Skip to main content

Event Source Reference

Event Sources

Traffic Events

When network traffic transits through your endpoints, like HTTP requests or TCP connections, ngrok emits protocol-specific Traffic Events. Because Traffic Events are often high cardinality, they support the ability to select which fields to capture as well as the ability to specify a CEL filter expression to limit which events are captured.

EventDescription
http_request_complete.v0Triggers when an HTTP request completes.
tcp_connection_closed.v0Triggers when a TCP connection to an endpoint closes.

Audit Events

When you make configuration changes to your account ngrok emits Audit Events. These events can help you get visibility into when objects like Domains, API Keys, and IP Policies are created, updated, or deleted within your ngrok account.

EventDescription
agent_session_start.v0Triggers when an agent is started
agent_session_stop.v0Triggers when an agent is stopped
api_key_created.v0Triggers when an API key is created
api_key_deleted.v0Triggers when an API key is deleted
api_key_updated.v0Triggers when an API key is updated
certificate_authority_created.v0Triggers when a certificate authority is created
certificate_authority_deleted.v0Triggers when a certificate authority is deleted
certificate_authority_updated.v0Triggers when a certificate authority is updated
domain_created.v0Triggers when a domain is created
domain_deleted.v0Triggers when a domain is deleted
domain_updated.v0Triggers when a domain is updated
event_destination_created.v0Triggers when an Event Destination is created
event_destination_deleted.v0Triggers when an Event Destination is deleted
event_destination_updated.v0Triggers when an Event Destination is updated
event_subscription_created.v0Triggers when an Event Subscription is created
event_subscription_deleted.v0Triggers when an Event Subscription is deleted
event_subscription_updated.v0Triggers when an Event Subscription is updated
ip_policy_created.v0Triggers when an IP Policy is created.
ip_policy_deleted.v0Triggers when an IP Policy is deleted.
ip_policy_updated.v0Triggers when an IP Policy is updated.
ip_policy_rule_created.v0Triggers when an IP Policy Rule is created.
ip_policy_rule_deleted.v0Triggers when an IP Policy Rule is deleted.
ip_policy_rule_updated.v0Triggers when an IP Policy Rule is updated.
ip_restriction_created.v0Triggers when an IP Restriction is created.
ip_restriction_deleted.v0Triggers when an IP Restriction is deleted.
ip_restriction_updated.v0Triggers when an IP Restriction is updated.
ssh_certificate_authority_created.v0Triggers when an SSH certificate authority is created.
ssh_certificate_authority_deleted.v0Triggers when an SSH certificate authority is deleted.
ssh_certificate_authority_updated.v0Triggers when an SSH certificate authority is updated.
ssh_host_certificate_created.v0Triggers when an SSH host certificate is created.
ssh_host_certificate_deleted.v0Triggers when an SSH host certificate is deleted.
ssh_host_certificate_updated.v0Triggers when an SSH host certificate is updated.
ssh_public_key_created.v0Triggers when an SSH public key is created.
ssh_public_key_deleted.v0Triggers when an SSH public key is deleted.
ssh_public_key_updated.v0Triggers when an SSH public key is updated.
ssh_user_certificate_created.v0Triggers when an SSH user certificate is created.
ssh_user_certificate_deleted.v0Triggers when an SSH user certificate is deleted.
ssh_user_certificate_updated.v0Triggers when an SSH user certificate is updated.
tcp_address_created.v0Triggers when a TCP address is created.
tcp_address_deleted.v0Triggers when a TCP address is deleted.
tcp_address_updated.v0Triggers when a TCP address is updated.
tls_certificate_created.v0Triggers when a TLS certificate is created.
tls_certificate_deleted.v0Triggers when a TLS certificate is deleted.
tls_certificate_updated.v0Triggers when a TLS certificate is updated.
tunnel_credential_created.v0Triggers when a tunnel credential is created.
tunnel_credential_deleted.v0Triggers when a tunnel credential is deleted.
tunnel_credential_updated.v0Triggers when a tunnel credential is updated.

Traffic Events

HTTP Request Complete

http_request_complete.v0

Triggers when an HTTP request completes.

FieldTypeDescription
backend.connection_reusedbooltrue if ngrok reused a TCP connection to transmit the HTTP request to the upstream service.
basic_auth.decisionstringallow if the Basic Auth module permitted the request to the upstream service, block if not permitted, and invalid if the module did not run.
basic_auth.usernamestringThe username in the HTTP basic auth credentials
circuit_breaker.decisionstringWhether the HTTP request was sent to the upstream service. allow if the breaker was closed, block if the breaker was open, allow_while_open if the request was allowed while the breaker is open, and invalid if the module did not run.
compression.algorithmstringThe compression algorithm used to encode responses from the endpoint. Either gzip, deflate, or none.
compression.bytes_savedint64The difference between the size of the raw response and the size of the response as compressed by the Compression Module
conn.client_ipstringFilterable. The source IP of the TCP connection to the ngrok edge
conn.server_ipstringFilterable. The IP address of the server that received the request
conn.server_namestringFilterable. The hostname associated with this connection.
conn.server_portint32Filterable. The port that the connection for this request came in on
conn.start_tstimestampThe timestamp when the TCP connection to the ngrok edge is established
http.request.body_lengthint64The size of the request body in bytes
http.request.headersMap<string, List<string>>A map of normalized headers from the requesting client. Header keys are capitalized and header values are lowercased.
http.request.methodstringThe request method, normalized to lowercase
http.request.url.hoststringThe host component of the request URL
http.request.url.pathstringThe path component of the request URL
http.request.url.querystringThe query string component of the request URL
http.request.url.rawstringThe full URL of the request including scheme, host, path, and query string
http.request.url.schemestringThe scheme component of the request URL
http.request.user_agentstringThe value of the User-Agent header in the request received by ngrok edge
http.response.body_lengthint64The size of the response body in bytes
http.response.headersMap<string, List<string>>A map of normalized response headers. Header keys are capitalized and header values are lowercased.
http.response.status_codeint32The status code of the response returned by the ngrok edge
ip_policy.decisionstringallow if IP Policy module permitted the request to the upstream service, block if not permitted, and invalid if the module did not run.
oauth.app_client_idstringThe OAuth application client ID
oauth.decisionstringallow if the OAuth module permitted the request to the upstream service, block if not permitted, and invalid if the module did not run.
oauth.user.idstringThe authenticated user’s ID returned by the OAuth provider
oauth.user.namestringThe authenticated user’s name returned by the OAuth provider
tls.cipher_suitestringThe cipher suite selected during the TLS handshake
tls.client_cert.serial_numberstringThe serial number of the client’s leaf TLS certificate in the Mutual TLS handshake
tls.client_cert.subject.cnstringThe subject common name of the client’s leaf TLS certificate in the Mutual TLS handshake
tls.versionstringThe version of the TLS protocol used between the client and the ngrok edge
traffic_policy.logsList<Map<string, any>>The collection of logs generated by any configured Traffic Policy Log actions
webhook_verification.decisionstringallow if the Webhook Verification module permitted the request to the upstream service, block if not permitted, and invalid if the module did not run.

TCP Connection Closed

tcp_connection_closed.v0

Triggers when a TCP connection to an endpoint closes.

FieldTypeDescription
conn.bytes_inint64The number of bytes arriving at an endpoint from the frontend
conn.bytes_outint64The number of bytes leaving an endpoint to the frontend
conn.client_ipstringFilterable. The source IP of the TCP connection to the ngrok edge
conn.end_tstimestampThe timestamp when the TCP connection to the ngrok edge is closed
conn.server_ipstringFilterable. The IP address of the server that received the request
conn.server_namestringFilterable. The hostname associated with this connection.
conn.server_portint32Filterable. The port that the connection for this request came in on
conn.start_tstimestampThe timestamp when the TCP connection to the ngrok edge is established
ip_policy.decisionstringallow if IP Policy module permitted the request to the upstream service, block if not permitted, and invalid if the module did not run or if the TCP connection was established for an HTTP endpoint. In the latter case, the decision will only be available in the corresponding http_request_complete.v0 event.
traffic_policy.logsList<Map<string, any>>The collection of logs generated by any configured Traffic Policy Log actions

Audit Events

Agent

agent_session_start.v0

Triggers when an agent is started

FieldTypeDescription
session.idstringa resource identifier
session.uristringa uri for locating a resource
credential.idstringa resource identifier
credential.uristringa uri for locating a resource
agent_ipstringthe ip address from which the agent is connecting
ingress_server_ipstringthe ip address of the ingress server to which the agent is connecting
regionstringthe region of the tunnel server
ingress_hostnamestringthe hostname of the tunnel server
user_agentstringthe user agent provided to the tunnel server by the agent
metadatastringthe session metadata provided by the agent on connection
osstringthe operating system of the machine on which the agent is running
archstringthe CPU architecture of the machine on which the agent is running
transportstringthe transport protocol used internally by the agent "muxado" for agents and agent libraries, "ssh" for reverse SSH tunnels
started_atstringthe time at which the session started
expires_atstringthe time at which the session expires
stopped_atstringthe time at which the session stopped
deprecated.upcoming_minimum_versionstringthe upcoming minimum supported agent version
deprecated.upcoming_enforcement_datestringthe date by which the current agent must be upgraded to the upcoming minimum version
deprecated.messagestringadditional information about the agent deprecation
errorstringon a failed session start, an explanation of the failure on a successful session start, the empty string on a session stop, the reason for the session stop

agent_session_stop.v0

Triggers when an agent is stopped

FieldTypeDescription
session.idstringa resource identifier
session.uristringa uri for locating a resource
credential.idstringa resource identifier
credential.uristringa uri for locating a resource
agent_ipstringthe ip address from which the agent is connecting
ingress_server_ipstringthe ip address of the ingress server to which the agent is connecting
regionstringthe region of the tunnel server
ingress_hostnamestringthe hostname of the tunnel server
user_agentstringthe user agent provided to the tunnel server by the agent
metadatastringthe session metadata provided by the agent on connection
osstringthe operating system of the machine on which the agent is running
archstringthe CPU architecture of the machine on which the agent is running
transportstringthe transport protocol used internally by the agent "muxado" for agents and agent libraries, "ssh" for reverse SSH tunnels
started_atstringthe time at which the session started
expires_atstringthe time at which the session expires
stopped_atstringthe time at which the session stopped
deprecated.upcoming_minimum_versionstringthe upcoming minimum supported agent version
deprecated.upcoming_enforcement_datestringthe date by which the current agent must be upgraded to the upcoming minimum version
deprecated.messagestringadditional information about the agent deprecation
errorstringon a failed session start, an explanation of the failure on a successful session start, the empty string on a session stop, the reason for the session stop

API Key

api_key_created.v0

Triggers when an API key is created

FieldTypeDescription
idstringunique API key resource identifier
uristringURI to the API resource of this API key
descriptionstringhuman-readable description of what uses the API key to authenticate. optional, max 255 bytes.
metadatastringarbitrary user-defined data of this API key. optional, max 4096 bytes
created_atstringtimestamp when the api key was created, RFC 3339 format
tokenstringthe bearer token that can be placed into the Authorization header to authenticate request to the ngrok API. This value is only available one time, on the API response from key creation. Otherwise it is null.

api_key_deleted.v0

Triggers when an API key is deleted

FieldTypeDescription
idstringunique API key resource identifier
uristringURI to the API resource of this API key
descriptionstringhuman-readable description of what uses the API key to authenticate. optional, max 255 bytes.
metadatastringarbitrary user-defined data of this API key. optional, max 4096 bytes
created_atstringtimestamp when the api key was created, RFC 3339 format
tokenstringthe bearer token that can be placed into the Authorization header to authenticate request to the ngrok API. This value is only available one time, on the API response from key creation. Otherwise it is null.

api_key_updated.v0

Triggers when an API key is updated

FieldTypeDescription
idstringunique API key resource identifier
uristringURI to the API resource of this API key
descriptionstringhuman-readable description of what uses the API key to authenticate. optional, max 255 bytes.
metadatastringarbitrary user-defined data of this API key. optional, max 4096 bytes
created_atstringtimestamp when the api key was created, RFC 3339 format
tokenstringthe bearer token that can be placed into the Authorization header to authenticate request to the ngrok API. This value is only available one time, on the API response from key creation. Otherwise it is null.

Certificate Authority

certificate_authority_created.v0

Triggers when a certificate authority is created

FieldTypeDescription
idstringunique identifier for this Certificate Authority
uristringURI of the Certificate Authority API resource
created_atstringtimestamp when the Certificate Authority was created, RFC 3339 format
descriptionstringhuman-readable description of this Certificate Authority. optional, max 255 bytes.
metadatastringarbitrary user-defined machine-readable data of this Certificate Authority. optional, max 4096 bytes.
ca_pemstringraw PEM of the Certificate Authority
subject_common_namestringsubject common name of the Certificate Authority
not_beforestringtimestamp when this Certificate Authority becomes valid, RFC 3339 format
not_afterstringtimestamp when this Certificate Authority becomes invalid, RFC 3339 format
key_usagesList<string>set of actions the private key of this Certificate Authority can be used for
extended_key_usagesList<string>extended set of actions the private key of this Certificate Authority can be used for

certificate_authority_deleted.v0

Triggers when a certificate authority is deleted

FieldTypeDescription
idstringunique identifier for this Certificate Authority
uristringURI of the Certificate Authority API resource
created_atstringtimestamp when the Certificate Authority was created, RFC 3339 format
descriptionstringhuman-readable description of this Certificate Authority. optional, max 255 bytes.
metadatastringarbitrary user-defined machine-readable data of this Certificate Authority. optional, max 4096 bytes.
ca_pemstringraw PEM of the Certificate Authority
subject_common_namestringsubject common name of the Certificate Authority
not_beforestringtimestamp when this Certificate Authority becomes valid, RFC 3339 format
not_afterstringtimestamp when this Certificate Authority becomes invalid, RFC 3339 format
key_usagesList<string>set of actions the private key of this Certificate Authority can be used for
extended_key_usagesList<string>extended set of actions the private key of this Certificate Authority can be used for

certificate_authority_updated.v0

Triggers when a certificate authority is updated

FieldTypeDescription
idstringunique identifier for this Certificate Authority
uristringURI of the Certificate Authority API resource
created_atstringtimestamp when the Certificate Authority was created, RFC 3339 format
descriptionstringhuman-readable description of this Certificate Authority. optional, max 255 bytes.
metadatastringarbitrary user-defined machine-readable data of this Certificate Authority. optional, max 4096 bytes.
ca_pemstringraw PEM of the Certificate Authority
subject_common_namestringsubject common name of the Certificate Authority
not_beforestringtimestamp when this Certificate Authority becomes valid, RFC 3339 format
not_afterstringtimestamp when this Certificate Authority becomes invalid, RFC 3339 format
key_usagesList<string>set of actions the private key of this Certificate Authority can be used for
extended_key_usagesList<string>extended set of actions the private key of this Certificate Authority can be used for

Domain

domain_created.v0

Triggers when a domain is created

FieldTypeDescription
idstringunique reserved domain resource identifier
uristringURI of the reserved domain API resource
created_atstringtimestamp when the reserved domain was created, RFC 3339 format
descriptionstringhuman-readable description of what this reserved domain will be used for
metadatastringarbitrary user-defined machine-readable data of this reserved domain. Optional, max 4096 bytes.
domainstringhostname of the reserved domain
regionstringdeprecated: With the launch of the ngrok Global Network domains traffic is now handled globally. This field applied only to endpoints. Note that agents may still connect to specific regions. Optional, null by default. (au, eu, ap, us, us-cal-1, jp, in, sa)
cname_targetstringDNS CNAME target for a custom hostname, or null if the reserved domain is a subdomain of an ngrok domain
certificate.idstringa resource identifier
certificate.uristringa uri for locating a resource
certificate_management_policy.authoritystringcertificate authority to request certificates from. The only supported value is letsencrypt.`
certificate_management_policy.private_key_typestringtype of private key to use when requesting certificates. Defaults to rsa, can be either rsa or ecdsa.
certificate_management_status.renews_atstringtimestamp when the next renewal will be requested, RFC 3339 format
certificate_management_status.provisioning_job.error_codestringif present, an error code indicating why provisioning is failing. It may be either a temporary condition (INTERNAL_ERROR), or a permanent one the user must correct (DNS_ERROR).
certificate_management_status.provisioning_job.msgstringa message describing the current status or error
certificate_management_status.provisioning_job.started_atstringtimestamp when the provisioning job started, RFC 3339 format
certificate_management_status.provisioning_job.retries_atstringtimestamp when the provisioning job will be retried
acme_challenge_cname_targetstringDNS CNAME target for the host _acme-challenge.example.com, where example.com is your reserved domain name. This is required to issue certificates for wildcard, non-ngrok reserved domains. Must be null for non-wildcard domains and ngrok subdomains.

domain_deleted.v0

Triggers when a domain is deleted

FieldTypeDescription
idstringunique reserved domain resource identifier
uristringURI of the reserved domain API resource
created_atstringtimestamp when the reserved domain was created, RFC 3339 format
descriptionstringhuman-readable description of what this reserved domain will be used for
metadatastringarbitrary user-defined machine-readable data of this reserved domain. Optional, max 4096 bytes.
domainstringhostname of the reserved domain
regionstringdeprecated: With the launch of the ngrok Global Network domains traffic is now handled globally. This field applied only to endpoints. Note that agents may still connect to specific regions. Optional, null by default. (au, eu, ap, us, us-cal-1, jp, in, sa)
cname_targetstringDNS CNAME target for a custom hostname, or null if the reserved domain is a subdomain of *.ngrok.io
certificate.idstringa resource identifier
certificate.uristringa uri for locating a resource
certificate_management_policy.authoritystringcertificate authority to request certificates from. The only supported value is letsencrypt.`
certificate_management_policy.private_key_typestringtype of private key to use when requesting certificates. Defaults to rsa, can be either rsa or ecdsa.
certificate_management_status.renews_atstringtimestamp when the next renewal will be requested, RFC 3339 format
certificate_management_status.provisioning_job.error_codestringif present, an error code indicating why provisioning is failing. It may be either a temporary condition (INTERNAL_ERROR), or a permanent one the user must correct (DNS_ERROR).
certificate_management_status.provisioning_job.msgstringa message describing the current status or error
certificate_management_status.provisioning_job.started_atstringtimestamp when the provisioning job started, RFC 3339 format
certificate_management_status.provisioning_job.retries_atstringtimestamp when the provisioning job will be retried
acme_challenge_cname_targetstringDNS CNAME target for the host _acme-challenge.example.com, where example.com is your reserved domain name. This is required to issue certificates for wildcard, non-ngrok reserved domains. Must be null for non-wildcard domains and ngrok subdomains.

domain_updated.v0

Triggers when a domain is updated

FieldTypeDescription
idstringunique reserved domain resource identifier
uristringURI of the reserved domain API resource
created_atstringtimestamp when the reserved domain was created, RFC 3339 format
descriptionstringhuman-readable description of what this reserved domain will be used for
metadatastringarbitrary user-defined machine-readable data of this reserved domain. Optional, max 4096 bytes.
domainstringhostname of the reserved domain
regionstringdeprecated: With the launch of the ngrok Global Network domains traffic is now handled globally. This field applied only to endpoints. Note that agents may still connect to specific regions. Optional, null by default. (au, eu, ap, us, us-cal-1, jp, in, sa)
cname_targetstringDNS CNAME target for a custom hostname, or null if the reserved domain is a subdomain of *.ngrok.io
certificate.idstringa resource identifier
certificate.uristringa uri for locating a resource
certificate_management_policy.authoritystringcertificate authority to request certificates from. The only supported value is letsencrypt.`
certificate_management_policy.private_key_typestringtype of private key to use when requesting certificates. Defaults to rsa, can be either rsa or ecdsa.
certificate_management_status.renews_atstringtimestamp when the next renewal will be requested, RFC 3339 format
certificate_management_status.provisioning_job.error_codestringif present, an error code indicating why provisioning is failing. It may be either a temporary condition (INTERNAL_ERROR), or a permanent one the user must correct (DNS_ERROR).
certificate_management_status.provisioning_job.msgstringa message describing the current status or error
certificate_management_status.provisioning_job.started_atstringtimestamp when the provisioning job started, RFC 3339 format
certificate_management_status.provisioning_job.retries_atstringtimestamp when the provisioning job will be retried
acme_challenge_cname_targetstringDNS CNAME target for the host _acme-challenge.example.com, where example.com is your reserved domain name. This is required to issue certificates for wildcard, non-ngrok reserved domains. Must be null for non-wildcard domains and ngrok subdomains.

Event Destination

event_destination_created.v0

Triggers when an Event Destination is created

FieldTypeDescription
idstringUnique identifier for this Event Destination.
metadatastringArbitrary user-defined machine-readable data of this Event Destination. Optional, max 4096 bytes.
created_atstringTimestamp when the Event Destination was created, RFC 3339 format.
descriptionstringHuman-readable description of the Event Destination. Optional, max 255 bytes.
formatstringThe output format you would like to serialize events into when sending to their target. Currently the only accepted value is JSON.`
target.firehose.auth.role.role_arnstringAn ARN that specifies the role that ngrok should use to deliver to the configured target.
target.firehose.auth.creds.aws_access_key_idstringThe ID portion of an AWS access key.
target.firehose.auth.creds.aws_secret_access_keystringThe secret portion of an AWS access key.
target.firehose.delivery_stream_arnstringAn Amazon Resource Name specifying the Firehose delivery stream to deposit events into.
target.kinesis.auth.role.role_arnstringAn ARN that specifies the role that ngrok should use to deliver to the configured target.
target.kinesis.auth.creds.aws_access_key_idstringThe ID portion of an AWS access key.
target.kinesis.auth.creds.aws_secret_access_keystringThe secret portion of an AWS access key.
target.kinesis.stream_arnstringAn Amazon Resource Name specifying the Kinesis stream to deposit events into.
target.cloudwatch_logs.auth.role.role_arnstringAn ARN that specifies the role that ngrok should use to deliver to the configured target.
target.cloudwatch_logs.auth.creds.aws_access_key_idstringThe ID portion of an AWS access key.
target.cloudwatch_logs.auth.creds.aws_secret_access_keystringThe secret portion of an AWS access key.
target.cloudwatch_logs.log_group_arnstringAn Amazon Resource Name specifying the CloudWatch Logs group to deposit events into.
uristringURI of the Event Destination API resource.

event_destination_deleted.v0

Triggers when an Event Destination is deleted

FieldTypeDescription
idstringUnique identifier for this Event Destination.
metadatastringArbitrary user-defined machine-readable data of this Event Destination. Optional, max 4096 bytes.
created_atstringTimestamp when the Event Destination was created, RFC 3339 format.
descriptionstringHuman-readable description of the Event Destination. Optional, max 255 bytes.
formatstringThe output format you would like to serialize events into when sending to their target. Currently the only accepted value is JSON.`
target.firehose.auth.role.role_arnstringAn ARN that specifies the role that ngrok should use to deliver to the configured target.
target.firehose.auth.creds.aws_access_key_idstringThe ID portion of an AWS access key.
target.firehose.auth.creds.aws_secret_access_keystringThe secret portion of an AWS access key.
target.firehose.delivery_stream_arnstringAn Amazon Resource Name specifying the Firehose delivery stream to deposit events into.
target.kinesis.auth.role.role_arnstringAn ARN that specifies the role that ngrok should use to deliver to the configured target.
target.kinesis.auth.creds.aws_access_key_idstringThe ID portion of an AWS access key.
target.kinesis.auth.creds.aws_secret_access_keystringThe secret portion of an AWS access key.
target.kinesis.stream_arnstringAn Amazon Resource Name specifying the Kinesis stream to deposit events into.
target.cloudwatch_logs.auth.role.role_arnstringAn ARN that specifies the role that ngrok should use to deliver to the configured target.
target.cloudwatch_logs.auth.creds.aws_access_key_idstringThe ID portion of an AWS access key.
target.cloudwatch_logs.auth.creds.aws_secret_access_keystringThe secret portion of an AWS access key.
target.cloudwatch_logs.log_group_arnstringAn Amazon Resource Name specifying the CloudWatch Logs group to deposit events into.
uristringURI of the Event Destination API resource.

event_destination_updated.v0

Triggers when an Event Destination is updated

FieldTypeDescription
idstringUnique identifier for this Event Destination.
metadatastringArbitrary user-defined machine-readable data of this Event Destination. Optional, max 4096 bytes.
created_atstringTimestamp when the Event Destination was created, RFC 3339 format.
descriptionstringHuman-readable description of the Event Destination. Optional, max 255 bytes.
formatstringThe output format you would like to serialize events into when sending to their target. Currently the only accepted value is JSON.`
target.firehose.auth.role.role_arnstringAn ARN that specifies the role that ngrok should use to deliver to the configured target.
target.firehose.auth.creds.aws_access_key_idstringThe ID portion of an AWS access key.
target.firehose.auth.creds.aws_secret_access_keystringThe secret portion of an AWS access key.
target.firehose.delivery_stream_arnstringAn Amazon Resource Name specifying the Firehose delivery stream to deposit events into.
target.kinesis.auth.role.role_arnstringAn ARN that specifies the role that ngrok should use to deliver to the configured target.
target.kinesis.auth.creds.aws_access_key_idstringThe ID portion of an AWS access key.
target.kinesis.auth.creds.aws_secret_access_keystringThe secret portion of an AWS access key.
target.kinesis.stream_arnstringAn Amazon Resource Name specifying the Kinesis stream to deposit events into.
target.cloudwatch_logs.auth.role.role_arnstringAn ARN that specifies the role that ngrok should use to deliver to the configured target.
target.cloudwatch_logs.auth.creds.aws_access_key_idstringThe ID portion of an AWS access key.
target.cloudwatch_logs.auth.creds.aws_secret_access_keystringThe secret portion of an AWS access key.
target.cloudwatch_logs.log_group_arnstringAn Amazon Resource Name specifying the CloudWatch Logs group to deposit events into.
uristringURI of the Event Destination API resource.

Event Subscription

event_subscription_created.v0

Triggers when an Event Subscription is created

FieldTypeDescription
idstringUnique identifier for this Event Subscription.
uristringURI of the Event Subscription API resource.
created_atstringWhen the Event Subscription was created (RFC 3339 format).
metadatastringArbitrary customer supplied information intended to be machine readable. Optional, max 4096 chars.
descriptionstringArbitrary customer supplied information intended to be human readable. Optional, max 255 chars.
sources.typestringType of event for which an event subscription will trigger
sources.uristringURI of the Event Source API resource.
destinations.idstringa resource identifier
destinations.uristringa uri for locating a resource

event_subscription_deleted.v0

Triggers when an Event Subscription is deleted

FieldTypeDescription
idstringUnique identifier for this Event Subscription.
uristringURI of the Event Subscription API resource.
created_atstringWhen the Event Subscription was created (RFC 3339 format).
metadatastringArbitrary customer supplied information intended to be machine readable. Optional, max 4096 chars.
descriptionstringArbitrary customer supplied information intended to be human readable. Optional, max 255 chars.
sources.typestringType of event for which an event subscription will trigger
sources.uristringURI of the Event Source API resource.
destinations.idstringa resource identifier
destinations.uristringa uri for locating a resource

event_subscription_updated.v0

Triggers when an Event Subscription is updated

FieldTypeDescription
idstringUnique identifier for this Event Subscription.
uristringURI of the Event Subscription API resource.
created_atstringWhen the Event Subscription was created (RFC 3339 format).
metadatastringArbitrary customer supplied information intended to be machine readable. Optional, max 4096 chars.
descriptionstringArbitrary customer supplied information intended to be human readable. Optional, max 255 chars.
sources.typestringType of event for which an event subscription will trigger
sources.uristringURI of the Event Source API resource.
destinations.idstringa resource identifier
destinations.uristringa uri for locating a resource

IP Policy

ip_policy_created.v0

Triggers when an IP Policy is created

FieldTypeDescription
idstringunique identifier for this IP policy
uristringURI of the IP Policy API resource
created_atstringtimestamp when the IP policy was created, RFC 3339 format
descriptionstringhuman-readable description of the source IPs of this IP policy. optional, max 255 bytes.
metadatastringarbitrary user-defined machine-readable data of this IP policy. optional, max 4096 bytes.

ip_policy_updated.v0

Triggers when an IP Policy is updated

FieldTypeDescription
idstringunique identifier for this IP policy
uristringURI of the IP Policy API resource
created_atstringtimestamp when the IP policy was created, RFC 3339 format
descriptionstringhuman-readable description of the source IPs of this IP policy. optional, max 255 bytes.
metadatastringarbitrary user-defined machine-readable data of this IP policy. optional, max 4096 bytes.

ip_policy_deleted.v0

Triggers when an IP Policy is deleted

FieldTypeDescription
idstringunique identifier for this IP policy
uristringURI of the IP Policy API resource
created_atstringtimestamp when the IP policy was created, RFC 3339 format
descriptionstringhuman-readable description of the source IPs of this IP policy. optional, max 255 bytes.
metadatastringarbitrary user-defined machine-readable data of this IP policy. optional, max 4096 bytes.

IP Policy Rule

ip_policy_rule_created.v0

Triggers when an IP Policy Rule is created

FieldTypeDescription
idstringunique identifier for this IP policy rule
uristringURI of the IP policy rule API resource
created_atstringtimestamp when the IP policy rule was created, RFC 3339 format
descriptionstringhuman-readable description of the source IPs of this IP rule. optional, max 255 bytes.
metadatastringarbitrary user-defined machine-readable data of this IP policy rule. optional, max 4096 bytes.
cidrstringan IP or IP range specified in CIDR notation. IPv4 and IPv6 are both supported.
ip_policy.idstringa resource identifier
ip_policy.uristringa uri for locating a resource
actionstringthe action to apply to the policy rule, either allow or deny

ip_policy_rule_deleted.v0

Triggers when an IP Policy Rule is deleted

FieldTypeDescription
idstringunique identifier for this IP policy rule
uristringURI of the IP policy rule API resource
created_atstringtimestamp when the IP policy rule was created, RFC 3339 format
descriptionstringhuman-readable description of the source IPs of this IP rule. optional, max 255 bytes.
metadatastringarbitrary user-defined machine-readable data of this IP policy rule. optional, max 4096 bytes.
cidrstringan IP or IP range specified in CIDR notation. IPv4 and IPv6 are both supported.
ip_policy.idstringa resource identifier
ip_policy.uristringa uri for locating a resource
actionstringthe action to apply to the policy rule, either allow or deny

ip_policy_rule_updated.v0

Triggers when an IP Policy Rule is updated

FieldTypeDescription
idstringunique identifier for this IP policy rule
uristringURI of the IP policy rule API resource
created_atstringtimestamp when the IP policy rule was created, RFC 3339 format
descriptionstringhuman-readable description of the source IPs of this IP rule. optional, max 255 bytes.
metadatastringarbitrary user-defined machine-readable data of this IP policy rule. optional, max 4096 bytes.
cidrstringan IP or IP range specified in CIDR notation. IPv4 and IPv6 are both supported.
ip_policy.idstringa resource identifier
ip_policy.uristringa uri for locating a resource
actionstringthe action to apply to the policy rule, either allow or deny

IP Restriction

ip_restriction_created.v0

Triggers when an IP Restriction is created

FieldTypeDescription
idstringunique identifier for this IP restriction
uristringURI of the IP restriction API resource
created_atstringtimestamp when the IP restriction was created, RFC 3339 format
descriptionstringhuman-readable description of this IP restriction. optional, max 255 bytes.
metadatastringarbitrary user-defined machine-readable data of this IP restriction. optional, max 4096 bytes.
enforcedbooleantrue if the IP restriction will be enforced. if false, only warnings will be issued
typestringthe type of IP restriction. this defines what traffic will be restricted with the attached policies. four values are currently supported: dashboard, api, agent,andendpoints`
ip_policies.idstringa resource identifier
ip_policies.uristringa uri for locating a resource

ip_restriction_deleted.v0

Triggers when an IP Restriction is deleted

FieldTypeDescription
idstringunique identifier for this IP restriction
uristringURI of the IP restriction API resource
created_atstringtimestamp when the IP restriction was created, RFC 3339 format
descriptionstringhuman-readable description of this IP restriction. optional, max 255 bytes.
metadatastringarbitrary user-defined machine-readable data of this IP restriction. optional, max 4096 bytes.
enforcedbooleantrue if the IP restriction will be enforced. if false, only warnings will be issued
typestringthe type of IP restriction. this defines what traffic will be restricted with the attached policies. four values are currently supported: dashboard, api, agent,andendpoints`
ip_policies.idstringa resource identifier
ip_policies.uristringa uri for locating a resource

ip_restriction_updated.v0

Triggers when an IP Restriction is updated

FieldTypeDescription
idstringunique identifier for this IP restriction
uristringURI of the IP restriction API resource
created_atstringtimestamp when the IP restriction was created, RFC 3339 format
descriptionstringhuman-readable description of this IP restriction. optional, max 255 bytes.
metadatastringarbitrary user-defined machine-readable data of this IP restriction. optional, max 4096 bytes.
enforcedbooleantrue if the IP restriction will be enforced. if false, only warnings will be issued
typestringthe type of IP restriction. this defines what traffic will be restricted with the attached policies. four values are currently supported: dashboard, api, agent,andendpoints`
ip_policies.idstringa resource identifier
ip_policies.uristringa uri for locating a resource

SSH Certificate Authority

ssh_certificate_authority_created.v0

Triggers when an SSH certificate authority is created

FieldTypeDescription
idstringunique identifier for this SSH Certificate Authority
uristringURI of the SSH Certificate Authority API resource
created_atstringtimestamp when the SSH Certificate Authority API resource was created, RFC 3339 format
descriptionstringhuman-readable description of this SSH Certificate Authority. optional, max 255 bytes.
metadatastringarbitrary user-defined machine-readable data of this SSH Certificate Authority. optional, max 4096 bytes.
public_keystringraw public key for this SSH Certificate Authority
key_typestringthe type of private key for this SSH Certificate Authority

ssh_certificate_authority_deleted.v0

Triggers when an SSH certificate authority is deleted

FieldTypeDescription
idstringunique identifier for this SSH Certificate Authority
uristringURI of the SSH Certificate Authority API resource
created_atstringtimestamp when the SSH Certificate Authority API resource was created, RFC 3339 format
descriptionstringhuman-readable description of this SSH Certificate Authority. optional, max 255 bytes.
metadatastringarbitrary user-defined machine-readable data of this SSH Certificate Authority. optional, max 4096 bytes.
public_keystringraw public key for this SSH Certificate Authority
key_typestringthe type of private key for this SSH Certificate Authority

ssh_certificate_authority_updated.v0

Triggers when an SSH certificate authority is updated

FieldTypeDescription
idstringunique identifier for this SSH Certificate Authority
uristringURI of the SSH Certificate Authority API resource
created_atstringtimestamp when the SSH Certificate Authority API resource was created, RFC 3339 format
descriptionstringhuman-readable description of this SSH Certificate Authority. optional, max 255 bytes.
metadatastringarbitrary user-defined machine-readable data of this SSH Certificate Authority. optional, max 4096 bytes.
public_keystringraw public key for this SSH Certificate Authority
key_typestringthe type of private key for this SSH Certificate Authority

SSH Host Certificate

ssh_host_certificate_created.v0

Triggers when an SSH host certificate is created

FieldTypeDescription
idstringunique identifier for this SSH Host Certificate
uristringURI of the SSH Host Certificate API resource
created_atstringtimestamp when the SSH Host Certificate API resource was created, RFC 3339 format
descriptionstringhuman-readable description of this SSH Host Certificate. optional, max 255 bytes.
metadatastringarbitrary user-defined machine-readable data of this SSH Host Certificate. optional, max 4096 bytes.
public_keystringa public key in OpenSSH Authorized Keys format that this certificate signs
key_typestringthe key type of the public_key,one ofrsa, ecdsa or ed25519
ssh_certificate_authority_idstringthe ssh certificate authority that is used to sign this ssh host certificate
principalsList<string>the list of principals included in the ssh host certificate. This is the list of hostnames and/or IP addresses that are authorized to serve SSH traffic with this certificate. Dangerously, if no principals are specified, this certificate is considered valid for all hosts.
valid_afterstringthe time when the ssh host certificate becomes valid, in RFC 3339 format.
valid_untilstringthe time after which the ssh host certificate becomes invalid, in RFC 3339 format. the OpenSSH certificates RFC calls this valid_before.`
certificatestringthe signed SSH certificate in OpenSSH Authorized Keys format. this value should be placed in a -cert.pub certificate file on disk that should be referenced in your sshd_config configuration file with a HostCertificate directive

ssh_host_certificate_deleted.v0

Triggers when an SSH host certificate is deleted

FieldTypeDescription
idstringunique identifier for this SSH Host Certificate
uristringURI of the SSH Host Certificate API resource
created_atstringtimestamp when the SSH Host Certificate API resource was created, RFC 3339 format
descriptionstringhuman-readable description of this SSH Host Certificate. optional, max 255 bytes.
metadatastringarbitrary user-defined machine-readable data of this SSH Host Certificate. optional, max 4096 bytes.
public_keystringa public key in OpenSSH Authorized Keys format that this certificate signs
key_typestringthe key type of the public_key,one ofrsa, ecdsa or ed25519
ssh_certificate_authority_idstringthe ssh certificate authority that is used to sign this ssh host certificate
principalsList<string>the list of principals included in the ssh host certificate. This is the list of hostnames and/or IP addresses that are authorized to serve SSH traffic with this certificate. Dangerously, if no principals are specified, this certificate is considered valid for all hosts.
valid_afterstringthe time when the ssh host certificate becomes valid, in RFC 3339 format.
valid_untilstringthe time after which the ssh host certificate becomes invalid, in RFC 3339 format. the OpenSSH certificates RFC calls this valid_before.`
certificatestringthe signed SSH certificate in OpenSSH Authorized Keys format. this value should be placed in a -cert.pub certificate file on disk that should be referenced in your sshd_config configuration file with a HostCertificate directive

ssh_host_certificate_updated.v0

Triggers when an SSH host certificate is updated

FieldTypeDescription
idstringunique identifier for this SSH Host Certificate
uristringURI of the SSH Host Certificate API resource
created_atstringtimestamp when the SSH Host Certificate API resource was created, RFC 3339 format
descriptionstringhuman-readable description of this SSH Host Certificate. optional, max 255 bytes.
metadatastringarbitrary user-defined machine-readable data of this SSH Host Certificate. optional, max 4096 bytes.
public_keystringa public key in OpenSSH Authorized Keys format that this certificate signs
key_typestringthe key type of the public_key,one ofrsa, ecdsa or ed25519
ssh_certificate_authority_idstringthe ssh certificate authority that is used to sign this ssh host certificate
principalsList<string>the list of principals included in the ssh host certificate. This is the list of hostnames and/or IP addresses that are authorized to serve SSH traffic with this certificate. Dangerously, if no principals are specified, this certificate is considered valid for all hosts.
valid_afterstringthe time when the ssh host certificate becomes valid, in RFC 3339 format.
valid_untilstringthe time after which the ssh host certificate becomes invalid, in RFC 3339 format. the OpenSSH certificates RFC calls this valid_before.`
certificatestringthe signed SSH certificate in OpenSSH Authorized Keys format. this value should be placed in a -cert.pub certificate file on disk that should be referenced in your sshd_config configuration file with a HostCertificate directive

SSH Public Key

ssh_public_key_created.v0

Triggers when an SSH public key is created

FieldTypeDescription
idstringunique ssh credential resource identifier
uristringURI of the ssh credential API resource
created_atstringtimestamp when the ssh credential was created, RFC 3339 format
descriptionstringhuman-readable description of who or what will use the ssh credential to authenticate. Optional, max 255 bytes.
metadatastringarbitrary user-defined machine-readable data of this ssh credential. Optional, max 4096 bytes.
public_keystringthe PEM-encoded public key of the SSH key pair that will be used to authenticate
aclList<string>optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the bind rule. The bind rule allows the caller to restrict what domains and addresses the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule bind:example.ngrok.io.Bind rules may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule ofbind:.example.comwhich will allowx.example.com, y.example.com, .example.com,etc. A rule of'\*' is equivalent to no acl at all and will explicitly permit all actions.

ssh_public_key_deleted.v0

Triggers when an SSH public key is deleted

FieldTypeDescription
idstringunique ssh credential resource identifier
uristringURI of the ssh credential API resource
created_atstringtimestamp when the ssh credential was created, RFC 3339 format
descriptionstringhuman-readable description of who or what will use the ssh credential to authenticate. Optional, max 255 bytes.
metadatastringarbitrary user-defined machine-readable data of this ssh credential. Optional, max 4096 bytes.
public_keystringthe PEM-encoded public key of the SSH key pair that will be used to authenticate
aclList<string>optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the bind rule. The bind rule allows the caller to restrict what domains and addresses the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule bind:example.ngrok.io.Bind rules may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule ofbind:.example.comwhich will allowx.example.com, y.example.com, .example.com,etc. A rule of'\*' is equivalent to no acl at all and will explicitly permit all actions.

ssh_public_key_updated.v0

Triggers when an SSH public key is updated

FieldTypeDescription
idstringunique ssh credential resource identifier
uristringURI of the ssh credential API resource
created_atstringtimestamp when the ssh credential was created, RFC 3339 format
descriptionstringhuman-readable description of who or what will use the ssh credential to authenticate. Optional, max 255 bytes.
metadatastringarbitrary user-defined machine-readable data of this ssh credential. Optional, max 4096 bytes.
public_keystringthe PEM-encoded public key of the SSH key pair that will be used to authenticate
aclList<string>optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the bind rule. The bind rule allows the caller to restrict what domains and addresses the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule bind:example.ngrok.io.Bind rules may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule ofbind:.example.comwhich will allowx.example.com, y.example.com, .example.com,etc. A rule of'\*' is equivalent to no acl at all and will explicitly permit all actions.

SSH User Certificate

ssh_user_certificate_created.v0

Triggers when an SSH user certificate is created

FieldTypeDescription
idstringunique identifier for this SSH User Certificate
uristringURI of the SSH User Certificate API resource
created_atstringtimestamp when the SSH User Certificate API resource was created, RFC 3339 format
descriptionstringhuman-readable description of this SSH User Certificate. optional, max 255 bytes.
metadatastringarbitrary user-defined machine-readable data of this SSH User Certificate. optional, max 4096 bytes.
public_keystringa public key in OpenSSH Authorized Keys format that this certificate signs
key_typestringthe key type of the public_key,one ofrsa, ecdsa or ed25519
ssh_certificate_authority_idstringthe ssh certificate authority that is used to sign this ssh user certificate
principalsList<string>the list of principals included in the ssh user certificate. This is the list of usernames that the certificate holder may sign in as on a machine authorizing the signing certificate authority. Dangerously, if no principals are specified, this certificate may be used to log in as any user.
critical_optionsMap<string, string>A map of critical options included in the certificate. Only two critical options are currently defined by OpenSSH: force-command and source-address.` See the OpenSSH certificate protocol spec for additional details.
extensionsMap<string, string>A map of extensions included in the certificate. Extensions are additional metadata that can be interpreted by the SSH server for any purpose. These can be used to permit or deny the ability to open a terminal, do port forwarding, x11 forwarding, and more. If unspecified, the certificate will include limited permissions with the following extension map: {"permit-pty": "", "permit-user-rc": ""}` OpenSSH understands a number of predefined extensions. See the OpenSSH certificate protocol spec for additional details.
valid_afterstringthe time when the ssh host certificate becomes valid, in RFC 3339 format.
valid_untilstringthe time after which the ssh host certificate becomes invalid, in RFC 3339 format. the OpenSSH certificates RFC calls this valid_before.`
certificatestringthe signed SSH certificate in OpenSSH Authorized Keys Format. this value should be placed in a -cert.pub certificate file on disk that should be referenced in your sshd_config configuration file with a HostCertificate directive

ssh_user_certificate_deleted.v0

Triggers when an SSH user certificate is deleted

FieldTypeDescription
idstringunique identifier for this SSH User Certificate
uristringURI of the SSH User Certificate API resource
created_atstringtimestamp when the SSH User Certificate API resource was created, RFC 3339 format
descriptionstringhuman-readable description of this SSH User Certificate. optional, max 255 bytes.
metadatastringarbitrary user-defined machine-readable data of this SSH User Certificate. optional, max 4096 bytes.
public_keystringa public key in OpenSSH Authorized Keys format that this certificate signs
key_typestringthe key type of the public_key,one ofrsa, ecdsa or ed25519
ssh_certificate_authority_idstringthe ssh certificate authority that is used to sign this ssh user certificate
principalsList<string>the list of principals included in the ssh user certificate. This is the list of usernames that the certificate holder may sign in as on a machine authorizing the signing certificate authority. Dangerously, if no principals are specified, this certificate may be used to log in as any user.
critical_optionsMap<string, string>A map of critical options included in the certificate. Only two critical options are currently defined by OpenSSH: force-command and source-address.` See the OpenSSH certificate protocol spec for additional details.
extensionsMap<string, string>A map of extensions included in the certificate. Extensions are additional metadata that can be interpreted by the SSH server for any purpose. These can be used to permit or deny the ability to open a terminal, do port forwarding, x11 forwarding, and more. If unspecified, the certificate will include limited permissions with the following extension map: {"permit-pty": "", "permit-user-rc": ""}` OpenSSH understands a number of predefined extensions. See the OpenSSH certificate protocol spec for additional details.
valid_afterstringthe time when the ssh host certificate becomes valid, in RFC 3339 format.
valid_untilstringthe time after which the ssh host certificate becomes invalid, in RFC 3339 format. the OpenSSH certificates RFC calls this valid_before.`
certificatestringthe signed SSH certificate in OpenSSH Authorized Keys Format. this value should be placed in a -cert.pub certificate file on disk that should be referenced in your sshd_config configuration file with a HostCertificate directive

ssh_user_certificate_updated.v0

Triggers when an SSH user certificate is updated

FieldTypeDescription
idstringunique identifier for this SSH User Certificate
uristringURI of the SSH User Certificate API resource
created_atstringtimestamp when the SSH User Certificate API resource was created, RFC 3339 format
descriptionstringhuman-readable description of this SSH User Certificate. optional, max 255 bytes.
metadatastringarbitrary user-defined machine-readable data of this SSH User Certificate. optional, max 4096 bytes.
public_keystringa public key in OpenSSH Authorized Keys format that this certificate signs
key_typestringthe key type of the public_key,one ofrsa, ecdsa or ed25519
ssh_certificate_authority_idstringthe ssh certificate authority that is used to sign this ssh user certificate
principalsList<string>the list of principals included in the ssh user certificate. This is the list of usernames that the certificate holder may sign in as on a machine authorizing the signing certificate authority. Dangerously, if no principals are specified, this certificate may be used to log in as any user.
critical_optionsMap<string, string>A map of critical options included in the certificate. Only two critical options are currently defined by OpenSSH: force-command and source-address.` See the OpenSSH certificate protocol spec for additional details.
extensionsMap<string, string>A map of extensions included in the certificate. Extensions are additional metadata that can be interpreted by the SSH server for any purpose. These can be used to permit or deny the ability to open a terminal, do port forwarding, x11 forwarding, and more. If unspecified, the certificate will include limited permissions with the following extension map: {"permit-pty": "", "permit-user-rc": ""}` OpenSSH understands a number of predefined extensions. See the OpenSSH certificate protocol spec for additional details.
valid_afterstringthe time when the ssh host certificate becomes valid, in RFC 3339 format.
valid_untilstringthe time after which the ssh host certificate becomes invalid, in RFC 3339 format. the OpenSSH certificates RFC calls this valid_before.`
certificatestringthe signed SSH certificate in OpenSSH Authorized Keys Format. this value should be placed in a -cert.pub certificate file on disk that should be referenced in your sshd_config configuration file with a HostCertificate directive

TCP Address

tcp_address_created.v0

Triggers when a TCP address is created

FieldTypeDescription
idstringunique reserved address resource identifier
uristringURI of the reserved address API resource
created_atstringtimestamp when the reserved address was created, RFC 3339 format
descriptionstringhuman-readable description of what this reserved address will be used for
metadatastringarbitrary user-defined machine-readable data of this reserved address. Optional, max 4096 bytes.
addrstringhostname:port of the reserved address that was assigned at creation time
regionstringreserve the address in this geographic ngrok region. Optional, default is us. (au, eu, ap, us, us-cal-1, jp, in, sa)

tcp_address_deleted.v0

Triggers when a TCP address is deleted

FieldTypeDescription
idstringunique reserved address resource identifier
uristringURI of the reserved address API resource
created_atstringtimestamp when the reserved address was created, RFC 3339 format
descriptionstringhuman-readable description of what this reserved address will be used for
metadatastringarbitrary user-defined machine-readable data of this reserved address. Optional, max 4096 bytes.
addrstringhostname:port of the reserved address that was assigned at creation time
regionstringreserve the address in this geographic ngrok region. Optional, default is us. (au, eu, ap, us, us-cal-1, jp, in, sa)

tcp_address_updated.v0

Triggers when a TCP address is updated

FieldTypeDescription
idstringunique reserved address resource identifier
uristringURI of the reserved address API resource
created_atstringtimestamp when the reserved address was created, RFC 3339 format
descriptionstringhuman-readable description of what this reserved address will be used for
metadatastringarbitrary user-defined machine-readable data of this reserved address. Optional, max 4096 bytes.
addrstringhostname:port of the reserved address that was assigned at creation time
regionstringreserve the address in this geographic ngrok region. Optional, default is us. (au, eu, ap, us, us-cal-1, jp, in, sa)

TLS Certificate

tls_certificate_created.v0

Triggers when a TLS certificate is created

FieldTypeDescription
idstringunique identifier for this TLS certificate
uristringURI of the TLS certificate API resource
created_atstringtimestamp when the TLS certificate was created, RFC 3339 format
descriptionstringhuman-readable description of this TLS certificate. optional, max 255 bytes.
metadatastringarbitrary user-defined machine-readable data of this TLS certificate. optional, max 4096 bytes.
certificate_pemstringchain of PEM-encoded certificates, leaf first. See Certificate Bundles.
subject_common_namestringsubject common name from the leaf of this TLS certificate
subject_alternative_names.dns_namesList<string>set of additional domains (including wildcards) this TLS certificate is valid for
subject_alternative_names.ipsList<string>set of IP addresses this TLS certificate is also valid for
issued_atstringtimestamp (in RFC 3339 format) when this TLS certificate was issued automatically, or null if this certificate was user-uploaded
not_beforestringtimestamp when this TLS certificate becomes valid, RFC 3339 format
not_afterstringtimestamp when this TLS certificate becomes invalid, RFC 3339 format
key_usagesList<string>set of actions the private key of this TLS certificate can be used for
extended_key_usagesList<string>extended set of actions the private key of this TLS certificate can be used for
private_key_typestringtype of the private key of this TLS certificate. One of rsa, ecdsa, or ed25519.
issuer_common_namestringissuer common name from the leaf of this TLS certificate
serial_numberstringserial number of the leaf of this TLS certificate
subject_organizationstringsubject organization from the leaf of this TLS certificate
subject_organizational_unitstringsubject organizational unit from the leaf of this TLS certificate
subject_localitystringsubject locality from the leaf of this TLS certificate
subject_provincestringsubject province from the leaf of this TLS certificate
subject_countrystringsubject country from the leaf of this TLS certificate

tls_certificate_deleted.v0

Triggers when a TLS certificate is deleted

FieldTypeDescription
idstringunique identifier for this TLS certificate
uristringURI of the TLS certificate API resource
created_atstringtimestamp when the TLS certificate was created, RFC 3339 format
descriptionstringhuman-readable description of this TLS certificate. optional, max 255 bytes.
metadatastringarbitrary user-defined machine-readable data of this TLS certificate. optional, max 4096 bytes.
certificate_pemstringchain of PEM-encoded certificates, leaf first. See Certificate Bundles.
subject_common_namestringsubject common name from the leaf of this TLS certificate
subject_alternative_names.dns_namesList<string>set of additional domains (including wildcards) this TLS certificate is valid for
subject_alternative_names.ipsList<string>set of IP addresses this TLS certificate is also valid for
issued_atstringtimestamp (in RFC 3339 format) when this TLS certificate was issued automatically, or null if this certificate was user-uploaded
not_beforestringtimestamp when this TLS certificate becomes valid, RFC 3339 format
not_afterstringtimestamp when this TLS certificate becomes invalid, RFC 3339 format
key_usagesList<string>set of actions the private key of this TLS certificate can be used for
extended_key_usagesList<string>extended set of actions the private key of this TLS certificate can be used for
private_key_typestringtype of the private key of this TLS certificate. One of rsa, ecdsa, or ed25519.
issuer_common_namestringissuer common name from the leaf of this TLS certificate
serial_numberstringserial number of the leaf of this TLS certificate
subject_organizationstringsubject organization from the leaf of this TLS certificate
subject_organizational_unitstringsubject organizational unit from the leaf of this TLS certificate
subject_localitystringsubject locality from the leaf of this TLS certificate
subject_provincestringsubject province from the leaf of this TLS certificate
subject_countrystringsubject country from the leaf of this TLS certificate

tls_certificate_updated.v0

Triggers when a TLS certificate is updated

FieldTypeDescription
idstringunique identifier for this TLS certificate
uristringURI of the TLS certificate API resource
created_atstringtimestamp when the TLS certificate was created, RFC 3339 format
descriptionstringhuman-readable description of this TLS certificate. optional, max 255 bytes.
metadatastringarbitrary user-defined machine-readable data of this TLS certificate. optional, max 4096 bytes.
certificate_pemstringchain of PEM-encoded certificates, leaf first. See Certificate Bundles.
subject_common_namestringsubject common name from the leaf of this TLS certificate
subject_alternative_names.dns_namesList<string>set of additional domains (including wildcards) this TLS certificate is valid for
subject_alternative_names.ipsList<string>set of IP addresses this TLS certificate is also valid for
issued_atstringtimestamp (in RFC 3339 format) when this TLS certificate was issued automatically, or null if this certificate was user-uploaded
not_beforestringtimestamp when this TLS certificate becomes valid, RFC 3339 format
not_afterstringtimestamp when this TLS certificate becomes invalid, RFC 3339 format
key_usagesList<string>set of actions the private key of this TLS certificate can be used for
extended_key_usagesList<string>extended set of actions the private key of this TLS certificate can be used for
private_key_typestringtype of the private key of this TLS certificate. One of rsa, ecdsa, or ed25519.
issuer_common_namestringissuer common name from the leaf of this TLS certificate
serial_numberstringserial number of the leaf of this TLS certificate
subject_organizationstringsubject organization from the leaf of this TLS certificate
subject_organizational_unitstringsubject organizational unit from the leaf of this TLS certificate
subject_localitystringsubject locality from the leaf of this TLS certificate
subject_provincestringsubject province from the leaf of this TLS certificate
subject_countrystringsubject country from the leaf of this TLS certificate

Tunnel Credential

tunnel_credential_created.v0

Triggers when a tunnel credential is created

FieldTypeDescription
idstringunique tunnel credential resource identifier
uristringURI of the tunnel credential API resource
created_atstringtimestamp when the tunnel credential was created, RFC 3339 format
descriptionstringhuman-readable description of who or what will use the credential to authenticate. Optional, max 255 bytes.
metadatastringarbitrary user-defined machine-readable data of this credential. Optional, max 4096 bytes.
tokenstringthe credential’s authtoken that can be used to authenticate an ngrok agent. This value is only available one time, on the API response from credential creation, otherwise it is null.
aclList<string>optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the bind rule. The bind rule allows the caller to restrict what domains and addresses the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule bind:example.ngrok.io. Bind rules may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of bind:_.example.com which will allow x.example.com, y.example.com, _.example.com, etc. A rule of '\*' is equivalent to no acl at all and will explicitly permit all actions.

tunnel_credential_deleted.v0

Triggers when a tunnel credential is deleted

FieldTypeDescription
idstringunique tunnel credential resource identifier
uristringURI of the tunnel credential API resource
created_atstringtimestamp when the tunnel credential was created, RFC 3339 format
descriptionstringhuman-readable description of who or what will use the credential to authenticate. Optional, max 255 bytes.
metadatastringarbitrary user-defined machine-readable data of this credential. Optional, max 4096 bytes.
tokenstringthe credential’s authtoken that can be used to authenticate an ngrok agent. This value is only available one time, on the API response from credential creation, otherwise it is null.
aclList<string>optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the bind rule. The bind rule allows the caller to restrict what domains and addresses the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule bind:example.ngrok.io. Bind rules may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of bind:_.example.com which will allow x.example.com, y.example.com, _.example.com, etc. A rule of '\*' is equivalent to no acl at all and will explicitly permit all actions.

tunnel_credential_updated.v0

Triggers when a tunnel credential is updated

FieldTypeDescription
idstringunique tunnel credential resource identifier
uristringURI of the tunnel credential API resource
created_atstringtimestamp when the tunnel credential was created, RFC 3339 format
descriptionstringhuman-readable description of who or what will use the credential to authenticate. Optional, max 255 bytes.
metadatastringarbitrary user-defined machine-readable data of this credential. Optional, max 4096 bytes.
tokenstringthe credential’s authtoken that can be used to authenticate an ngrok agent. This value is only available one time, on the API response from credential creation, otherwise it is null.
aclList<string>optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the bind rule. The bind rule allows the caller to restrict what domains and addresses the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule bind:example.ngrok.io. Bind rules may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of bind:_.example.com which will allow x.example.com, y.example.com, _.example.com, etc. A rule of '\*' is equivalent to no acl at all and will explicitly permit all actions.