Skip to main content

Universal Gateway

What is the Universal Gateway?

ngrok's Universal Gateway is a suite of common tools for building API and device gateways, identity-aware proxies, and site-to-site connectivity.

What makes it "universal"? The Universal Gateway is a flexible and composable platform that can be used with software running locally or in the cloud, and with devices running on-premises or distributed in the field. You can deliver traffic to internal and public APIs as well as orchestrate traffic across your devices. It's globally distributed by default and provides support across multiple environments with minimal configuration.

tip

Check out the front door pattern in the examples collection to see one of the most common use cases.

Universal Gateway features

Traffic Policy

ngrok's is a configuration language that offers you the flexibility to filter, match, manage and orchestrate traffic to your endpoints.

With ngrok's Traffic Policy you can:

  • Validate incoming traffic
  • Block malicious traffic
  • Rewrite URLs
  • Respond with custom content
  • Forward traffic to your agents running across the globe

Because you can add traffic policies to any type of ngrok endpoint, you can use them to scope traffic management for each of your endpoints. For example, API teams can manage a traffic policy for their internal services while devops or security teams can manage policies for public services.

Kubernetes Operator

The ngrok Kubernetes Operator is the best way to use ngrok if your applications run in Kubernetes environments. It comes with custom resources for configuration and also supports both Ingress resources as well as the new cross-platform configuration resources.

You should use the ngrok Kubernetes Operator if you want to:

Send traffic to your Kubernetes workloads Integrate Kubernetes workloads with workloads outside of Kubernetes, such as those running on virtual machines, bare metal, embedded devices, and anywhere else you can run ngrok Perform cross-cluster networking Use Kubernetes with ngrok without using ngrok's SDKs

Traffic Observability

Traffic Inspector

Traffic Inspector gives you a view into the HTTP traffic flowing through the endpoints in your account. You can choose whether Traffic Inspector captures only request metadata or full request and response bodies. You can even replay requests against your endpoints for easy debugging replication.

Log exporting

Whenever changes occur in your ngrok account or when traffic transits through your endpoints, an event is fired. You may subscribe to these events and publish them to destinations like AWS Cloudwatch Logs, AWS Firehose, AWS S3, Datadog Logs, Azure Monitor and more.

Identify and access management

ngrok includes a robust identity and access management (IAM) system. ngrok's IAM functionality enables you to:

  • Issue, rotate and revoke unique credentials for each principal in your account (either a human user or an automated process).
  • Enforce least-privilege access for each principal acting within your ngrok account
  • Attribute all mutations to distinct principals in your ngrok account recorded in audit logs
  • Configure single sign-on (SSO) to federate identity and SCIM to enable provisioning from your own IdP
  • Administrate multiple ngrok accounts with a single user

Common use cases

What's next?