Universal Gateway
What is the Universal Gateway?
ngrok's Universal Gateway is a suite of common tools for building API and device gateways, identity-aware proxies, and site-to-site connectivity.
What makes it "universal"? The Universal Gateway is a flexible and composable platform that can be used with software running locally or in the cloud, and with devices running on-premises or distributed in the field. You can deliver traffic to internal and public APIs as well as orchestrate traffic across your devices. It's globally distributed by default and provides support across multiple environments with minimal configuration.
Check out the front door pattern in the examples collection to see one of the most common use cases.
Universal Gateway features
Here are some of the key features of the Universal Gateway platform:
Traffic Policy
ngrok's is a configuration language for filtering, matching, managing, and orchestrating traffic to your endpoints. With a Traffic Policy in place, you can validate incoming traffic, block malicious traffic, rewrite URLs, respond with custom content, and more.
Learn more in the Traffic Policy documentation.
Kubernetes Operator
The ngrok Kubernetes Operator is the best way to use ngrok if your applications run in Kubernetes environments. It comes with custom resources for configuration and also supports both Ingress resources as well as the new cross-platform configuration resources.
You should use the ngrok Kubernetes Operator if you want to:
Send traffic to your Kubernetes workloads Integrate Kubernetes workloads with workloads outside of Kubernetes, such as those running on virtual machines, bare metal, embedded devices, and anywhere else you can run ngrok Perform cross-cluster networking Use Kubernetes with ngrok without using ngrok's SDKs
Traffic Observability
Traffic Inspector
Traffic Inspector gives you a view into the HTTP traffic flowing through the endpoints in your account. You can choose whether Traffic Inspector captures only request metadata or full request and response bodies. You can even replay requests against your endpoints for easy debugging replication.
Log exporting
Whenever changes occur in your ngrok account or when traffic transits through your endpoints, an event is fired. You may subscribe to these events and publish them to destinations like AWS Cloudwatch Logs, AWS Firehose, AWS S3, Datadog Logs, Azure Monitor and more.
Identify and access management
ngrok includes a robust identity and access management (IAM) system. ngrok's IAM functionality enables you to:
- Issue, rotate and revoke unique credentials for each principal in your account (either a human user or an automated process).
- Enforce least-privilege access for each principal acting within your ngrok account
- Attribute all mutations to distinct principals in your ngrok account recorded in audit logs
- Configure single sign-on (SSO) to federate identity and SCIM to enable provisioning from your own IdP
- Administrate multiple ngrok accounts with a single user
Common use cases
- The front door pattern: A single public endpoint serves as the centralized entrance to all upstream services.
- Route to endpoints by geography: Forward requests based on IP geolocation data for improved latency or country-specific features.
- Create identity-based rate limits: Pre-tier requests based on your packaging or pricing model.
- Secure a public Minecraft server: Restrict server access to a specific set of IP addresses.
- Intercept and rewrite headers: Intercept 302 redirect headers to preserve UX and agent behavior.
What's next?
- Explore key concepts for working with the Universal Gateway such as endpoint types, protocols, bindings, and pooling.
- Check out the Universal Gateway examples collection to see how to implement even more common use cases.
- Proceed to the Guides section to get started with ngrok as an API gateway, device gateway, identity-aware proxy, or for site-to-site connectivity.