit-user-rc": ""} OpenSSH understands a number of predefined extensions. See the OpenSSH certificate protocol spec (https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys) for additional details.
`--metadata`	arbitrary user-defined machine-readable data of this SSH User Certificate. optional, max 4096 bytes.
`--principals`	the list of principals included in the ssh user certificate. This is the list of usernames that the certificate holder may sign in as on a machine authorizing the signing certificate authority. Dangerously, if no principals are specified, this certificate may be used to log in as any user.
`--public-key`	a public key in OpenSSH Authorized Keys format that this certificate signs
`--ssh-certificate-authority-id`	the ssh certificate authority that is used to sign this ssh user certificate
`--valid-after`	The time when the user certificate becomes valid, in RFC 3339 format. Defaults to the current time if unspecified.
`--valid-until`	The time when this host certificate becomes invalid, in RFC 3339 format. If unspecified, a default value of 24 hours will be used. The OpenSSH certificates RFC calls this valid_before.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ssh-user-certificates delete

Delete an SSH User Certificate

Usage

ngrok api ssh-user-certificates delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ssh-user-certificates get

Get detailed information about an SSH User Certficate

Usage

ngrok api ssh-user-certificates get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ssh-user-certificates list

List all SSH User Certificates issued on this account

Usage

ngrok api ssh-user-certificates list [flags]

Flags

Flag	Description
`--before-id`
`--limit`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api ssh-user-certificates update

Update an SSH User Certificate

Usage

ngrok api ssh-user-certificates update <id> [flags]

Flags

Flag	Description
`--description`	human-readable description of this SSH User Certificate. optional, max 255 bytes.
`--metadata`	arbitrary user-defined machine-readable data of this SSH User Certificate. optional, max 4096 bytes.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api tls-certificates

TLS Certificates are pairs of x509 certificates and their matching private key that can be used to terminate TLS traffic. TLS certificates are unused until they are attached to a Domain. TLS Certificates may also be provisioned by ngrok automatically for domains on which you have enabled automated certificate provisioning.

SubCommands

Command	Description
create	Upload a new TLS certificate
delete	Delete a TLS certificate
get	Get detailed information about a TLS certificate
list	List all TLS certificates on this account
update	Update attributes of a TLS Certificate by ID

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api tls-certificates create

Upload a new TLS certificate

Usage

ngrok api tls-certificates create [flags]

Flags

Flag	Description
`--certificate-pem`	chain of PEM-encoded certificates, leaf first. See Certificate Bundles (https://ngrok.com/docs/cloud-edge/endpoints#certificate-chains).
`--description`	human-readable description of this TLS certificate. optional, max 255 bytes.
`--metadata`	arbitrary user-defined machine-readable data of this TLS certificate. optional, max 4096 bytes.
`--private-key-pem`	private key for the TLS certificate, PEM-encoded. See Private Keys (https://ngrok.com/docs/cloud-edge/endpoints#private-keys).
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api tls-certificates delete

Delete a TLS certificate

Usage

ngrok api tls-certificates delete <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api tls-certificates get

Get detailed information about a TLS certificate

Usage

ngrok api tls-certificates get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api tls-certificates list

List all TLS certificates on this account

Usage

ngrok api tls-certificates list [flags]

Flags

Flag	Description
`--before-id`
`--limit`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api tls-certificates update

Update attributes of a TLS Certificate by ID

Usage

ngrok api tls-certificates update <id> [flags]

Flags

Flag	Description
`--description`	human-readable description of this TLS certificate. optional, max 255 bytes.
`--metadata`	arbitrary user-defined machine-readable data of this TLS certificate. optional, max 4096 bytes.
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api tunnel-sessions

Tunnel Sessions represent instances of ngrok agents or SSH reverse tunnel sessions that are running and connected to the ngrok service. Each tunnel session can include one or more Tunnels.

SubCommands

Command	Description
get	Get the detailed status of a tunnel session by ID
list	List all online tunnel sessions running on this...
restart	Issues a command instructing the ngrok agent to...
stop	Issues a command instructing the ngrok agent th...
update	Issues a command instructing the ngrok agent to...

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api tunnel-sessions get

Get the detailed status of a tunnel session by ID

Usage

ngrok api tunnel-sessions get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api tunnel-sessions list

List all online tunnel sessions running on this account.

Usage

ngrok api tunnel-sessions list [flags]

Flags

Flag	Description
`--before-id`
`--limit`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api tunnel-sessions restart

Issues a command instructing the ngrok agent to restart. The agent restarts itself by calling exec() on platforms that support it. This operation is notably not supported on Windows. When an agent restarts, it reconnects with a new tunnel session ID.

Usage

ngrok api tunnel-sessions restart <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api tunnel-sessions stop

Issues a command instructing the ngrok agent that started this tunnel session to exit.

Usage

ngrok api tunnel-sessions stop <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api tunnel-sessions update

Issues a command instructing the ngrok agent to update itself to the latest version. After this call completes successfully, the ngrok agent will be in the update process. A caller should wait some amount of time to allow the update to complete (at least 10 seconds) before making a call to the Restart endpoint to request that the agent restart itself to start using the new code. This call will never update an ngrok agent to a new major version which could cause breaking compatibility issues. If you wish to update to a new major version, that must be done manually. Still, please be aware that updating your ngrok agent could break your integration. This call will fail in any of the following circumstances: there is no update available the ngrok agent's configuration disabled update checks the agent is currently in process of updating the agent has already successfully updated but has not yet been restarted

Usage

ngrok api tunnel-sessions update <id> [flags]

Flags

Flag	Description
`--version`	request that the ngrok agent update to this specific version instead of the latest available version
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api tunnels

Tunnels provide endpoints to access services exposed by a running ngrok agent tunnel session or an SSH reverse tunnel session.

SubCommands

Command	Description
get	Get the status of a tunnel by ID
list	List all online tunnels currently running on th...

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api tunnels get

Get the status of a tunnel by ID

Usage

ngrok api tunnels get <id> [flags]

Flags

Flag	Description
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api tunnels list

List all online tunnels currently running on the account.

Usage

ngrok api tunnels list [flags]

Flags

Flag	Description
`--before-id`
`--limit`
`--api-key`	API key to use
`--config`	path to config files; they are merged if multiple
`--log`	path to log file, 'stdout', 'stderr' or 'false'
`--log-format`	log record format: 'term', 'logfmt', 'json'
`--log-level`	logging level: 'debug', 'info', 'warn', 'error', 'crit'

ngrok api
ngrok api abuse-reports
ngrok api abuse-reports create
ngrok api abuse-reports get
ngrok api agent-ingresses
ngrok api agent-ingresses create
ngrok api agent-ingresses delete
ngrok api agent-ingresses get
ngrok api agent-ingresses list
ngrok api agent-ingresses update
ngrok api api-keys
ngrok api api-keys create
ngrok api api-keys delete
ngrok api api-keys get
ngrok api api-keys list
ngrok api api-keys update
ngrok api application-sessions
ngrok api application-sessions delete
ngrok api application-sessions get
ngrok api application-sessions list
ngrok api application-users
ngrok api application-users delete
ngrok api application-users get
ngrok api application-users list
ngrok api backends
ngrok api backends failover
ngrok api backends failover create
ngrok api backends failover delete
ngrok api backends failover get
ngrok api backends failover list
ngrok api backends failover update
ngrok api backends http-response
ngrok api backends http-response create
ngrok api backends http-response delete
ngrok api backends http-response get
ngrok api backends http-response list
ngrok api backends http-response update
ngrok api backends static-address
ngrok api backends static-address create
ngrok api backends static-address delete
ngrok api backends static-address get
ngrok api backends static-address list
ngrok api backends static-address update
ngrok api backends tunnel-group
ngrok api backends tunnel-group create
ngrok api backends tunnel-group delete
ngrok api backends tunnel-group get
ngrok api backends tunnel-group list
ngrok api backends tunnel-group update
ngrok api backends weighted
ngrok api backends weighted create
ngrok api backends weighted delete
ngrok api backends weighted get
ngrok api backends weighted list
ngrok api backends weighted update
ngrok api bot-users
ngrok api bot-users create
ngrok api bot-users delete
ngrok api bot-users get
ngrok api bot-users list
ngrok api bot-users update
ngrok api certificate-authorities
ngrok api certificate-authorities create
ngrok api certificate-authorities delete
ngrok api certificate-authorities get
ngrok api certificate-authorities list
ngrok api certificate-authorities update
ngrok api credentials
ngrok api credentials create
ngrok api credentials delete
ngrok api credentials get
ngrok api credentials list
ngrok api credentials update
ngrok api edge-modules
ngrok api edge-modules https-edge-mutual-tls
ngrok api edge-modules https-edge-mutual-tls delete
ngrok api edge-modules https-edge-mutual-tls get
ngrok api edge-modules https-edge-mutual-tls replace
ngrok api edge-modules https-edge-route-backend
ngrok api edge-modules https-edge-route-backend delete
ngrok api edge-modules https-edge-route-backend get
ngrok api edge-modules https-edge-route-backend replace
ngrok api edge-modules https-edge-route-circuit-breaker
ngrok api edge-modules https-edge-route-circuit-breaker delete
ngrok api edge-modules https-edge-route-circuit-breaker get
ngrok api edge-modules https-edge-route-circuit-breaker replace
ngrok api edge-modules https-edge-route-compression
ngrok api edge-modules https-edge-route-compression delete
ngrok api edge-modules https-edge-route-compression get
ngrok api edge-modules https-edge-route-compression replace
ngrok api edge-modules https-edge-route-ip-restriction
ngrok api edge-modules https-edge-route-ip-restriction delete
ngrok api edge-modules https-edge-route-ip-restriction get
ngrok api edge-modules https-edge-route-ip-restriction replace
ngrok api edge-modules https-edge-route-oauth
ngrok api edge-modules https-edge-route-oauth delete
ngrok api edge-modules https-edge-route-oauth get
ngrok api edge-modules https-edge-route-oauth replace
ngrok api edge-modules https-edge-route-oidc
ngrok api edge-modules https-edge-route-oidc delete
ngrok api edge-modules https-edge-route-oidc get
ngrok api edge-modules https-edge-route-oidc replace
ngrok api edge-modules https-edge-route-request-headers
ngrok api edge-modules https-edge-route-request-headers delete
ngrok api edge-modules https-edge-route-request-headers get
ngrok api edge-modules https-edge-route-request-headers replace
ngrok api edge-modules https-edge-route-response-headers
ngrok api edge-modules https-edge-route-response-headers delete
ngrok api edge-modules https-edge-route-response-headers get
ngrok api edge-modules https-edge-route-response-headers replace
ngrok api edge-modules https-edge-route-saml
ngrok api edge-modules https-edge-route-saml delete
ngrok api edge-modules https-edge-route-saml get
ngrok api edge-modules https-edge-route-saml replace
ngrok api edge-modules https-edge-route-traffic-policy
ngrok api edge-modules https-edge-route-traffic-policy delete
ngrok api edge-modules https-edge-route-traffic-policy get
ngrok api edge-modules https-edge-route-traffic-policy replace
ngrok api edge-modules https-edge-route-user-agent-filter
ngrok api edge-modules https-edge-route-user-agent-filter delete
ngrok api edge-modules https-edge-route-user-agent-filter get
ngrok api edge-modules https-edge-route-user-agent-filter replace
ngrok api edge-modules https-edge-route-webhook-verification
ngrok api edge-modules https-edge-route-webhook-verification delete
ngrok api edge-modules https-edge-route-webhook-verification get
ngrok api edge-modules https-edge-route-webhook-verification replace
ngrok api edge-modules https-edge-route-websocket-tcp-converter
ngrok api edge-modules https-edge-route-websocket-tcp-converter delete
ngrok api edge-modules https-edge-route-websocket-tcp-converter get
ngrok api edge-modules https-edge-route-websocket-tcp-converter replace
ngrok api edge-modules https-edge-tls-termination
ngrok api edge-modules https-edge-tls-termination delete
ngrok api edge-modules https-edge-tls-termination get
ngrok api edge-modules https-edge-tls-termination replace
ngrok api edge-modules tcp-edge-backend
ngrok api edge-modules tcp-edge-backend delete
ngrok api edge-modules tcp-edge-backend get
ngrok api edge-modules tcp-edge-backend replace
ngrok api edge-modules tcp-edge-ip-restriction
ngrok api edge-modules tcp-edge-ip-restriction delete
ngrok api edge-modules tcp-edge-ip-restriction get
ngrok api edge-modules tcp-edge-ip-restriction replace
ngrok api edge-modules tcp-edge-traffic-policy
ngrok api edge-modules tcp-edge-traffic-policy delete
ngrok api edge-modules tcp-edge-traffic-policy get
ngrok api edge-modules tcp-edge-traffic-policy replace
ngrok api edge-modules tls-edge-backend
ngrok api edge-modules tls-edge-backend delete
ngrok api edge-modules tls-edge-backend get
ngrok api edge-modules tls-edge-backend replace
ngrok api edge-modules tls-edge-ip-restriction
ngrok api edge-modules tls-edge-ip-restriction delete
ngrok api edge-modules tls-edge-ip-restriction get
ngrok api edge-modules tls-edge-ip-restriction replace
ngrok api edge-modules tls-edge-mutual-tls
ngrok api edge-modules tls-edge-mutual-tls delete
ngrok api edge-modules tls-edge-mutual-tls get
ngrok api edge-modules tls-edge-mutual-tls replace
ngrok api edge-modules tls-edge-tls-termination
ngrok api edge-modules tls-edge-tls-termination delete
ngrok api edge-modules tls-edge-tls-termination get
ngrok api edge-modules tls-edge-tls-termination replace
ngrok api edge-modules tls-edge-traffic-policy
ngrok api edge-modules tls-edge-traffic-policy delete
ngrok api edge-modules tls-edge-traffic-policy get
ngrok api edge-modules tls-edge-traffic-policy replace
ngrok api edges
ngrok api edges https
ngrok api edges https create
ngrok api edges https delete
ngrok api edges https get
ngrok api edges https list
ngrok api edges https update
ngrok api edges https-routes
ngrok api edges https-routes create
ngrok api edges https-routes delete
ngrok api edges https-routes get
ngrok api edges https-routes update
ngrok api edges tcp
ngrok api edges tcp create
ngrok api edges tcp delete
ngrok api edges tcp get
ngrok api edges tcp list
ngrok api edges tcp update
ngrok api edges tls
ngrok api edges tls create
ngrok api edges tls delete
ngrok api edges tls get
ngrok api edges tls list
ngrok api edges tls update
ngrok api endpoint-configurations
ngrok api endpoint-configurations create
ngrok api endpoint-configurations delete
ngrok api endpoint-configurations get
ngrok api endpoint-configurations list
ngrok api endpoint-configurations update
ngrok api endpoints
ngrok api endpoints create
ngrok api endpoints delete
ngrok api endpoints get
ngrok api endpoints list
ngrok api endpoints update
ngrok api event-destinations
ngrok api event-destinations create
ngrok api event-destinations delete
ngrok api event-destinations get
ngrok api event-destinations list
ngrok api event-destinations send-test-event
ngrok api event-destinations update
ngrok api event-sources
ngrok api event-sources create
ngrok api event-sources delete
ngrok api event-sources get
ngrok api event-sources list
ngrok api event-sources update
ngrok api event-subscriptions
ngrok api event-subscriptions create
ngrok api event-subscriptions delete
ngrok api event-subscriptions get
ngrok api event-subscriptions list
ngrok api event-subscriptions update
ngrok api ip-policies
ngrok api ip-policies create
ngrok api ip-policies delete
ngrok api ip-policies get
ngrok api ip-policies list
ngrok api ip-policies update
ngrok api ip-policy-rules
ngrok api ip-policy-rules create
ngrok api ip-policy-rules delete
ngrok api ip-policy-rules get
ngrok api ip-policy-rules list
ngrok api ip-policy-rules update
ngrok api ip-restrictions
ngrok api ip-restrictions create
ngrok api ip-restrictions delete
ngrok api ip-restrictions get
ngrok api ip-restrictions list
ngrok api ip-restrictions update
ngrok api kubernetes-operators
ngrok api kubernetes-operators create
ngrok api kubernetes-operators delete
ngrok api kubernetes-operators get
ngrok api kubernetes-operators get-bound-endpoints
ngrok api kubernetes-operators list
ngrok api kubernetes-operators update
ngrok api pointcfg-module
ngrok api pointcfg-module backend
ngrok api pointcfg-module backend delete
ngrok api pointcfg-module backend get
ngrok api pointcfg-module backend replace
ngrok api pointcfg-module basic-auth
ngrok api pointcfg-module basic-auth delete
ngrok api pointcfg-module basic-auth get
ngrok api pointcfg-module basic-auth replace
ngrok api pointcfg-module circuit-breaker
ngrok api pointcfg-module circuit-breaker delete
ngrok api pointcfg-module circuit-breaker get
ngrok api pointcfg-module circuit-breaker replace
ngrok api pointcfg-module compression
ngrok api pointcfg-module compression delete
ngrok api pointcfg-module compression get
ngrok api pointcfg-module compression replace
ngrok api pointcfg-module ip-policy
ngrok api pointcfg-module ip-policy delete
ngrok api pointcfg-module ip-policy get
ngrok api pointcfg-module ip-policy replace
ngrok api pointcfg-module mutual-tls
ngrok api pointcfg-module mutual-tls delete
ngrok api pointcfg-module mutual-tls get
ngrok api pointcfg-module mutual-tls replace
ngrok api pointcfg-module oauth
ngrok api pointcfg-module oauth delete
ngrok api pointcfg-module oauth get
ngrok api pointcfg-module oauth replace
ngrok api pointcfg-module oidc
ngrok api pointcfg-module oidc delete
ngrok api pointcfg-module oidc get
ngrok api pointcfg-module oidc replace
ngrok api pointcfg-module request-headers
ngrok api pointcfg-module request-headers delete
ngrok api pointcfg-module request-headers get
ngrok api pointcfg-module request-headers replace
ngrok api pointcfg-module response-headers
ngrok api pointcfg-module response-headers delete
ngrok api pointcfg-module response-headers get
ngrok api pointcfg-module response-headers replace
ngrok api pointcfg-module saml
ngrok api pointcfg-module saml delete
ngrok api pointcfg-module saml get
ngrok api pointcfg-module saml replace
ngrok api pointcfg-module tls-termination
ngrok api pointcfg-module tls-termination delete
ngrok api pointcfg-module tls-termination get
ngrok api pointcfg-module tls-termination replace
ngrok api pointcfg-module webhook-validation
ngrok api pointcfg-module webhook-validation delete
ngrok api pointcfg-module webhook-validation get
ngrok api pointcfg-module webhook-validation replace
ngrok api reserved-addrs
ngrok api reserved-addrs create
ngrok api reserved-addrs delete
ngrok api reserved-addrs delete-endpoint-config
ngrok api reserved-addrs get
ngrok api reserved-addrs list
ngrok api reserved-addrs update
ngrok api reserved-domains
ngrok api reserved-domains create
ngrok api reserved-domains delete
ngrok api reserved-domains delete-certificate
ngrok api reserved-domains delete-certificate-management-policy
ngrok api reserved-domains delete-http-endpoint-config
ngrok api reserved-domains delete-https-endpoint-config
ngrok api reserved-domains get
ngrok api reserved-domains list
ngrok api reserved-domains update
ngrok api root
ngrok api root get
ngrok api ssh-certificate-authorities
ngrok api ssh-certificate-authorities create
ngrok api ssh-certificate-authorities delete
ngrok api ssh-certificate-authorities get
ngrok api ssh-certificate-authorities list
ngrok api ssh-certificate-authorities update
ngrok api ssh-credentials
ngrok api ssh-credentials create
ngrok api ssh-credentials delete
ngrok api ssh-credentials get
ngrok api ssh-credentials list
ngrok api ssh-credentials update
ngrok api ssh-host-certificates
ngrok api ssh-host-certificates create
ngrok api ssh-host-certificates delete
ngrok api ssh-host-certificates get
ngrok api ssh-host-certificates list
ngrok api ssh-host-certificates update
ngrok api ssh-user-certificates
ngrok api ssh-user-certificates create
ngrok api ssh-user-certificates delete
ngrok api ssh-user-certificates get
ngrok api ssh-user-certificates list
ngrok api ssh-user-certificates update
ngrok api tls-certificates
ngrok api tls-certificates create
ngrok api tls-certificates delete
ngrok api tls-certificates get
ngrok api tls-certificates list
ngrok api tls-certificates update
ngrok api tunnel-sessions
ngrok api tunnel-sessions get
ngrok api tunnel-sessions list
ngrok api tunnel-sessions restart
ngrok api tunnel-sessions stop
ngrok api tunnel-sessions update
ngrok api tunnels
ngrok api tunnels get
ngrok api tunnels list

ngrok api​

SubCommands​

Flags​

ngrok api abuse-reports​

SubCommands​

Flags​

ngrok api abuse-reports create​

Usage​

Flags​

ngrok api abuse-reports get​

Usage​

Flags​

ngrok api agent-ingresses​

SubCommands​

Flags​

ngrok api agent-ingresses create​

Usage​

Flags​

ngrok api agent-ingresses delete​

Usage​

Flags​

ngrok api agent-ingresses get​

Usage​

Flags​

ngrok api agent-ingresses list​

Usage​

Flags​

ngrok api agent-ingresses update​

Usage​

Flags​

ngrok api api-keys​

SubCommands​

Flags​

ngrok api api-keys create​

Usage​

Flags​

ngrok api api-keys delete​

Usage​

Flags​

ngrok api api-keys get​

Usage​

Flags​

ngrok api api-keys list​

Usage​

Flags​

ngrok api api-keys update​

Usage​

Flags​

ngrok api application-sessions​

SubCommands​

Flags​

ngrok api application-sessions delete​

Usage​

Flags​

ngrok api application-sessions get​

Usage​

Flags​

ngrok api application-sessions list​

Usage​

Flags​

ngrok api application-users​

SubCommands​

Flags​

ngrok api application-users delete​

Usage​

Flags​

ngrok api application-users get​

Usage​

Flags​

ngrok api application-users list​

Usage​

Flags​

ngrok api backends​

SubCommands​

Flags​

ngrok api backends failover​

SubCommands​

Flags​

ngrok api backends failover create​

Usage​

ngrok api

SubCommands

Flags

ngrok api abuse-reports

SubCommands

Flags

ngrok api abuse-reports create

Usage

Flags

ngrok api abuse-reports get

Usage

Flags

ngrok api agent-ingresses

SubCommands

Flags

ngrok api agent-ingresses create

Usage

Flags

ngrok api agent-ingresses delete

Usage

Flags

ngrok api agent-ingresses get

Usage

Flags

ngrok api agent-ingresses list

Usage

Flags

ngrok api agent-ingresses update

Usage

Flags

ngrok api api-keys

SubCommands

Flags

ngrok api api-keys create

Usage

Flags

ngrok api api-keys delete

Usage

Flags

ngrok api api-keys get

Usage

Flags

ngrok api api-keys list

Usage

Flags

ngrok api api-keys update

Usage

Flags

ngrok api application-sessions

SubCommands

Flags

ngrok api application-sessions delete

Usage

Flags

ngrok api application-sessions get

Usage

Flags

ngrok api application-sessions list

Usage

Flags

ngrok api application-users

SubCommands

Flags

ngrok api application-users delete

Usage

Flags

ngrok api application-users get

Usage

Flags

ngrok api application-users list

Usage

Flags

ngrok api backends

SubCommands

Flags

ngrok api backends failover

SubCommands

Flags

ngrok api backends failover create

Usage