An ngrok Endpoint is a URL that enables network traffic to reach your services. You can think of endpoints as a gateway to anything you want to enable access for—whether that’s a local development server on your laptop, a production Kubernetes cluster, a database behind a corporate firewall, or a cloud API. Endpoints bridge the gap between your resources and the traffic that needs to reach them.

Why endpoints matter

Endpoints are ngrok’s universal gateways, letting you:
  • Go live instantly: Enable access to local prototypes, internal tools or Kubernetes services in seconds.
  • Talk to anything: APIs, Kubernetes clusters, game servers, third-party tools, IoT devices, legacy apps—endpoints support them all.
  • Secure access: Effortlessly lock down access with encryption, authentication, or IP restrictions to whatever you need without code changes.
  • Observability: Instantly gain insights into how traffic is flowing through endpoints with our Traffic Inspector and Log Exporting.
  • Simplify your stack: Reduce infrastructure sprawl by chaining endpoints and embedding logic directly into traffic flow—rate limiting, mock responses, or security policies, executed at the edge with no code required.

How endpoints work

Endpoints enable traffic flow and management through three core features:
  • URL: The entry point for traffic to reach your services. This could be any URL, such as https://your-app.ngrok.io or tcp://your-api.internal.
  • Binding: The source or origin of incoming traffic.
  • Traffic Policy: Configuration to manage, manipulate and secure traffic.

Control Access with Bindings

An endpoint’s binding defines where traffic originates:
  • Public: Accepts traffic from the open internet (e.g. https://your-app.ngrok.io).
  • Internal: Restricted to accept traffic only through the forward-internal Traffic Policy action (e.g. http://your-api.internal).
  • Kubernetes: Restricted to accept traffic only from Kubernetes clusters using the ngrok Kubernetes Operator.

Set Protocol via URL Scheme

You can specify your endpoint’s URL protocol to indicate the type of traffic it should handle. This allows you to configure your endpoint to match your services and application type:
  • HTTP/HTTPS: Best for Webhooks, APIs, apps
  • TCP: Best for raw streams (SSH, gaming, IoT)
  • TLS: Best for custom encrypted workloads

Manage, manipulate and secure traffic through policies

Add business logic and route traffic during the request lifecycle with Traffic Policy:
  • Route traffic by anything: Paths, headers or any other available variable.
  • Manipulate traffic through actions: Redirect urls, inject headers or send custom responses.
  • Secure: Add OAuth, IP restrictions or mutual TLS.

Deliver traffic anywhere

You can host endpoints on your local machine with the ngrok Agent or in the cloud with ngrok Cloud Endpoints.
  • Cloud Endpoints:
    • Persistent and globally available.
    • Start with the Dashboard or API.
    • Great for centralized configuration, multi-service routing and service failover.
  • Agent Endpoints:
    • Ephemeral and environment agnostic.
    • Start with the CLI, Language SDKs or through Kubernetes.
    • Great for ephemeral workloads, local development, scaling services and device management.
See Cloud Endpoints vs Agent Endpoints for a side-by-side comparison.

Get started

Enable access to a local web app on port 8080 with the ngrok CLI: 
ngrok http 8080
This command will start an Agent Endpoint that forwards traffic through the ngrok CLI agent to your locally running application on port 8080. To learn more, follow ngrok’s Quickstart.

Load balancing with Endpoint Pooling

Endpoint Pooling allows you to create multiple endpoints with the same URL. Traffic sent to a URL with an Endpoint Pool is load-balanced among the Endpoints in the pool. See the Endpoint Pooling quickstart to learn more.

Managing endpoints with ngrok’s APIs

Cloud Endpoints are programmatically managed via: Agent Endpoints, by contrast, are programtically managed via: Agent Endpoints are also accessible in a read-only capacity via:

Pricing

Free and Hobbyist plans allow you to use your included credit to start endpoints. On the Pay-as-you-go plan, there is no limit on the number of endpoints you can create. An endpoint that transmits data in a clock hour is counted as an active endpoint for that hour and charged an endpoint hour. See Pricing for more information.

Learn more

  • Cloud Endpoints: Create always-on endpoints to deliver and manage traffic to custom responses, internal endpoints or third-party services.
    • Great for centralized configuration and routing across multiple services and handling failover when your upstream applications and services are offline.
  • Agent Endpoints: Create an endpoint that only exists as long the agent is running to deliver and manage traffic to your local applications, files, services or third-party services.
    • Great for load balancing and managing individual APIs, services, applications, devices and forwarding traffic to third-party destinations.