Client is the root object of the ngrok-api library. Construct a Client with an API Key. Then you can access API Services as properties of the Client object:

import ngrok

# construct the api client
client = ngrok.Client("<API KEY>")

# list all ip policies
for policy in client.ip_policies.list():

# create an ngrok agent authtoken
cred = client.credentials.create()
class ngrok.Client(api_key, base_url='')[source]#
property abuse_reports: AbuseReportsClient#

Abuse Reports allow you to submit take-down requests for URLs hosted by ngrok that violate ngrok’s terms of service.

Return type:


property agent_ingresses: AgentIngressesClient#
Return type:


property api_keys: APIKeysClient#

API Keys are used to authenticate to the ngrok API. You may use the API itself to provision and manage API Keys but you’ll need to provision your first API key from the API Keys page on your dashboard.

Return type:


property application_sessions: ApplicationSessionsClient#
Return type:


property application_users: ApplicationUsersClient#
Return type:


property backends#
property bot_users: BotUsersClient#
Return type:


property certificate_authorities: CertificateAuthoritiesClient#

Certificate Authorities are x509 certificates that are used to sign other x509 certificates. Attach a Certificate Authority to the Mutual TLS module to verify that the TLS certificate presented by a client has been signed by this CA. Certificate Authorities are used only for mTLS validation only and thus a private key is not included in the resource.

Return type:


property credentials: CredentialsClient#

Tunnel Credentials are ngrok agent authtokens. They authorize the ngrok agent to connect the ngrok service as your account. They are installed with the ngrok config add-authtoken command or by specifying it in the ngrok.yml configuration file with the authtoken property.

Return type:


property edge_modules#
property edges#
property endpoints: EndpointsClient#

Endpoints provides an API for querying the endpoint objects which define what tunnel or edge is used to serve a hostport. Only active endpoints associated with a tunnel or backend are returned.

Return type:


property event_destinations: EventDestinationsClient#
Return type:


property event_sources: EventSourcesClient#
Return type:


property event_subscriptions: EventSubscriptionsClient#
Return type:


property ip_policies: IPPoliciesClient#

IP Policies are reusable groups of CIDR ranges with an allow or deny action. They can be attached to endpoints via the Endpoint Configuration IP Policy module. They can also be used with IP Restrictions to control source IP ranges that can start tunnel sessions and connect to the API and dashboard.

Return type:


property ip_policy_rules: IPPolicyRulesClient#

IP Policy Rules are the IPv4 or IPv6 CIDRs entries that make up an IP Policy.

Return type:


property ip_restrictions: IPRestrictionsClient#

An IP restriction is a restriction placed on the CIDRs that are allowed to initiate traffic to a specific aspect of your ngrok account. An IP restriction has a type which defines the ingress it applies to. IP restrictions can be used to enforce the source IPs that can make API requests, log in to the dashboard, start ngrok agents, and connect to your public-facing endpoints.

Return type:


property reserved_addrs: ReservedAddrsClient#

Reserved Addresses are TCP addresses that can be used to listen for traffic. TCP address hostnames and ports are assigned by ngrok, they cannot be chosen.

Return type:


property reserved_domains: ReservedDomainsClient#

Reserved Domains are hostnames that you can listen for traffic on. Domains can be used to listen for http, https or tls traffic. You may use a domain that you own by creating a CNAME record specified in the returned resource. This CNAME record points traffic for that domain to ngrok’s edge servers.

Return type:


property ssh_certificate_authorities: SSHCertificateAuthoritiesClient#

An SSH Certificate Authority is a pair of an SSH Certificate and its private key that can be used to sign other SSH host and user certificates.

Return type:


property ssh_credentials: SSHCredentialsClient#

SSH Credentials are SSH public keys that can be used to start SSH tunnels via the ngrok SSH tunnel gateway.

Return type:


property ssh_host_certificates: SSHHostCertificatesClient#

SSH Host Certificates along with the corresponding private key allows an SSH server to assert its authenticity to connecting SSH clients who trust the SSH Certificate Authority that was used to sign the certificate.

Return type:


property ssh_user_certificates: SSHUserCertificatesClient#

SSH User Certificates are presented by SSH clients when connecting to an SSH server to authenticate their connection. The SSH server must trust the SSH Certificate Authority used to sign the certificate.

Return type:


property tls_certificates: TLSCertificatesClient#

TLS Certificates are pairs of x509 certificates and their matching private key that can be used to terminate TLS traffic. TLS certificates are unused until they are attached to a Domain. TLS Certificates may also be provisioned by ngrok automatically for domains on which you have enabled automated certificate provisioning.

Return type:


property tunnel_sessions: TunnelSessionsClient#

Tunnel Sessions represent instances of ngrok agents or SSH reverse tunnel sessions that are running and connected to the ngrok service. Each tunnel session can include one or more Tunnels.

Return type:


property tunnels: TunnelsClient#

Tunnels provide endpoints to access services exposed by a running ngrok agent tunnel session or an SSH reverse tunnel session.

Return type: