Tunnel Credentials#
Do not construct this object directly, instead access the
credentials property of an ngrok.Client object.
- class ngrok.services.CredentialsClient(client)[source]#
Tunnel Credentials are ngrok agent authtokens. They authorize the ngrok agent to connect the ngrok service as your account. They are installed with the
ngrok config add-authtokencommand or by specifying it in thengrok.ymlconfiguration file with theauthtokenproperty.- create(description='', metadata='', acl=[], owner_id=None)[source]#
Create a new tunnel authtoken credential. This authtoken credential can be used to start a new tunnel session. The response to this API call is the only time the generated token is available. If you need it for future use, you must save it securely yourself.
- Parameters:
description (
str) – human-readable description of who or what will use the credential to authenticate. Optional, max 255 bytes.metadata (
str) – arbitrary user-defined machine-readable data of this credential. Optional, max 4096 bytes.acl (
Sequence[str]) – optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is thebindrule. Thebindrule allows the caller to restrict what domains, addresses, and labels the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rulebind:example.ngrok.io. Bind rules for domains may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule ofbind:*.example.comwhich will allowx.example.com,y.example.com,*.example.com, etc. Bind rules for labels may specify a wildcard key and/or value to match multiple labels. For example, you may specify a rule ofbind:*=examplewhich will allowx=example,y=example, etc. A rule of'*'is equivalent to no acl at all and will explicitly permit all actions.owner_id (
Optional[str,None]) – If supplied at credential creation, ownership will be assigned to the specified User or Bot. Only admins may specify an owner other than themselves. Defaults to the authenticated User or Bot.
https://ngrok.com/docs/api#api-credentials-create
- Return type:
- delete(id)[source]#
Delete a tunnel authtoken credential by ID
- Parameters:
id (
str) – a resource identifier
- get(id)[source]#
Get detailed information about a tunnel authtoken credential
- Parameters:
id (
str) – a resource identifier
https://ngrok.com/docs/api#api-credentials-get
- Return type:
- list(before_id=None, limit=None)[source]#
List all tunnel authtoken credentials on this account
- Parameters:
before_id (
Optional[str,None]) –limit (
Optional[str,None]) –
https://ngrok.com/docs/api#api-credentials-list
- Return type:
- update(id, description=None, metadata=None, acl=None)[source]#
Update attributes of an tunnel authtoken credential by ID
- Parameters:
id (
str) –description (
Optional[str,None]) – human-readable description of who or what will use the credential to authenticate. Optional, max 255 bytes.metadata (
Optional[str,None]) – arbitrary user-defined machine-readable data of this credential. Optional, max 4096 bytes.acl (
Optional[Sequence[str],None]) – optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is thebindrule. Thebindrule allows the caller to restrict what domains, addresses, and labels the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rulebind:example.ngrok.io. Bind rules for domains may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule ofbind:*.example.comwhich will allowx.example.com,y.example.com,*.example.com, etc. Bind rules for labels may specify a wildcard key and/or value to match multiple labels. For example, you may specify a rule ofbind:*=examplewhich will allowx=example,y=example, etc. A rule of'*'is equivalent to no acl at all and will explicitly permit all actions.
https://ngrok.com/docs/api#api-credentials-update
- Return type: