Ngrok creates secure tunnels to locally hosted applications, enabling developers to share and test webhooks or services without configuring complex network settings
Ngrok creates secure tunnels to locally hosted applications, enabling developers to share and test webhooks or services without configuring complex network settings On Nagent, Ngrok is exposed as a fully-configurable developer tools integration that any agent can call — 102 actions, and API key authentication. No code is required to wire Ngrok into your workflow — connect it once via the External Integrations panel and reuse it across every agent you build.
Agent builders use Ngrok to automate the kinds of tasks developer tools teams previously handled manually. Concrete examples — each one is a single agent step in Nagent — include:
Every action and trigger is paired with a structured input/output schema (visible in the sections below), so when you wire Ngrok into Helix — our agentic agent builder — the editor knows exactly what each step expects and produces. Configure once, deploy anywhere across your Nagent agents.
Every operation an agent can call against Ngrok, with input parameters and output schema. Drop these into any step of an agent built in Helix.
NGROK_CREATE_API_KEYCreates a new API key for authenticating with the ngrok API. This tool allows programmatic creation of API keys that can be used to access ngrok's API services.
Input parameters
Arbitrary user-defined data of this API key. Optional, max 4096 bytes.
ID of the user or bot to whom the API key will be assigned. Only admins can specify an owner other than themselves.
Human-readable description of what uses the API key to authenticate. Optional, max 255 bytes.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_CREATE_CREDENTIALCreates a new tunnel authtoken credential for authenticating ngrok agents. This authtoken credential can be used to start a new tunnel session. The response to this API call is the only time the generated token is available.
Input parameters
Optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the 'bind' rule. The 'bind' rule allows the caller to restrict what domains, addresses, and labels the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule 'bind:example.ngrok.io'. Bind rules for domains may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of 'bind:*.example.com' which will allow 'x.example.com', 'y.example.com', '*.example.com', etc. Bind rules for labels may specify a wildcard key and/or value to match multiple labels. For example, you may specify a rule of 'bind:*=example' which will allow 'x=example', 'y=example', etc. A rule of '*' is equivalent to no acl at all and will explicitly permit all actions.
Arbitrary user-defined machine-readable data of this credential. Optional, max 4096 bytes.
If supplied at credential creation, ownership will be assigned to the specified User or Service User. Only admins may specify an owner other than themselves. Defaults to the authenticated User or Service User. Accepts one of: User ID, User email, or SCIM User ID.
Human-readable description of who or what will use the credential to authenticate. Optional, max 255 bytes.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_CREATE_ENDPOINTCreate a cloud endpoint on the ngrok account. Use when you need to set up a new cloud endpoint with custom traffic policies for handling HTTP traffic.
Input parameters
The URL of the endpoint. Must be a valid ngrok URL for cloud endpoints.
Type of endpoint. Only 'cloud' is currently supported (represents a cloud endpoint). Defaults to 'cloud' if not specified.
The bindings associated with this endpoint
User-supplied metadata of the associated tunnel or edge object
User-supplied description of the associated tunnel
The traffic policy attached to this endpoint. Must be valid YAML format with traffic handling actions (e.g., custom-response, forward). Specify the policy phases (on_http_request, on_http_response) and actions to perform.
Whether the endpoint allows pooling
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_CREATE_EVENT_SOURCEAdd a new event source to an event subscription. Event sources define which types of events will trigger the subscription. Use this when you need to subscribe to additional event types for an existing event subscription.
Input parameters
Type of event for which an event subscription will trigger. Must follow the pattern {resource}_{action}.v{version}. Common examples include: 'ip_policy_updated.v0', 'http_request_complete.v0', 'tcp_connection_closed.v0', 'ip_policy_created.v0', 'reserved_domain_created', 'certificate_authority_created', and many others. See https://ngrok.com/docs/obs/reference/ for the complete list of available event types.
The unique identifier for the Event Subscription that this Event Source is attached to. Starts with 'esb_' prefix (e.g., 'esb_39gr1IlgxYmY77fD9cH2JDycTv2').
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_CREATE_EVENT_SUBSCRIPTIONCreates a new event subscription in ngrok. Event subscriptions allow you to be notified when specific events occur in your ngrok account. Use this when you need to set up webhooks or event-driven workflows for ngrok resource changes.
Input parameters
Sources containing the types for which this event subscription will trigger. Must include at least one event source.
Arbitrary customer supplied information intended to be machine readable. Optional, max 4096 chars.
Arbitrary customer supplied information intended to be human readable. Optional, max 255 chars.
A list of Event Destination IDs which should be used for this Event Subscription. Can be an empty list.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_CREATE_HTTPS_EDGECreates a new HTTPS edge in your ngrok account. HTTPS edges define how ngrok handles HTTPS traffic for your domains. Use this when you need to set up a new HTTPS endpoint with custom TLS or mutual TLS configuration.
Input parameters
Arbitrary user-defined machine-readable data of this edge. Optional, max 4096 bytes.
Hostports served by this edge. Each entry should be in the format 'hostname:port'.
Configuration for mutual TLS on the HTTPS edge.
Human-readable description of what this edge will be used for. Optional, max 255 bytes.
Configuration for TLS termination on the HTTPS edge.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_CREATE_HTTPS_EDGE_ROUTECreates a new route on an HTTPS edge in ngrok. Routes define how traffic matching specific patterns should be handled and can include various security and transformation modules. Use when you need to configure routing rules for an HTTPS edge with optional modules like OAuth, IP restrictions, header transformations, and more.
Input parameters
OIDC configuration for the route.
SAML configuration for the route.
Route selector: '/blog' or 'example.com' or 'example.com/blog'
OAuth configuration for the route.
Backend configuration for the route.
Unique identifier of the HTTPS edge to create the route on
Arbitrary user-defined machine-readable data of this route. Optional, max 4096 bytes
Type of match to use for this route. Valid values are 'exact_path' and 'path_prefix'
Compression configuration for the route.
Human-readable description of what this route will be used for. Optional, max 255 bytes
IP restriction configuration for the route.
Traffic policy configuration for the route.
Circuit breaker configuration for the route.
Request headers configuration for the route.
Response headers configuration for the route.
User agent filter configuration for the route.
Webhook verification configuration for the route.
Websocket TCP converter configuration for the route.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_CREATE_SSH_CREDENTIALCreates a new SSH credential from an uploaded public SSH key. This SSH credential can be used to start new tunnels via ngrok's SSH gateway. Use when you need to authenticate SSH-based tunnel connections with ngrok.
Input parameters
Optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the 'bind' rule. The 'bind' rule allows the caller to restrict what domains, addresses, and labels the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule 'bind:example.ngrok.io'. Bind rules for domains may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of 'bind:*.example.com' which will allow 'x.example.com', 'y.example.com', '*.example.com', etc. Bind rules for labels may specify a wildcard key and/or value to match multiple labels. For example, you may specify a rule of 'bind:*=example' which will allow 'x=example', 'y=example', etc. A rule of '*' is equivalent to no acl at all and will explicitly permit all actions.
Arbitrary user-defined machine-readable data of this ssh credential. Optional, max 4096 bytes.
If supplied at credential creation, ownership will be assigned to the specified User or Bot. Only admins may specify an owner other than themselves. Defaults to the authenticated User or Bot.
The PEM-encoded public key of the SSH keypair that will be used to authenticate. This is a required field.
Human-readable description of who or what will use the ssh credential to authenticate. Optional, max 255 bytes.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_CREATE_VAULTCreates a new vault in your ngrok account. Vaults are used for securely storing and managing sensitive data such as secrets, credentials, and tokens.
Input parameters
Name of vault
Arbitrary user-defined metadata for this Vault
Description of Vault
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_CREATE_VAULT_SECRETTool to create a new secret in an ngrok vault for secure storage of sensitive data like API keys, passwords, or tokens. Use when you need to securely store sensitive information that can be referenced in traffic policies without exposing the actual values.
Input parameters
Name of secret. This is a required field.
Value of secret. This is the sensitive data to be stored securely. This is a required field.
Arbitrary user-defined metadata for this secret. Can be used for tagging, categorization, or storing additional context.
Unique identifier of the referenced vault where this secret will be stored. Either vault_id or vault_name must be provided.
Name of the referenced vault where this secret will be stored. Either vault_id or vault_name must be provided.
Human-readable description of the secret and its purpose.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_DELETE_API_KEYDelete an API key by its ID. This action permanently removes the specified API key from your ngrok account. This is an important security feature that allows users to revoke access when an API key is compromised or no longer needed. Once deleted, the API key cannot be recovered and any services using it will lose access.
Input parameters
The unique identifier of the API key to delete
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_DELETE_CREDENTIALSDelete a tunnel authtoken credential by ID. This action permanently removes the specified credential from your ngrok account.
Input parameters
The unique identifier of the credential to delete
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_DELETE_EDGE_ROUTE_CIRCUIT_BREAKER_MODULEDelete the Circuit Breaker module from an HTTPS Edge Route. This action removes the circuit breaker configuration that protects upstream services from being overwhelmed by automatically rejecting requests when error thresholds are exceeded.
Input parameters
Unique identifier of the edge route. Starts with 'edghtsrt_' prefix (e.g., 'edghtsrt_39gqwuJDVwm03gHu4CsOgzteehK').
Unique identifier of the HTTPS edge. Starts with 'edghts_' prefix (e.g., 'edghts_39gqvMnj6ISmoTNyxL7aKoh0YMZ').
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_DELETE_EDGE_ROUTE_COMPRESSION_MODULEDelete the compression module from an HTTPS edge route. Use this to remove compression settings from a specific route within an HTTPS edge configuration.
Input parameters
Unique identifier of the edge route (e.g., 'edghtsrt_39gqTrGbFUQNxzfZtlRNcJjKXpX')
Unique identifier of the HTTPS edge (e.g., 'edghts_39gqRMtiKTcKZQMyXKRm4RJfKTF')
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_DELETE_EDGE_ROUTE_REQUEST_HEADERS_MODULEDelete the request headers module from an HTTPS edge route. This removes any custom request header modifications configured for the specified route. Use this action when you need to stop modifying request headers on a specific edge route. After deletion, requests will pass through without header modifications.
Input parameters
Unique identifier of the edge route. Starts with 'edghtsrt_' prefix (e.g., 'edghtsrt_39gqWSgQxmqGT6KGoIPnkd9w14S'). This identifies the specific route on the edge from which to remove the request headers module.
Unique identifier of the HTTPS edge. Starts with 'edghts_' prefix (e.g., 'edghts_39gqRMtiKTcKZQMyXKRm4RJfKTF'). Use List HTTPS Edges to find valid edge IDs.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_DELETE_EDGE_ROUTE_RESPONSE_HEADERS_MODULEDelete the response headers module from an HTTPS edge route. Use when you need to remove response header manipulation from a specific route.
Input parameters
Unique identifier of the edge route. Starts with 'edghtsrt_' prefix (e.g., 'edghtsrt_39gqWSgQxmqGT6KGoIPnkd9w14S').
Unique identifier of the HTTPS edge. Starts with 'edghts_' prefix (e.g., 'edghts_39gqRMtiKTcKZQMyXKRm4RJfKTF').
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_DELETE_EDGE_ROUTE_SAML_MODULEDelete the SAML module configuration from an HTTPS edge route. This action removes SAML authentication from the specified route, allowing traffic to pass through without SAML validation. The operation is idempotent and returns success even if no SAML module exists.
Input parameters
Unique identifier of the edge route (starts with 'edghtsrt_' prefix)
Unique identifier of the HTTPS edge (starts with 'edghts_' prefix)
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_DELETE_EDGE_ROUTE_USER_AGENT_FILTER_MODULEDelete the user agent filter module from an HTTPS edge route. Use this to remove user agent filtering from a specific route within an HTTPS edge configuration.
Input parameters
Unique identifier of the edge route (starts with 'edghtsrt_' prefix)
Unique identifier of the HTTPS edge (starts with 'edghts_' prefix)
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_DELETE_EDGE_ROUTE_WEBHOOK_VERIFICATION_MODULEDelete the webhook verification module from an HTTPS edge route. This removes webhook signature verification configured for the specified route. Use this action when you need to stop verifying webhook signatures on a specific edge route. After deletion, webhooks will pass through without signature verification.
Input parameters
Unique identifier of the edge route. Starts with 'edghtsrt_' prefix (e.g., 'edghtsrt_39gqc0iv5LrDyn0vLYjJ6ur8opm'). This identifies the specific route on the edge from which to remove the webhook verification module.
Unique identifier of the HTTPS edge. Starts with 'edghts_' prefix (e.g., 'edghts_39gqRMtiKTcKZQMyXKRm4RJfKTF'). Use List HTTPS Edges to find valid edge IDs.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_DELETE_EDGE_ROUTE_WEBSOCKET_TCP_CONVERTER_MODULEDelete the WebSocket TCP converter module from an HTTPS edge route. Use when you need to remove WebSocket to TCP conversion functionality from a specific route. The operation is idempotent.
Input parameters
Unique identifier of the edge route. Starts with 'edghtsrt_' prefix (e.g., 'edghtsrt_39gqTrGbFUQNxzfZtlRNcJjKXpX').
Unique identifier of the HTTPS edge. Starts with 'edghts_' prefix (e.g., 'edghts_39gqRMtiKTcKZQMyXKRm4RJfKTF').
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_DELETE_ENDPOINTDelete an endpoint by ID. This action permanently removes the specified endpoint from your ngrok account. Currently only available for cloud endpoints. Cloud endpoints are those created through the ngrok dashboard or API with reserved domains. Once deleted, the endpoint cannot be recovered and traffic to the endpoint will no longer be processed.
Input parameters
The unique identifier of the endpoint to delete. Currently only works for cloud endpoints (starts with 'ep_' prefix).
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_DELETE_EVENT_SOURCEDelete an event source from an event subscription. This removes a specific event type from the subscription, so the subscription will no longer trigger for that event. Event sources define which types of events trigger notifications for a subscription. Removing an event source does not delete the subscription itself - only the association with that specific event type.
Input parameters
Type of event for which an event subscription will trigger (e.g., 'api_key_created.v0', 'tunnel_started.v0'). This identifies the specific event source to remove from the subscription.
The unique identifier for the Event Subscription that this Event Source is attached to. Starts with 'esb_' prefix (e.g., 'esb_39gr37rMVhI8B1Jk6PGGHjFs615').
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_DELETE_EVENT_SUBSCRIPTIONDelete an event subscription by ID. This action permanently removes the specified event subscription from your ngrok account. Event subscriptions allow you to receive notifications when specific events occur in your ngrok account. Once deleted, you will no longer receive notifications for events matching this subscription.
Input parameters
The unique identifier of the event subscription to delete. Starts with 'esb_' prefix (e.g., 'esb_39gr7cioDlymbBGSv818qL96aNj').
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_DELETE_HTTPS_EDGEDelete an HTTPS edge by ID. This action permanently removes the specified HTTPS edge configuration from your ngrok account. HTTPS edges define how ngrok handles HTTPS traffic for your domains. Once deleted, the edge and all associated routes cannot be recovered, and traffic to the configured hostports will no longer be processed.
Input parameters
The unique identifier of the HTTPS edge to delete. Starts with 'edghts_' prefix (e.g., 'edghts_39gqgkpHqyaV9R5nqozdBTUqgPj').
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_DELETE_HTTPS_EDGE_ROUTEDelete an HTTPS edge route by ID. This action permanently removes the specified route from an HTTPS edge configuration in your ngrok account. HTTPS edge routes define how traffic is handled for specific hostnames and paths. Once deleted, the route cannot be recovered and traffic matching the route will no longer be processed.
Input parameters
The unique identifier of the HTTPS edge route to delete. Starts with 'edghtsrt_' prefix (e.g., 'edghtsrt_39gqUYG78vKPUegVGFOvD2AGxf9').
The unique identifier of the HTTPS edge containing the route to delete. Starts with 'edghts_' prefix (e.g., 'edghts_39gqRMtiKTcKZQMyXKRm4RJfKTF').
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_DELETE_RESERVED_DOMAIN_CERTIFICATEDetach the certificate attached to a reserved domain. Use when you need to remove a certificate from a reserved domain without deleting the domain itself.
Input parameters
The unique identifier of the reserved domain from which to detach the certificate
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_DELETE_RESERVED_DOMAIN_CERTIFICATE_MANAGEMENT_POLICYDetach the certificate management policy from a reserved domain. Use this action when you need to remove certificate management configuration from a domain.
Input parameters
The unique identifier of the reserved domain. Starts with 'rd_' prefix (e.g., 'rd_33EL42aOolj0rxIP0YdTBbE9gNc'). Use List Reserved Domains to find valid domain IDs.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_DELETE_SECRETDelete a vault secret by ID. This action permanently removes the specified secret from your ngrok vault.
Input parameters
The unique identifier of the vault secret to delete
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_DELETE_SSH_CREDENTIALSDelete an SSH credential by ID. This action permanently removes the specified SSH credential from your ngrok account. SSH credentials are used to authenticate SSH connections through ngrok. Once deleted, the credential cannot be recovered and any services using it will lose access.
Input parameters
The unique identifier of the SSH credential to delete
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_DELETE_VAULTDelete a vault by ID. This action permanently removes the specified vault from your ngrok account.
Input parameters
The unique identifier of the vault to delete
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_GET_API_KEYGet the details of an API key by ID. Use this tool to retrieve information about a specific ngrok API key, including its description, metadata, and creation timestamp.
Input parameters
The unique identifier of the API key to retrieve
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_GET_CREDENTIALSTool to retrieve detailed information about a tunnel authtoken credential by ID. Use when you need to view the details, metadata, or ACL rules of an existing credential. Note: The token field will be null for existing credentials (only available on creation).
Input parameters
The unique identifier of the credential to retrieve
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_GET_EDGE_ROUTE_BACKEND_MODULERetrieves the backend module configuration for an HTTPS edge route. Backend modules define where traffic is routed after passing through the edge route's modules. Use this to verify backend configuration or audit routing behavior.
Input parameters
Unique identifier of the edge route. Starts with 'edghtsrt_' prefix (e.g., 'edghtsrt_39gqUYG78vKPUegVGFOvD2AGxf9').
Unique identifier of the HTTPS edge. Starts with 'edghts_' prefix (e.g., 'edghts_39gqRMtiKTcKZQMyXKRm4RJfKTF').
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_GET_EDGE_ROUTE_CIRCUIT_BREAKER_MODULETool to retrieve the circuit breaker module configuration for a specific HTTPS edge route. Use when you need to check the current circuit breaker settings, verify protection parameters, or audit traffic protection policies.
Input parameters
Unique identifier of the edge route. Starts with 'edghtsrt_' prefix (e.g., 'edghtsrt_39gqTrGbFUQNxzfZtlRNcJjKXpX'). This identifies the specific route within the edge.
Unique identifier of the HTTPS edge. Starts with 'edghts_' prefix (e.g., 'edghts_39gqRMtiKTcKZQMyXKRm4RJfKTF'). Use List HTTPS Edges to find valid edge IDs.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_GET_EDGE_ROUTE_COMPRESSION_MODULERetrieves the compression module configuration for a specific HTTPS edge route. Use this to check if compression is enabled for the route.
Input parameters
Unique identifier of the edge route. Starts with 'edghtsrt_' prefix (e.g., 'edghtsrt_39gqWSgQxmqGT6KGoIPnkd9w14S').
Unique identifier of the HTTPS edge. Starts with 'edghts_' prefix (e.g., 'edghts_39gqRMtiKTcKZQMyXKRm4RJfKTF').
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_GET_EDGE_ROUTE_IP_RESTRICTION_MODULERetrieves the IP restriction module configuration for a specific HTTPS edge route. Use this to check which IP policies are applied to control access to the route.
Input parameters
Unique identifier of the edge route. Starts with 'edghtsrt_' prefix (e.g., 'edghtsrt_39gqWSgQxmqGT6KGoIPnkd9w14S').
Unique identifier of the HTTPS edge. Starts with 'edghts_' prefix (e.g., 'edghts_39gqRMtiKTcKZQMyXKRm4RJfKTF').
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_GET_EDGE_ROUTE_OIDC_MODULERetrieves the OIDC (OpenID Connect) module configuration for a specific HTTPS edge route. OIDC modules enable authentication via OpenID Connect providers on your edge routes. This action fetches the current OIDC configuration including provider settings, scopes, and session timeout settings. Returns null if the OIDC module is not configured for the route.
Input parameters
Unique identifier of the edge route. Starts with 'edghtsrt_' prefix (e.g., 'edghtsrt_39gqWSgQxmqGT6KGoIPnkd9w14S'). Use List HTTPS Edge Routes to find valid route IDs.
Unique identifier of the HTTPS edge. Starts with 'edghts_' prefix (e.g., 'edghts_39gqRMtiKTcKZQMyXKRm4RJfKTF'). Use List HTTPS Edges to find valid edge IDs.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_GET_EDGE_ROUTE_REQUEST_HEADERS_MODULERetrieves the request headers module configuration for a specific HTTPS edge route. The request headers module allows you to add and remove headers from HTTP requests before they are sent to your upstream server. Use this action to inspect the current request header manipulation rules for a route.
Input parameters
Unique identifier of the edge route. Starts with 'edghtsrt_' prefix (e.g., 'edghtsrt_39gqWSgQxmqGT6KGoIPnkd9w14S'). Use Get HTTPS Edge to find valid route IDs.
Unique identifier of the HTTPS edge. Starts with 'edghts_' prefix (e.g., 'edghts_39gqRMtiKTcKZQMyXKRm4RJfKTF'). Use List HTTPS Edges to find valid edge IDs.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_GET_EDGE_ROUTE_RESPONSE_HEADERS_MODULEGet the response headers module configuration for an HTTPS edge route. Use when you need to retrieve the current response header manipulation settings for a specific route.
Input parameters
Unique identifier of the edge route. Starts with 'edghtsrt_' prefix (e.g., 'edghtsrt_39gqWSgQxmqGT6KGoIPnkd9w14S').
Unique identifier of the HTTPS edge. Starts with 'edghts_' prefix (e.g., 'edghts_39gqRMtiKTcKZQMyXKRm4RJfKTF').
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_GET_EDGE_ROUTE_SAML_MODULERetrieves the SAML authentication module configuration for a specific HTTPS edge route. Use this to view SAML settings including identity provider configuration, session timeouts, and authorized groups.
Input parameters
Unique identifier of the edge route. Starts with 'edghtsrt_' prefix (e.g., 'edghtsrt_39gqWSgQxmqGT6KGoIPnkd9w14S').
Unique identifier of the HTTPS edge. Starts with 'edghts_' prefix (e.g., 'edghts_39gqRMtiKTcKZQMyXKRm4RJfKTF').
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_GET_EDGE_ROUTE_TRAFFIC_POLICYRetrieves the Traffic Policy module configuration for a specific HTTPS edge route. Traffic policies define how ngrok handles requests and responses on the edge route. Use this to inspect current traffic policy rules applied to an edge route.
Input parameters
Unique identifier of the edge route. Starts with 'edghtsrt_' prefix (e.g., 'edghtsrt_39gqWSgQxmqGT6KGoIPnkd9w14S').
Unique identifier of the HTTPS edge. Starts with 'edghts_' prefix (e.g., 'edghts_39gqRMtiKTcKZQMyXKRm4RJfKTF').
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_GET_EDGE_ROUTE_USER_AGENT_FILTER_MODULERetrieves the user agent filter module configuration for a specific HTTPS edge route. Use this to view filtering rules that control access based on User-Agent headers.
Input parameters
Unique identifier of the edge route. Starts with 'edghtsrt_' prefix (e.g., 'edghtsrt_39gqWSgQxmqGT6KGoIPnkd9w14S').
Unique identifier of the HTTPS edge. Starts with 'edghts_' prefix (e.g., 'edghts_39gqRMtiKTcKZQMyXKRm4RJfKTF').
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_GET_EDGE_ROUTE_WEBHOOK_VERIFICATION_MODULERetrieves the webhook verification module configuration for an HTTPS edge route. Webhook verification modules validate incoming webhooks from supported providers. Use this to verify webhook configuration or audit webhook security settings.
Input parameters
Unique identifier of the edge route. Starts with 'edghtsrt_' prefix (e.g., 'edghtsrt_39gqWSgQxmqGT6KGoIPnkd9w14S').
Unique identifier of the HTTPS edge. Starts with 'edghts_' prefix (e.g., 'edghts_39gqRMtiKTcKZQMyXKRm4RJfKTF').
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_GET_EDGE_ROUTE_WEBSOCKET_TCP_CONVERTER_MODULERetrieves the WebSocket TCP Converter module configuration for a specific HTTPS edge route. This module converts WebSocket connections to TCP streams. Use this to inspect whether the converter is enabled.
Input parameters
Unique identifier of the edge route. Starts with 'edghtsrt_' prefix (e.g., 'edghtsrt_39gqWSgQxmqGT6KGoIPnkd9w14S').
Unique identifier of the HTTPS edge. Starts with 'edghts_' prefix (e.g., 'edghts_39gqRMtiKTcKZQMyXKRm4RJfKTF').
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_GET_ENDPOINTGet the status of an endpoint by ID. Use this tool to retrieve detailed information about a specific ngrok endpoint, including its configuration, URLs, and associated resources.
Input parameters
The unique identifier of the endpoint to retrieve
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_GET_EVENT_SOURCEGet an event source by type for a specific event subscription. Use this tool to retrieve details about a specific event source type that triggers notifications for an event subscription.
Input parameters
Type of event for which an event subscription will trigger (e.g., 'ip_policy_created.v0', 'api_key_created.v0').
The unique identifier for the Event Subscription that this Event Source is attached to. Starts with 'esb_' prefix (e.g., 'esb_39gr6SN3b0nLWCPoBSdZ9VCI5vN').
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_GET_HTTPS_EDGEGet the details of an HTTPS edge by ID. Use this to retrieve information about a specific HTTPS edge configuration including its hostports, TLS settings, and routes.
Input parameters
The unique identifier of the HTTPS edge to retrieve
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_GET_HTTPS_EDGE_MUTUAL_TLS_MODULERetrieves the mutual TLS module configuration for an HTTPS edge. Use this to check if mutual TLS is enabled and which certificate authorities are configured for client certificate validation.
Input parameters
Unique identifier of the HTTPS edge. Starts with 'edghts_' prefix (e.g., 'edghts_39gqgkpHqyaV9R5nqozdBTUqgPj').
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_GET_HTTPS_EDGE_ROUTERetrieves detailed information about a specific HTTPS edge route by its ID. HTTPS edge routes define how ngrok routes traffic based on path matching rules and apply various modules like authentication, compression, and traffic policies.
Input parameters
Unique identifier of the edge route. Starts with 'edghtsrt_' prefix (e.g., 'edghtsrt_39gqUYG78vKPUegVGFOvD2AGxf9').
Unique identifier of the HTTPS edge. Starts with 'edghts_' prefix (e.g., 'edghts_39gqRMtiKTcKZQMyXKRm4RJfKTF').
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_GET_IP_RESTRICTIONSRetrieves detailed information about a specific IP restriction by its ID. IP restrictions control which IP addresses can access various ngrok resources (dashboard, API, agents, or endpoints). This action fetches complete details including enforcement status, associated IP policies, and metadata. Use this action for auditing, verification, or before modifying IP restrictions. Note: Requires Account Governance add-on on a Pay-as-you-go plan to have IP restrictions.
Input parameters
The unique identifier of the IP restriction to retrieve. Starts with 'ipx_' prefix (e.g., 'ipx_2wgPZUOnnoKGNHNtGNF3KGjMfCz'). Use List IP Restrictions to find valid IDs.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_GET_RESERVED_DOMAINGet the details of a reserved domain by ID. Use this to retrieve information about a specific reserved domain including its hostname, certificate configuration, and DNS settings.
Input parameters
The unique identifier of the reserved domain to retrieve
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_GET_SECRETTool to retrieve detailed information about a vault secret by ID. Use when you need to view the metadata, description, or vault information for an existing secret.
Input parameters
The unique identifier of the secret to retrieve
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_GET_SECRETS_BY_VAULTTool to get all secrets in a vault by vault ID. Use this to retrieve the list of secrets stored in a specific ngrok vault. Supports pagination for large result sets.
Input parameters
The unique identifier of the vault to retrieve secrets from
Maximum number of secrets to return. Defaults to 100 if not specified.
Pagination cursor. Returns secrets created before the secret with this ID. Use for fetching subsequent pages.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_GET_SSH_CREDENTIALSTool to retrieve detailed information about an SSH credential by ID. Use when you need to view the details, public key, metadata, or ACL rules of an existing SSH credential.
Input parameters
The unique identifier of the SSH credential to retrieve
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_GET_VAULTGet the details of a vault by ID. Use this tool to retrieve information about a specific ngrok vault, including its name, description, metadata, and timestamps.
Input parameters
The unique identifier of the vault to retrieve
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_LIST_AGENT_INGRESSESList all Agent Ingresses owned by this account. Agent Ingresses are used to configure custom domains for ngrok agent connections, allowing you to use your own domain instead of the default ngrok domains.
Input parameters
Maximum number of agent ingresses to return. Defaults to 100 if not specified.
CEL expression to filter agent ingresses. Supports fields: id, metadata, created_at. Example: 'id == "agin_xxx"' or 'metadata contains "prod"'
Pagination cursor. Returns agent ingresses created before this ID. Use next_page_uri from previous response for pagination.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_LIST_API_KEYSThis tool lists all API keys owned by the user. The API keys are used to authenticate API requests to ngrok's REST API. The endpoint returns a paginated list of API keys.
Input parameters
Maximum number of API keys to return. Accepts values between 1-100. Defaults to 100 if not specified.
Pagination cursor. Returns results created before this API key ID. Use the ID from a previous response for pagination.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_LIST_BOT_USERSTool to list all bot users on this ngrok account. Use when you need to retrieve all bot users with their status and metadata.
Input parameters
Maximum number of bot users to return. Defaults to 100 if not specified.
Pagination cursor. Returns results created before this bot user ID. Use the ID from a previous response for pagination.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_LIST_CERT_AUTHORITIESList all certificate authorities on this account. Certificate authorities are x509 certificates used to sign other x509 certificates. Supports pagination and filtering via CEL expressions.
Input parameters
Maximum number of certificate authorities to return. See the API Overview for details on pagination.
CEL expression to filter the list results. Supports logical and comparison operators to match on fields such as id, metadata, created_at. See https://ngrok.com/docs/api/api-filtering for syntax and field details.
Pagination cursor. Returns earlier entries in the result set, sorted by ID. Use the ID from a previous response for pagination.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_LIST_CREDENTIALSList all tunnel authtoken credentials on the ngrok account. Use when you need to view all credentials that can authenticate ngrok agents and start tunnel sessions.
Input parameters
Maximum number of credentials to return. Accepts values between 1-100. Defaults to 100 if not specified.
CEL expression to filter the list results. Supports logical and comparison operators to match on fields such as id, metadata, created_at, and more. See ngrok API Filtering for syntax and field details.
Pagination cursor. Returns results created before this credential ID. Use the ID from a previous response for pagination.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_LIST_ENDPOINTSList all active endpoints on the ngrok account. This tool will list all active endpoints on the ngrok account, providing visibility into running tunnels and endpoints. It requires no input parameters beyond authentication and serves as a fundamental component for monitoring, managing, and referencing ngrok resources.
Input parameters
Maximum number of endpoints to return (max 100). Defaults to 100 if not specified.
CEL expression to filter endpoints. Supports fields: id, metadata, created_at. Example: 'id == "ep_xxx"' or 'metadata contains "prod"'
Pagination cursor. Returns endpoints created before this ID. Use next_page_uri from previous response for pagination.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_LIST_EVENT_DESTINATIONSList all Event Destinations on the ngrok account. Event Destinations define where and how ngrok should send event data (e.g., to AWS, Datadog, Azure). Use this to view configured event streaming targets.
Input parameters
Maximum number of Event Destinations to return. See the API Overview for pagination details.
A CEL expression to filter the list results. Supports logical and comparison operators to match on fields such as id, metadata, created_at. See ngrok API Filtering documentation for syntax and field details.
Pagination cursor. Returns earlier entries in the result set, sorted by ID.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_LIST_EVENT_SUBSCRIPTIONSList all event subscriptions on the ngrok account. Event subscriptions allow you to be notified when specific events occur in your ngrok account. Use this to view all configured event subscriptions.
Input parameters
Maximum number of event subscriptions to return. See the API Overview for pagination details.
A CEL expression to filter the list results. Supports logical and comparison operators to match on fields such as id, metadata, created_at. See ngrok API Filtering documentation for syntax and field details.
Pagination cursor. Returns earlier entries in the result set, sorted by ID.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_LIST_EVENT_SUBSCRIPTION_SOURCESTool to list the types for which this event subscription will trigger. Use when you need to see all event sources configured for a specific event subscription.
Input parameters
The unique identifier for the Event Subscription. Starts with 'esb_' prefix (e.g., 'esb_39gr2ZnGn8FO33lO5pgYIMUSR2i').
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_LIST_FAILOVER_BACKENDSList all failover backends on this account. Failover backends define failover behavior within a list of referenced backends where traffic is sent to the first backend, and if that backend is offline, ngrok attempts to connect to the next backend in the list.
Input parameters
Maximum number of failover backends to return. Accepts values between 1-100. Defaults to 100 if not specified.
Pagination cursor. Returns results created before this backend ID. Use the ID from a previous response for pagination.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_LIST_HTTP_RESPONSE_BACKENDSList all HTTP response backends on the account. Use this to retrieve all configured static HTTP response backends that return fixed responses with specific status codes.
Input parameters
Maximum number of HTTP response backends to return. Defaults to 100 if not specified. Maximum value is 100.
Pagination cursor. Returns backends created before the backend with this ID. Use for fetching subsequent pages.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_LIST_HTTPS_EDGESLists all HTTPS Edges in your ngrok account. HTTPS edges are configurations that tell ngrok how to handle HTTPS traffic. The action returns a paginated list of all HTTPS edges associated with your account.
Input parameters
Maximum number of HTTPS edges to return. Accepts values between 1-100. Defaults to 100 if not specified.
Pagination cursor. Returns results created before this edge ID. Use the ID from a previous response's last edge for pagination.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_LIST_IP_POLICIESList all IP policies on this account. IP policies are reusable groups of CIDR ranges with an allow or deny action that can be attached to endpoints via the Endpoint Configuration IP Policy module. Supports pagination and filtering with CEL expressions.
Input parameters
Constrains the number of results in the dataset. See the API Overview for details.
A CEL expression to filter the list results. Supports logical and comparison operators to match on fields such as id, metadata, created_at, and more. See ngrok API Filtering for syntax and field details.
Expects a resource ID as its input. Returns earlier entries in the result set, sorted by ID.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_LIST_IP_POLICY_RULESThis tool lists all IP policy rules associated with your ngrok account. It retrieves detailed information including rule id, creation timestamp, description, metadata, CIDR, the associated IP policy, and the action (allow or deny) for each rule. It supports pagination with parameters 'limit' for the maximum number of results and 'before_id' for pagination.
Input parameters
Maximum number of IP policy rules to return (max 100, defaults to 100 if not specified)
The ID of the last IP policy rule from the previous page for pagination
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_LIST_IP_RESTRICTIONSLists all IP restrictions configured on the ngrok account. IP restrictions control which source CIDR blocks are permitted to access specific ngrok account features such as the dashboard, API, agents, or public endpoints. Supports pagination via 'limit' and 'before_id', and filtering via CEL expressions. Returns details including id, uri, created_at, description, metadata, enforced status, type, and associated IP policies for each restriction.
Input parameters
Maximum number of IP restrictions to return per page. Used for pagination.
CEL expression to filter results. Supports logical and comparison operators on fields like id, metadata, created_at. Example: 'type == "api"'
Resource ID for cursor-based pagination. Returns entries created before this ID, sorted by ID.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_LIST_RESERVED_ADDRSList all reserved addresses on this account. Use this to retrieve all TCP addresses that have been reserved for listening to traffic on your ngrok account.
Input parameters
Maximum number of reserved addresses to return. Constrains the number of results in the dataset. See the API Overview for pagination details.
CEL expression to filter the list results. Supports logical and comparison operators to match on fields such as 'id', 'metadata', 'created_at'. See ngrok API Filtering documentation for syntax and field details.
Pagination cursor. Returns earlier entries in the result set, sorted by ID. Use the ID from a previous response for pagination.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_LIST_RESERVED_DOMAINSList all reserved domains on this account. Use this to retrieve all hostnames that have been reserved for listening to HTTP, HTTPS, and TLS traffic on your ngrok account.
Input parameters
Maximum number of reserved domains to return. Constrains the number of results in the dataset. See the API Overview for pagination details.
CEL expression to filter the list results. Supports logical and comparison operators to match on fields such as 'id', 'metadata', 'created_at'. See ngrok API Filtering documentation for syntax and field details.
Pagination cursor. Returns earlier entries in the result set, sorted by ID. Use the ID from a previous response for pagination.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_LIST_SERVICE_USERSTool to list all service users on this ngrok account. Use when you need to retrieve all service users with their status and metadata.
Input parameters
Maximum number of service users to return. Constrains the number of results in the dataset.
CEL expression to filter the list results. Supports logical and comparison operators to match on fields such as id, metadata, created_at, and more.
Pagination cursor. Returns results created before this service user ID. Use the ID from a previous response for pagination.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_LIST_SSH_CERTIFICATE_AUTHORITIESList all SSH Certificate Authorities on this account. SSH Certificate Authorities are pairs of SSH certificates and their private keys used to sign other SSH host and user certificates. Supports pagination and filtering via CEL expressions.
Input parameters
Maximum number of SSH certificate authorities to return. See the API Overview for details on pagination.
CEL expression to filter the list results. Supports logical and comparison operators to match on fields such as id, metadata, created_at. See https://ngrok.com/docs/api/api-filtering for syntax and field details.
Pagination cursor. Returns earlier entries in the result set, sorted by ID. Use the ID from a previous response for pagination.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_LIST_SSH_CREDENTIALSList all SSH credentials on the ngrok account. Use when you need to view all SSH public keys that can authenticate to start SSH tunnels.
Input parameters
Maximum number of SSH credentials to return. Accepts values between 1-100. Defaults to 100 if not specified.
CEL expression to filter the list results. Supports logical and comparison operators to match on fields such as id, metadata, created_at, and more. See ngrok API Filtering for syntax and field details: https://ngrok.com/docs/api/api-filtering.
Pagination cursor. Returns results created before this credential ID. Use the ID from a previous response for pagination.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_LIST_SSH_HOST_CERTIFICATESList all SSH Host Certificates issued on this account. SSH Host Certificates are used to sign SSH host keys and authenticate SSH servers. Supports pagination for efficient retrieval of large result sets.
Input parameters
Maximum number of SSH Host Certificates to return. See the API Overview for details on pagination.
Pagination cursor. Returns earlier entries in the result set, sorted by ID. Use the ID from a previous response for pagination.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_LIST_SSH_USER_CERTIFICATESList all SSH user certificates on the ngrok account. Use when you need to view all SSH certificates that authenticate SSH clients to SSH servers.
Input parameters
Maximum number of SSH user certificates to return. See the API Overview for details on pagination.
Pagination cursor. Returns results created before this certificate ID. Use the ID from a previous response for pagination.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_LIST_STATIC_BACKENDSList all static backends on the account. Static backends forward traffic to TCP addresses (hostname and port) that are reachable on the public internet.
Input parameters
Maximum number of static backends to return. Defaults to 100 if not specified. Maximum value is 100.
Pagination cursor. Returns backends created before the backend with this ID. Use for fetching subsequent pages.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_LIST_TCP_EDGESLists all TCP Edges in your ngrok account. TCP edges are configurations that tell ngrok how to handle TCP traffic. The action returns a paginated list of all TCP edges associated with your account.
Input parameters
Maximum number of TCP edges to return. Use for pagination.
Pagination cursor. Returns results created before this edge ID. Use the ID from a previous response's last edge for pagination.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_LIST_TLS_CERTIFICATESList all TLS certificates on the ngrok account. Use when you need to retrieve information about uploaded TLS certificates including validity, domains, and metadata.
Input parameters
Maximum number of TLS certificates to return. Constrains the number of results in the dataset.
A CEL expression to filter the list results. Supports logical and comparison operators to match on fields such as id, metadata, created_at, and more. See ngrok API Filtering for syntax and field details: https://ngrok.com/docs/api/api-filtering
Pagination cursor. Returns TLS certificates created before this certificate ID. Use the ID from a previous response for pagination.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_LIST_TLS_EDGESLists all TLS Edges in your ngrok account. TLS edges are configurations that tell ngrok how to handle TLS traffic. The action returns a paginated list of all TLS edges associated with your account.
Input parameters
Maximum number of TLS edges to return. Accepts values between 1-100. Defaults to 100 if not specified.
Pagination cursor. Returns results created before this edge ID. Use the ID from a previous response's last edge for pagination.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_LIST_TUNNELSList all active tunnels in the ngrok account. This tool lists all active tunnels in the ngrok account, providing details such as tunnel ID, public URL, start time, protocol, configuration details, and metadata. It requires no input parameters beyond authentication and returns a paginated list of all running tunnels with their complete status information.
Input parameters
Maximum number of tunnels to return. Defaults to 100 if not specified. Maximum value is 100.
Pagination cursor. Returns tunnels created before the tunnel with this ID. Use for fetching subsequent pages.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_LIST_TUNNEL_SESSIONSList all online tunnel sessions running on this account. Tunnel sessions represent instances of ngrok agents or SSH reverse tunnel sessions connected to the ngrok service. Each tunnel session can include one or more tunnels.
Input parameters
Maximum number of tunnel sessions to return. See the API Overview for pagination details.
CEL expression to filter the list results. Supports logical and comparison operators to match on fields such as id, metadata, created_at, and more. See ngrok API Filtering for syntax and field details.
Pagination cursor. Returns earlier entries in the result set, sorted by ID. Use a resource ID from a previous response.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_LIST_VAULTSList all vaults owned by the ngrok account. Vaults are used for securely storing and managing sensitive data such as secrets, credentials, and tokens.
Input parameters
Maximum number of vaults to return. Constrains the number of results in the dataset. See the API Overview for pagination details.
CEL expression to filter the list results. Supports logical and comparison operators to match on fields such as 'id', 'metadata', 'created_at'. See ngrok API Filtering for syntax and field details.
Pagination cursor. Returns vaults created before this vault ID. Use for fetching earlier entries in the result set.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_LIST_VAULT_SECRETSList all vault secrets owned by the ngrok account. Use when you need to view all secrets stored in vaults for traffic policy configurations.
Input parameters
Constrains the number of results in the dataset. Accepts values between 1-100. Defaults to 100 if not specified.
A CEL expression to filter the list results. Supports logical and comparison operators to match on fields such as id, metadata, created_at, and more. See ngrok API Filtering for syntax and field details.
Pagination cursor. Returns earlier entries in the result set, sorted by ID. Use the ID from a previous response for pagination.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_LIST_WEIGHTED_BACKENDSList all weighted backends on the ngrok account. Weighted backends balance traffic among referenced backends proportionally based on their assigned weights.
Input parameters
Maximum number of backends to return. Defaults to 100 if not specified. Maximum value is 100.
Pagination cursor. Returns backends created before this backend ID. Use for fetching subsequent pages.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_REPLACE_EDGE_ROUTE_CIRCUIT_BREAKER_MODULEReplaces the circuit breaker module configuration on an HTTPS edge route. Circuit breakers protect upstream applications by rejecting traffic when error rates exceed thresholds, giving systems time to recover. Use this action when you need to configure or update circuit breaker settings for a specific route on an HTTPS edge.
Input parameters
The unique identifier of the route within the edge. This is the route whose circuit breaker module you want to replace. Starts with 'edghtsrt_' prefix.
The unique identifier of the HTTPS edge. This is the edge that contains the route you want to update. Starts with 'edghts_' prefix.
true if the module will be applied to traffic, false to disable. Default is true if unspecified.
Integer number of buckets into which metrics are retained. Maximum value is 128.
Integer number of seconds in the statistical rolling window that metrics are retained for.
Integer number of seconds after the circuit is tripped to wait before re-evaluating upstream health.
Integer number of requests in a rolling window that will trip the circuit. Helpful if traffic volume is low.
Error threshold percentage between 0.0 and 1.0 (not 0-100). When upstream 5XX error rate exceeds this threshold, the circuit breaker will trip.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_REPLACE_EDGE_ROUTE_COMPRESSION_MODULEReplaces the compression module configuration for an HTTPS edge route. Use this when you need to enable or disable automatic HTTP response compression for a specific route.
Input parameters
Unique identifier of the edge route to configure compression for
Unique identifier of the HTTPS edge containing the route
true if the compression module will be applied to traffic, false to disable. If an HTTP request includes an Accept-Encoding header, HTTP responses will be automatically compressed and a Content-Encoding response header will be added. Supported encodings: gzip and deflate.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_REPLACE_EDGE_ROUTE_REQUEST_HEADERS_MODULEReplaces the request headers module configuration for an HTTPS edge route. Use this to modify HTTP request headers before they are sent to your upstream application server. You can add new headers or remove existing ones.
Input parameters
A map of header key to header value that will be injected into the HTTP request before being sent to the upstream application server. Header values can include template variables.
A list of header names that will be removed from the HTTP request before being sent to the upstream application server.
Unique identifier of the HTTPS edge containing the route. Format: edghts_<random_string>
Set to true if the module will be applied to traffic, false to disable. Default is true if unspecified.
Unique identifier of the HTTPS edge route to update. Format: edghtsrt_<random_string>
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_REPLACE_EDGE_ROUTE_RESPONSE_HEADERS_MODULEReplaces the response headers module configuration for an HTTPS edge route. Use this to control which HTTP headers are added to or removed from responses sent to clients. This allows customization of response headers for security, CORS, caching, or other purposes.
Input parameters
The unique identifier of the edge route. Starts with 'edghtsrt_' prefix (e.g., 'edghtsrt_39gqWSgQxmqGT6KGoIPnkd9w14S'). Routes are associated with specific edges.
A map of header key to header value that will be injected into the HTTP Response returned to the HTTP client. Keys are case-insensitive header names, values are the header values to add.
A list of header names that will be removed from the HTTP Response returned to the HTTP client. Header names are case-insensitive.
The unique identifier of the HTTPS edge. Starts with 'edghts_' prefix (e.g., 'edghts_39gqRMtiKTcKZQMyXKRm4RJfKTF'). Use List HTTPS Edges to find valid edge IDs.
True if the module will be applied to traffic, false to disable. Default is true if unspecified. When enabled, the configured headers will be added/removed from HTTP responses.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_REPLACE_EDGE_ROUTE_TRAFFIC_POLICYReplaces the traffic policy module on an HTTPS edge route. Traffic policies allow you to control and modify HTTP traffic flowing through your ngrok endpoints. Use this action when you need to update or change the traffic policy rules for a specific route on an HTTPS edge.
Input parameters
The unique identifier of the route within the edge. This is the route whose traffic policy you want to replace.
The traffic policy that should be applied to the traffic on your endpoint. This should be a YAML-formatted string defining rules for on_http_request, on_http_response, or on_tcp_connect phases. Example: 'on_http_request:\\n - actions:\\n - type: custom-response\\n config:\\n status_code: 200\\n content: "Traffic policy test"\\n headers:\\n content-type: text/plain'
The unique identifier of the HTTPS edge. This is the edge that contains the route you want to update.
Whether the traffic policy module will be applied to traffic. Set to true to enable, false to disable. Defaults to true if unspecified.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_REPLACE_EDGE_ROUTE_USER_AGENT_FILTER_MODULEReplaces the user agent filter module configuration for an HTTPS edge route. Use this to control which User-Agent strings are allowed or denied access to your route based on regex patterns. Denied patterns take precedence over allowed patterns.
Input parameters
Unique identifier of the HTTPS edge route to update. Format: edghtsrt_<random_string>
A list of regular expressions to match User-Agent strings that should be denied. Requests with User-Agent headers matching these patterns will be blocked. Takes precedence over 'allow' patterns.
A list of regular expressions to match User-Agent strings that should be allowed. Only requests with User-Agent headers matching these patterns will be permitted. If specified, requests not matching any pattern will be denied.
Unique identifier of the HTTPS edge containing the route. Format: edghts_<random_string>
Set to true if the module will be applied to traffic, false to disable. When enabled, user agents matching patterns in 'allow' or 'deny' will be filtered.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_REPLACE_EDGE_ROUTE_WEBHOOK_VERIFICATION_MODULEReplaces the webhook verification module configuration for an HTTPS edge route. Use this to configure ngrok to automatically verify webhook signatures from supported providers. This ensures that only authenticated webhook requests from your chosen provider reach your backend service.
Input parameters
The unique identifier of the edge route. Starts with 'edghtsrt_' prefix (e.g., 'edghtsrt_39gqWSgQxmqGT6KGoIPnkd9w14S'). Routes are associated with specific edges.
A string secret used to validate requests from the given provider. All providers except AWS SNS require a secret. This is the signing secret provided by your webhook provider.
The unique identifier of the HTTPS edge. Starts with 'edghts_' prefix (e.g., 'edghts_39gqRMtiKTcKZQMyXKRm4RJfKTF'). Use List HTTPS Edges to find valid edge IDs.
True if the module will be applied to traffic, false to disable. Default is true if unspecified. When enabled, ngrok will verify incoming webhook signatures using the configured provider and secret.
A string indicating which webhook provider will be sending webhooks to this endpoint. Value must be one of the supported providers (e.g., 'github', 'slack', 'stripe', 'twilio', 'shopify', 'sns', etc.). See https://ngrok.com/docs/cloud-edge/modules/webhook-verification for the full list of 100+ supported providers.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_UPDATE_API_KEYUpdates attributes of an API key by ID. Use this to modify the description or metadata of an existing API key without changing its token or credentials.
Input parameters
The unique identifier of the API key to update
Arbitrary user-defined data of this API key. Optional, max 4096 bytes.
Human-readable description of what uses the API key to authenticate. Optional, max 255 bytes.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_UPDATE_CREDENTIALSTool to update attributes of a tunnel authtoken credential by ID. Use when you need to modify the description, metadata, or ACL rules of an existing credential.
Input parameters
The unique identifier of the credential to update
Optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the 'bind' rule. The 'bind' rule allows the caller to restrict what domains, addresses, and labels the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule 'bind:example.ngrok.io'. Bind rules for domains may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of 'bind:*.example.com' which will allow x.example.com, y.example.com, *.example.com, etc. Bind rules for labels may specify a wildcard key and/or value to match multiple labels. For example, you may specify a rule of 'bind:*=example' which will allow x=example, y=example, etc. A rule of '*' is equivalent to no acl at all and will explicitly permit all actions.
Arbitrary user-defined machine-readable data of this credential. Optional, max 4096 bytes.
Human-readable description of who or what will use the credential to authenticate. Optional, max 255 bytes.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_UPDATE_ENDPOINTTool to update an Endpoint by ID, currently available only for cloud endpoints. Use this to modify the description, metadata, traffic policy, bindings, or other attributes of an existing endpoint.
Input parameters
The unique identifier of the endpoint to update
The URL of the endpoint
The bindings associated with this endpoint
User-supplied metadata of the associated tunnel or edge object. Must be a valid JSON string.
User-supplied description of the associated tunnel
The traffic policy attached to this endpoint
Whether the endpoint allows pooling
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_UPDATE_EVENT_SUBSCRIPTIONTool to update attributes of an event subscription by ID. Use when you need to modify the description, metadata, destination IDs, or sources of an existing event subscription.
Input parameters
The unique identifier of the event subscription to update. Starts with 'esb_' prefix (e.g., 'esb_39gr1tmhrxFASlEFDYbruuZ2pP1').
Sources containing the types for which this event subscription will trigger
Arbitrary customer supplied information intended to be machine readable. Optional, max 4096 chars.
Arbitrary customer supplied information intended to be human readable. Optional, max 255 chars.
A list of Event Destination IDs which should be used for this Event Subscription.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_UPDATE_HTTPS_EDGE_ROUTETool to update an HTTPS edge route by ID. Use when you need to modify route configuration for HTTPS traffic handling. Updates can include match patterns, module settings, and metadata. Unspecified modules remain unchanged.
Input parameters
unique identifier of this edge route
Model for OIDC configuration
Model for SAML configuration
Route selector: '/blog' or 'example.com' or 'example.com/blog'
Model for OAuth configuration
Model for backend configuration
unique identifier of this edge
arbitrary user-defined machine-readable data of this edge. Optional, max 4096 bytes
Type of match to use for this route. Valid values are 'exact_path' and 'path_prefix'
Model for compression configuration
human-readable description of what this edge will be used for; optional, max 255 bytes
Model for IP restriction configuration
Model for traffic policy configuration
Model for circuit breaker configuration
Model for request headers configuration
Model for response headers configuration
Model for user agent filter configuration
Model for webhook verification configuration
Model for WebSocket to TCP converter configuration
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_UPDATE_RESERVED_DOMAINTool to update the attributes of a reserved domain by ID. Use this to modify the description, metadata, certificate configuration, or DNS resolver targets of an existing reserved domain.
Input parameters
The unique identifier of the reserved domain to update
Arbitrary user-defined machine-readable data of this reserved domain. Optional, max 4096 bytes.
Human-readable description of what this reserved domain will be used for
DNS resolver targets configured for the reserved domain, or empty for 'global' resolution.
ID of a user-uploaded TLS certificate to use for connections to targeting this domain. Optional, mutually exclusive with certificate_management_policy.
Certificate management policy configuration for the reserved domain.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_UPDATE_SECRETTool to update a vault secret by ID. Use when you need to modify the name, description, metadata, or value of an existing secret in the ngrok vault.
Input parameters
The unique identifier of the secret to update
Name of the secret. Optional.
Value of the secret. Optional.
Arbitrary user-defined metadata for this secret. Optional.
Human-readable description of the secret. Optional.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_UPDATE_SSH_CREDENTIALTool to update attributes of an SSH credential by ID. Use when you need to modify the description, metadata, or ACL rules of an existing SSH credential.
Input parameters
The unique identifier of the SSH credential to update
Optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the 'bind' rule. The 'bind' rule allows the caller to restrict what domains, addresses, and labels the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule 'bind:example.ngrok.io'. Bind rules for domains may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of 'bind:*.example.com' which will allow x.example.com, y.example.com, *.example.com, etc. Bind rules for labels may specify a wildcard key and/or value to match multiple labels. For example, you may specify a rule of 'bind:*=example' which will allow x=example, y=example, etc. A rule of '*' is equivalent to no acl at all and will explicitly permit all actions.
Arbitrary user-defined machine-readable data of this SSH credential. Optional, max 4096 bytes.
Human-readable description of who or what will use the SSH credential to authenticate. Optional, max 255 bytes.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
NGROK_UPDATE_VAULTTool to update attributes of a vault by ID. Use when you need to modify the name, description, or metadata of an existing vault.
Input parameters
The unique identifier of the vault to update
Name of vault
Arbitrary user-defined metadata for this Vault
Description of Vault
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
No publicly available marketplace agent is found using this tool yet. There are 55 agents privately built on Nagent that already use Ngrok.
Build on Nagent
Connect Ngrok to any Nagent agent in minutes — no API key management, no boilerplate. Just configure and deploy.
The five questions agent builders ask before adopting a new integration.
Open the External Integrations panel inside Nagent (app.nagent.ai/externalIntegration), find Ngrok, and click "Connect Now." You'll authenticate with an API key — Nagent handles credential storage and refresh automatically. Once connected, Ngrok is available to any agent in your workspace.
No. Nagent provides no-code integration for every tool. Once Ngrok is connected, you configure its 102 actions directly in the agent builder UI — no API calls, no boilerplate, no schema management.
Helix — Nagent's agentic agent builder — lets you drop Ngrok steps into any workflow visually. Pick an action (e.g., one of those listed above), fill in the inputs (Helix knows the required vs. optional schema for each parameter), and connect it to upstream/downstream steps. Triggers run as the entry point of an agent, so when a Ngrok event fires, the agent kicks off automatically.
Every Ngrok action and trigger ships with a fully-typed schema — input parameters with name, type, required flag, and description, plus the output payload shape. The schemas are documented in the sections above. Helix uses these schemas to validate your configuration at build time and to type-check the data flowing between steps.
Yes. While Ngrok ships with 102 pre-built developer tools actions, you can layer custom logic around them inside Helix — pre/post-processing steps, conditional branches, retries, or stitching Ngrok together with other connected tools. For deeper customization, talk to our team about Nagent's Agentic AI Lab — forward-deployed engineers who build Ngrok-based workflows tailored to your business.