Event Source Reference
Event Sources
Traffic Events
When network traffic transits through your endpoints, like HTTP requests or TCP connections, ngrok emits protocol-specific Traffic Events. Because Traffic Events are often high cardinality, they support the ability to select which fields to capture as well as the ability to specify a CEL filter expression to limit which events are captured.
| Event | Description |
|---|---|
http_request_complete.v0 | Triggers when an HTTP request completes. |
tcp_connection_closed.v0 | Triggers when a TCP connection to an endpoint closes. |
Audit Events
When you make configuration changes to your account ngrok emits Audit Events. These events can help you get visibility into when objects like Domains, API Keys, and IP Policies are created, updated, or deleted within your ngrok account.
| Event | Description |
|---|---|
agent_session_start.v0 | Triggers when an agent is started |
agent_session_stop.v0 | Triggers when an agent is stopped |
api_key_created.v0 | Triggers when an API key is created |
api_key_deleted.v0 | Triggers when an API key is deleted |
api_key_updated.v0 | Triggers when an API key is updated |
certificate_authority_created.v0 | Triggers when a certificate authority is created |
certificate_authority_deleted.v0 | Triggers when a certificate authority is deleted |
certificate_authority_updated.v0 | Triggers when a certificate authority is updated |
domain_created.v0 | Triggers when a domain is created |
domain_deleted.v0 | Triggers when a domain is deleted |
domain_updated.v0 | Triggers when a domain is updated |
event_destination_created.v0 | Triggers when an Event Destination is created |
event_destination_deleted.v0 | Triggers when an Event Destination is deleted |
event_destination_updated.v0 | Triggers when an Event Destination is updated |
event_subscription_created.v0 | Triggers when an Event Subscription is created |
event_subscription_deleted.v0 | Triggers when an Event Subscription is deleted |
event_subscription_updated.v0 | Triggers when an Event Subscription is updated |
ip_policy_created.v0 | Triggers when an IP Policy is created. |
ip_policy_deleted.v0 | Triggers when an IP Policy is deleted. |
ip_policy_updated.v0 | Triggers when an IP Policy is updated. |
ip_policy_rule_created.v0 | Triggers when an IP Policy Rule is created. |
ip_policy_rule_deleted.v0 | Triggers when an IP Policy Rule is deleted. |
ip_policy_rule_updated.v0 | Triggers when an IP Policy Rule is updated. |
ip_restriction_created.v0 | Triggers when an IP Restriction is created. |
ip_restriction_deleted.v0 | Triggers when an IP Restriction is deleted. |
ip_restriction_updated.v0 | Triggers when an IP Restriction is updated. |
ssh_certificate_authority_created.v0 | Triggers when an SSH certificate authority is created. |
ssh_certificate_authority_deleted.v0 | Triggers when an SSH certificate authority is deleted. |
ssh_certificate_authority_updated.v0 | Triggers when an SSH certificate authority is updated. |
ssh_host_certificate_created.v0 | Triggers when an SSH host certificate is created. |
ssh_host_certificate_deleted.v0 | Triggers when an SSH host certificate is deleted. |
ssh_host_certificate_updated.v0 | Triggers when an SSH host certificate is updated. |
ssh_public_key_created.v0 | Triggers when an SSH public key is created. |
ssh_public_key_deleted.v0 | Triggers when an SSH public key is deleted. |
ssh_public_key_updated.v0 | Triggers when an SSH public key is updated. |
ssh_user_certificate_created.v0 | Triggers when an SSH user certificate is created. |
ssh_user_certificate_deleted.v0 | Triggers when an SSH user certificate is deleted. |
ssh_user_certificate_updated.v0 | Triggers when an SSH user certificate is updated. |
tcp_address_created.v0 | Triggers when a TCP address is created. |
tcp_address_deleted.v0 | Triggers when a TCP address is deleted. |
tcp_address_updated.v0 | Triggers when a TCP address is updated. |
tls_certificate_created.v0 | Triggers when a TLS certificate is created. |
tls_certificate_deleted.v0 | Triggers when a TLS certificate is deleted. |
tls_certificate_updated.v0 | Triggers when a TLS certificate is updated. |
tunnel_credential_created.v0 | Triggers when a tunnel credential is created. |
tunnel_credential_deleted.v0 | Triggers when a tunnel credential is deleted. |
tunnel_credential_updated.v0 | Triggers when a tunnel credential is updated. |
Traffic Events
HTTP Request Complete
http_request_complete.v0
Triggers when an HTTP request completes.
| backend.connection_reused | bool | True if ngrok reused a TCP connection to transmit the HTTP request to the upstream service. | |
| basic_auth.decision | string | ‘allow’ if the Basic Auth module permitted the request to the upstream service, otherwise ‘block’ | |
| basic_auth.username | string | The username in the HTTP basic auth credentials | |
| circuit_breaker.decision | string | Whether the HTTP request was sent to the upstream service. ‘allow’ if the breaker was closed, ‘block’ if the breaker was open, ‘allow_while_open’ if the request was allowed while the breaker is open | |
| compression.algorithm | string | The compression algorithm used to encode responses from the endpoint. Either ‘gzip’, ‘deflate’, or ‘none’. | |
| compression.bytes_saved | int64 | The difference between the size of the raw response and the size of the response as compressed by the Compression Module | |
| conn.client_ip | string | filterable | The source IP of the TCP connection to the ngrok edge |
| conn.server_ip | string | filterable | The IP address of the server that received the request |
| conn.server_name | string | filterable | The hostname associated with this connection. |
| conn.server_port | int32 | filterable | The port that the connection for this request came in on |
| conn.start_ts | timestamp | The timestamp when the TCP connection to the ngrok edge is established | |
| http.request.body_length | int64 | The size of the request body in bytes | |
| http.request.headers | Map<string, List<string>> | A map of normalized headers from the requesting client. Header keys are capitalized and header values are lowercased. | |
| http.request.method | string | The request method, normalized to lowercase | |
| http.request.url.host | string | The host component of the request URL | |
| http.request.url.path | string | The path component of the request URL | |
| http.request.url.query | string | The query string component of the request URL | |
| http.request.url.raw | string | The full URL of the request including scheme, host, path, and query string | |
| http.request.url.scheme | string | The scheme component of the request URL | |
| http.request.user_agent | string | The value of the User-Agent header in the request received by ngrok edge | |
| http.response.body_length | int64 | The size of the response body in bytes | |
| http.response.headers | Map<string, List<string>> | A map of normalized response headers. Header keys are capitalized and header values are lowercased. | |
| http.response.status_code | int32 | The status code of the response returned by the ngrok edge | |
| ip_policy.decision | string | ‘allow’ if IP Policy module permitted the request to the upstream service, ‘block’ otherwise | |
| oauth.app_client_id | string | The OAuth application client ID | |
| oauth.decision | string | ‘allow’ if the OAuth module permitted the request to the upstream service, ‘block’ otherwise | |
| oauth.user.id | string | The authenticated user’s ID returned by the OAuth provider | |
| oauth.user.name | string | The authenticated user’s name returned by the OAuth provider | |
| tls.cipher_suite | string | The cipher suite selected during the TLS handshake | |
| tls.client_cert.serial_number | string | The serial number of the client’s leaf TLS certificate in the Mutual TLS handshake | |
| tls.client_cert.subject.cn | string | The subject common name of the client’s leaf TLS certificate in the Mutual TLS handshake | |
| tls.version | string | The version of the TLS protocol used between the client and the ngrok edge | |
| traffic_policy.logs | List<Map<string, any>> | The collection of logs generated by any configured Traffic Policy Log actions | |
| user_agent_filter.decision | string | ‘allow’ if the User Agent Filter module permitted the request to the upstream service, ‘block’ otherwise | |
| webhook_verification.decision | string | ‘allow’ if the Webhook Verification module permitted the request to the upstream service, ‘block’ otherwise |
TCP Connection Closed
tcp_connection_closed.v0
Triggers when a TCP connection to an endpoint closes.
| conn.bytes_in | int64 | The number of bytes arriving at an endpoint from the frontend | |
| conn.bytes_out | int64 | The number of bytes leaving an endpoint to the frontend | |
| conn.client_ip | string | filterable | The source IP of the TCP connection to the ngrok edge |
| conn.end_ts | timestamp | The timestamp when the TCP connection to the ngrok edge is closed | |
| conn.server_ip | string | filterable | The IP address of the server that received the request |
| conn.server_name | string | filterable | The hostname associated with this connection. |
| conn.server_port | int32 | filterable | The port that the connection for this request came in on |
| conn.start_ts | timestamp | The timestamp when the TCP connection to the ngrok edge is established | |
| ip_policy.decision | string | ‘allow’ if IP Policy module permitted the request to the upstream service, ‘block’ otherwise | |
| traffic_policy.logs | List<Map<string, any>> | The collection of logs generated by any configured Traffic Policy Log actions |
Audit Events
Agent
agent_session_start.v0
Triggers when an agent is started
| Field | Type | Description |
|---|---|---|
session.id | string | a resource identifier |
session.uri | string | a uri for locating a resource |
credential.id | string | a resource identifier |
credential.uri | string | a uri for locating a resource |
agent_ip | string | the ip address from which the agent is connecting |
ingress_server_ip | string | the ip address of the ingress server to which the agent is connecting |
region | string | the region of the tunnel server |
ingress_hostname | string | the hostname of the tunnel server |
user_agent | string | the user agent provided to the tunnel server by the agent |
metadata | string | the session metadata provided by the agent on connection |
os | string | the operating system of the machine on which the agent is running |
arch | string | the CPU architecture of the machine on which the agent is running |
transport | string | the transport protocol used internally by the agent "muxado" for agents and agent libraries, "ssh" for reverse SSH tunnels |
started_at | string | the time at which the session started |
expires_at | string | the time at which the session expires |
stopped_at | string | the time at which the session stopped |
deprecated.upcoming_minimum_version | string | the upcoming minimum supported agent version |
deprecated.upcoming_enforcement_date | string | the date by which the current agent must be upgraded to the upcoming minimum version |
deprecated.message | string | additional information about the agent deprecation |
error | string | on a failed session start, an explanation of the failure on a successful session start, the empty string on a session stop, the reason for the session stop |
agent_session_stop.v0
Triggers when an agent is stopped
| Field | Type | Description |
|---|---|---|
session.id | string | a resource identifier |
session.uri | string | a uri for locating a resource |
credential.id | string | a resource identifier |
credential.uri | string | a uri for locating a resource |
agent_ip | string | the ip address from which the agent is connecting |
ingress_server_ip | string | the ip address of the ingress server to which the agent is connecting |
region | string | the region of the tunnel server |
ingress_hostname | string | the hostname of the tunnel server |
user_agent | string | the user agent provided to the tunnel server by the agent |
metadata | string | the session metadata provided by the agent on connection |
os | string | the operating system of the machine on which the agent is running |
arch | string | the CPU architecture of the machine on which the agent is running |
transport | string | the transport protocol used internally by the agent "muxado" for agents and agent libraries, "ssh" for reverse SSH tunnels |
started_at | string | the time at which the session started |
expires_at | string | the time at which the session expires |
stopped_at | string | the time at which the session stopped |
deprecated.upcoming_minimum_version | string | the upcoming minimum supported agent version |
deprecated.upcoming_enforcement_date | string | the date by which the current agent must be upgraded to the upcoming minimum version |
deprecated.message | string | additional information about the agent deprecation |
error | string | on a failed session start, an explanation of the failure on a successful session start, the empty string on a session stop, the reason for the session stop |
API Key
api_key_created.v0
Triggers when an API key is created
| Field | Type | Description |
|---|---|---|
id | string | unique API key resource identifier |
uri | string | URI to the API resource of this API key |
description | string | human-readable description of what uses the API key to authenticate. optional, max 255 bytes. |
metadata | string | arbitrary user-defined data of this API key. optional, max 4096 bytes |
created_at | string | timestamp when the api key was created, RFC 3339 format |
token | string | the bearer token that can be placed into the Authorization header to authenticate request to the ngrok API. This value is only available one time, on the API response from key creation. Otherwise it is null. |
api_key_deleted.v0
Triggers when an API key is deleted
| Field | Type | Description |
|---|---|---|
id | string | unique API key resource identifier |
uri | string | URI to the API resource of this API key |
description | string | human-readable description of what uses the API key to authenticate. optional, max 255 bytes. |
metadata | string | arbitrary user-defined data of this API key. optional, max 4096 bytes |
created_at | string | timestamp when the api key was created, RFC 3339 format |
token | string | the bearer token that can be placed into the Authorization header to authenticate request to the ngrok API. This value is only available one time, on the API response from key creation. Otherwise it is null. |
api_key_updated.v0
Triggers when an API key is updated
| Field | Type | Description |
|---|---|---|
id | string | unique API key resource identifier |
uri | string | URI to the API resource of this API key |
description | string | human-readable description of what uses the API key to authenticate. optional, max 255 bytes. |
metadata | string | arbitrary user-defined data of this API key. optional, max 4096 bytes |
created_at | string | timestamp when the api key was created, RFC 3339 format |
token | string | the bearer token that can be placed into the Authorization header to authenticate request to the ngrok API. This value is only available one time, on the API response from key creation. Otherwise it is null. |
Certificate Authority
certificate_authority_created.v0
Triggers when a certificate authority is created
| Field | Type | Description |
|---|---|---|
id | string | unique identifier for this Certificate Authority |
uri | string | URI of the Certificate Authority API resource |
created_at | string | timestamp when the Certificate Authority was created, RFC 3339 format |
description | string | human-readable description of this Certificate Authority. optional, max 255 bytes. |
metadata | string | arbitrary user-defined machine-readable data of this Certificate Authority. optional, max 4096 bytes. |
ca_pem | string | raw PEM of the Certificate Authority |
subject_common_name | string | subject common name of the Certificate Authority |
not_before | string | timestamp when this Certificate Authority becomes valid, RFC 3339 format |
not_after | string | timestamp when this Certificate Authority becomes invalid, RFC 3339 format |
key_usages | List<string> | set of actions the private key of this Certificate Authority can be used for |
extended_key_usages | List<string> | extended set of actions the private key of this Certificate Authority can be used for |
certificate_authority_deleted.v0
Triggers when a certificate authority is deleted
| Field | Type | Description |
|---|---|---|
id | string | unique identifier for this Certificate Authority |
uri | string | URI of the Certificate Authority API resource |
created_at | string | timestamp when the Certificate Authority was created, RFC 3339 format |
description | string | human-readable description of this Certificate Authority. optional, max 255 bytes. |
metadata | string | arbitrary user-defined machine-readable data of this Certificate Authority. optional, max 4096 bytes. |
ca_pem | string | raw PEM of the Certificate Authority |
subject_common_name | string | subject common name of the Certificate Authority |
not_before | string | timestamp when this Certificate Authority becomes valid, RFC 3339 format |
not_after | string | timestamp when this Certificate Authority becomes invalid, RFC 3339 format |
key_usages | List<string> | set of actions the private key of this Certificate Authority can be used for |
extended_key_usages | List<string> | extended set of actions the private key of this Certificate Authority can be used for |
certificate_authority_updated.v0
Triggers when a certificate authority is updated
| Field | Type | Description |
|---|---|---|
id | string | unique identifier for this Certificate Authority |
uri | string | URI of the Certificate Authority API resource |
created_at | string | timestamp when the Certificate Authority was created, RFC 3339 format |
description | string | human-readable description of this Certificate Authority. optional, max 255 bytes. |
metadata | string | arbitrary user-defined machine-readable data of this Certificate Authority. optional, max 4096 bytes. |
ca_pem | string | raw PEM of the Certificate Authority |
subject_common_name | string | subject common name of the Certificate Authority |
not_before | string | timestamp when this Certificate Authority becomes valid, RFC 3339 format |
not_after | string | timestamp when this Certificate Authority becomes invalid, RFC 3339 format |
key_usages | List<string> | set of actions the private key of this Certificate Authority can be used for |
extended_key_usages | List<string> | extended set of actions the private key of this Certificate Authority can be used for |
Domain
domain_created.v0
Triggers when a domain is created
| Field | Type | Description |
|---|---|---|
id | string | unique reserved domain resource identifier |
uri | string | URI of the reserved domain API resource |
created_at | string | timestamp when the reserved domain was created, RFC 3339 format |
description | string | human-readable description of what this reserved domain will be used for |
metadata | string | arbitrary user-defined machine-readable data of this reserved domain. Optional, max 4096 bytes. |
domain | string | hostname of the reserved domain |
region | string | deprecated: With the launch of the ngrok Global Network domains traffic is now handled globally. This field applied only to endpoints. Note that agents may still connect to specific regions. Optional, null by default. (au, eu, ap, us, us-cal-1, jp, in, sa) |
cname_target | string | DNS CNAME target for a custom hostname, or null if the reserved domain is a subdomain of an ngrok domain |
certificate.id | string | a resource identifier |
certificate.uri | string | a uri for locating a resource |
certificate_management_policy.authority | string | certificate authority to request certificates from. The only supported value is letsencrypt.` |
certificate_management_policy.private_key_type | string | type of private key to use when requesting certificates. Defaults to rsa, can be either rsa or ecdsa. |
certificate_management_status.renews_at | string | timestamp when the next renewal will be requested, RFC 3339 format |
certificate_management_status.provisioning_job.error_code | string | if present, an error code indicating why provisioning is failing. It may be either a temporary condition (INTERNAL_ERROR), or a permanent one the user must correct (DNS_ERROR). |
certificate_management_status.provisioning_job.msg | string | a message describing the current status or error |
certificate_management_status.provisioning_job.started_at | string | timestamp when the provisioning job started, RFC 3339 format |
certificate_management_status.provisioning_job.retries_at | string | timestamp when the provisioning job will be retried |
acme_challenge_cname_target | string | DNS CNAME target for the host _acme-challenge.example.com, where example.com is your reserved domain name. This is required to issue certificates for wildcard, non-ngrok reserved domains. Must be null for non-wildcard domains and ngrok subdomains. |
domain_deleted.v0
Triggers when a domain is deleted
| Field | Type | Description |
|---|---|---|
id | string | unique reserved domain resource identifier |
uri | string | URI of the reserved domain API resource |
created_at | string | timestamp when the reserved domain was created, RFC 3339 format |
description | string | human-readable description of what this reserved domain will be used for |
metadata | string | arbitrary user-defined machine-readable data of this reserved domain. Optional, max 4096 bytes. |
domain | string | hostname of the reserved domain |
region | string | deprecated: With the launch of the ngrok Global Network domains traffic is now handled globally. This field applied only to endpoints. Note that agents may still connect to specific regions. Optional, null by default. (au, eu, ap, us, us-cal-1, jp, in, sa) |
cname_target | string | DNS CNAME target for a custom hostname, or null if the reserved domain is a subdomain of *.ngrok.io |
certificate.id | string | a resource identifier |
certificate.uri | string | a uri for locating a resource |
certificate_management_policy.authority | string | certificate authority to request certificates from. The only supported value is letsencrypt.` |
certificate_management_policy.private_key_type | string | type of private key to use when requesting certificates. Defaults to rsa, can be either rsa or ecdsa. |
certificate_management_status.renews_at | string | timestamp when the next renewal will be requested, RFC 3339 format |
certificate_management_status.provisioning_job.error_code | string | if present, an error code indicating why provisioning is failing. It may be either a temporary condition (INTERNAL_ERROR), or a permanent one the user must correct (DNS_ERROR). |
certificate_management_status.provisioning_job.msg | string | a message describing the current status or error |
certificate_management_status.provisioning_job.started_at | string | timestamp when the provisioning job started, RFC 3339 format |
certificate_management_status.provisioning_job.retries_at | string | timestamp when the provisioning job will be retried |
acme_challenge_cname_target | string | DNS CNAME target for the host _acme-challenge.example.com, where example.com is your reserved domain name. This is required to issue certificates for wildcard, non-ngrok reserved domains. Must be null for non-wildcard domains and ngrok subdomains. |
domain_updated.v0
Triggers when a domain is updated
| Field | Type | Description |
|---|---|---|
id | string | unique reserved domain resource identifier |
uri | string | URI of the reserved domain API resource |
created_at | string | timestamp when the reserved domain was created, RFC 3339 format |
description | string | human-readable description of what this reserved domain will be used for |
metadata | string | arbitrary user-defined machine-readable data of this reserved domain. Optional, max 4096 bytes. |
domain | string | hostname of the reserved domain |
region | string | deprecated: With the launch of the ngrok Global Network domains traffic is now handled globally. This field applied only to endpoints. Note that agents may still connect to specific regions. Optional, null by default. (au, eu, ap, us, us-cal-1, jp, in, sa) |
cname_target | string | DNS CNAME target for a custom hostname, or null if the reserved domain is a subdomain of *.ngrok.io |
certificate.id | string | a resource identifier |
certificate.uri | string | a uri for locating a resource |
certificate_management_policy.authority | string | certificate authority to request certificates from. The only supported value is letsencrypt.` |
certificate_management_policy.private_key_type | string | type of private key to use when requesting certificates. Defaults to rsa, can be either rsa or ecdsa. |
certificate_management_status.renews_at | string | timestamp when the next renewal will be requested, RFC 3339 format |
certificate_management_status.provisioning_job.error_code | string | if present, an error code indicating why provisioning is failing. It may be either a temporary condition (INTERNAL_ERROR), or a permanent one the user must correct (DNS_ERROR). |
certificate_management_status.provisioning_job.msg | string | a message describing the current status or error |
certificate_management_status.provisioning_job.started_at | string | timestamp when the provisioning job started, RFC 3339 format |
certificate_management_status.provisioning_job.retries_at | string | timestamp when the provisioning job will be retried |
acme_challenge_cname_target | string | DNS CNAME target for the host _acme-challenge.example.com, where example.com is your reserved domain name. This is required to issue certificates for wildcard, non-ngrok reserved domains. Must be null for non-wildcard domains and ngrok subdomains. |
Event Destination
event_destination_created.v0
Triggers when an Event Destination is created
| Field | Type | Description |
|---|---|---|
id | string | Unique identifier for this Event Destination. |
metadata | string | Arbitrary user-defined machine-readable data of this Event Destination. Optional, max 4096 bytes. |
created_at | string | Timestamp when the Event Destination was created, RFC 3339 format. |
description | string | Human-readable description of the Event Destination. Optional, max 255 bytes. |
format | string | The output format you would like to serialize events into when sending to their target. Currently the only accepted value is JSON.` |
target.firehose.auth.role.role_arn | string | An ARN that specifies the role that ngrok should use to deliver to the configured target. |
target.firehose.auth.creds.aws_access_key_id | string | The ID portion of an AWS access key. |
target.firehose.auth.creds.aws_secret_access_key | string | The secret portion of an AWS access key. |
target.firehose.delivery_stream_arn | string | An Amazon Resource Name specifying the Firehose delivery stream to deposit events into. |
target.kinesis.auth.role.role_arn | string | An ARN that specifies the role that ngrok should use to deliver to the configured target. |
target.kinesis.auth.creds.aws_access_key_id | string | The ID portion of an AWS access key. |
target.kinesis.auth.creds.aws_secret_access_key | string | The secret portion of an AWS access key. |
target.kinesis.stream_arn | string | An Amazon Resource Name specifying the Kinesis stream to deposit events into. |
target.cloudwatch_logs.auth.role.role_arn | string | An ARN that specifies the role that ngrok should use to deliver to the configured target. |
target.cloudwatch_logs.auth.creds.aws_access_key_id | string | The ID portion of an AWS access key. |
target.cloudwatch_logs.auth.creds.aws_secret_access_key | string | The secret portion of an AWS access key. |
target.cloudwatch_logs.log_group_arn | string | An Amazon Resource Name specifying the CloudWatch Logs group to deposit events into. |
uri | string | URI of the Event Destination API resource. |
event_destination_deleted.v0
Triggers when an Event Destination is deleted
| Field | Type | Description |
|---|---|---|
id | string | Unique identifier for this Event Destination. |
metadata | string | Arbitrary user-defined machine-readable data of this Event Destination. Optional, max 4096 bytes. |
created_at | string | Timestamp when the Event Destination was created, RFC 3339 format. |
description | string | Human-readable description of the Event Destination. Optional, max 255 bytes. |
format | string | The output format you would like to serialize events into when sending to their target. Currently the only accepted value is JSON.` |
target.firehose.auth.role.role_arn | string | An ARN that specifies the role that ngrok should use to deliver to the configured target. |
target.firehose.auth.creds.aws_access_key_id | string | The ID portion of an AWS access key. |
target.firehose.auth.creds.aws_secret_access_key | string | The secret portion of an AWS access key. |
target.firehose.delivery_stream_arn | string | An Amazon Resource Name specifying the Firehose delivery stream to deposit events into. |
target.kinesis.auth.role.role_arn | string | An ARN that specifies the role that ngrok should use to deliver to the configured target. |
target.kinesis.auth.creds.aws_access_key_id | string | The ID portion of an AWS access key. |
target.kinesis.auth.creds.aws_secret_access_key | string | The secret portion of an AWS access key. |
target.kinesis.stream_arn | string | An Amazon Resource Name specifying the Kinesis stream to deposit events into. |
target.cloudwatch_logs.auth.role.role_arn | string | An ARN that specifies the role that ngrok should use to deliver to the configured target. |
target.cloudwatch_logs.auth.creds.aws_access_key_id | string | The ID portion of an AWS access key. |
target.cloudwatch_logs.auth.creds.aws_secret_access_key | string | The secret portion of an AWS access key. |
target.cloudwatch_logs.log_group_arn | string | An Amazon Resource Name specifying the CloudWatch Logs group to deposit events into. |
uri | string | URI of the Event Destination API resource. |
event_destination_updated.v0
Triggers when an Event Destination is updated
| Field | Type | Description |
|---|---|---|
id | string | Unique identifier for this Event Destination. |
metadata | string | Arbitrary user-defined machine-readable data of this Event Destination. Optional, max 4096 bytes. |
created_at | string | Timestamp when the Event Destination was created, RFC 3339 format. |
description | string | Human-readable description of the Event Destination. Optional, max 255 bytes. |
format | string | The output format you would like to serialize events into when sending to their target. Currently the only accepted value is JSON.` |
target.firehose.auth.role.role_arn | string | An ARN that specifies the role that ngrok should use to deliver to the configured target. |
target.firehose.auth.creds.aws_access_key_id | string | The ID portion of an AWS access key. |
target.firehose.auth.creds.aws_secret_access_key | string | The secret portion of an AWS access key. |
target.firehose.delivery_stream_arn | string | An Amazon Resource Name specifying the Firehose delivery stream to deposit events into. |
target.kinesis.auth.role.role_arn | string | An ARN that specifies the role that ngrok should use to deliver to the configured target. |
target.kinesis.auth.creds.aws_access_key_id | string | The ID portion of an AWS access key. |
target.kinesis.auth.creds.aws_secret_access_key | string | The secret portion of an AWS access key. |
target.kinesis.stream_arn | string | An Amazon Resource Name specifying the Kinesis stream to deposit events into. |
target.cloudwatch_logs.auth.role.role_arn | string | An ARN that specifies the role that ngrok should use to deliver to the configured target. |
target.cloudwatch_logs.auth.creds.aws_access_key_id | string | The ID portion of an AWS access key. |
target.cloudwatch_logs.auth.creds.aws_secret_access_key | string | The secret portion of an AWS access key. |
target.cloudwatch_logs.log_group_arn | string | An Amazon Resource Name specifying the CloudWatch Logs group to deposit events into. |
uri | string | URI of the Event Destination API resource. |
Event Subscription
event_subscription_created.v0
Triggers when an Event Subscription is created
| Field | Type | Description |
|---|---|---|
id | string | Unique identifier for this Event Subscription. |
uri | string | URI of the Event Subscription API resource. |
created_at | string | When the Event Subscription was created (RFC 3339 format). |
metadata | string | Arbitrary customer supplied information intended to be machine readable. Optional, max 4096 chars. |
description | string | Arbitrary customer supplied information intended to be human readable. Optional, max 255 chars. |
sources.type | string | Type of event for which an event subscription will trigger |
sources.uri | string | URI of the Event Source API resource. |
destinations.id | string | a resource identifier |
destinations.uri | string | a uri for locating a resource |
event_subscription_deleted.v0
Triggers when an Event Subscription is deleted
| Field | Type | Description |
|---|---|---|
id | string | Unique identifier for this Event Subscription. |
uri | string | URI of the Event Subscription API resource. |
created_at | string | When the Event Subscription was created (RFC 3339 format). |
metadata | string | Arbitrary customer supplied information intended to be machine readable. Optional, max 4096 chars. |
description | string | Arbitrary customer supplied information intended to be human readable. Optional, max 255 chars. |
sources.type | string | Type of event for which an event subscription will trigger |
sources.uri | string | URI of the Event Source API resource. |
destinations.id | string | a resource identifier |
destinations.uri | string | a uri for locating a resource |
event_subscription_updated.v0
Triggers when an Event Subscription is updated
| Field | Type | Description |
|---|---|---|
id | string | Unique identifier for this Event Subscription. |
uri | string | URI of the Event Subscription API resource. |
created_at | string | When the Event Subscription was created (RFC 3339 format). |
metadata | string | Arbitrary customer supplied information intended to be machine readable. Optional, max 4096 chars. |
description | string | Arbitrary customer supplied information intended to be human readable. Optional, max 255 chars. |
sources.type | string | Type of event for which an event subscription will trigger |
sources.uri | string | URI of the Event Source API resource. |
destinations.id | string | a resource identifier |
destinations.uri | string | a uri for locating a resource |
IP Policy
ip_policy_created.v0
Triggers when an IP Policy is created
| Field | Type | Description |
|---|---|---|
id | string | unique identifier for this IP policy |
uri | string | URI of the IP Policy API resource |
created_at | string | timestamp when the IP policy was created, RFC 3339 format |
description | string | human-readable description of the source IPs of this IP policy. optional, max 255 bytes. |
metadata | string | arbitrary user-defined machine-readable data of this IP policy. optional, max 4096 bytes. |
ip_policy_updated.v0
Triggers when an IP Policy is updated
| Field | Type | Description |
|---|---|---|
id | string | unique identifier for this IP policy |
uri | string | URI of the IP Policy API resource |
created_at | string | timestamp when the IP policy was created, RFC 3339 format |
description | string | human-readable description of the source IPs of this IP policy. optional, max 255 bytes. |
metadata | string | arbitrary user-defined machine-readable data of this IP policy. optional, max 4096 bytes. |
ip_policy_deleted.v0
Triggers when an IP Policy is deleted
| Field | Type | Description |
|---|---|---|
id | string | unique identifier for this IP policy |
uri | string | URI of the IP Policy API resource |
created_at | string | timestamp when the IP policy was created, RFC 3339 format |
description | string | human-readable description of the source IPs of this IP policy. optional, max 255 bytes. |
metadata | string | arbitrary user-defined machine-readable data of this IP policy. optional, max 4096 bytes. |
IP Policy Rule
ip_policy_rule_created.v0
Triggers when an IP Policy Rule is created
| Field | Type | Description |
|---|---|---|
id | string | unique identifier for this IP policy rule |
uri | string | URI of the IP policy rule API resource |
created_at | string | timestamp when the IP policy rule was created, RFC 3339 format |
description | string | human-readable description of the source IPs of this IP rule. optional, max 255 bytes. |
metadata | string | arbitrary user-defined machine-readable data of this IP policy rule. optional, max 4096 bytes. |
cidr | string | an IP or IP range specified in CIDR notation. IPv4 and IPv6 are both supported. |
ip_policy.id | string | a resource identifier |
ip_policy.uri | string | a uri for locating a resource |
action | string | the action to apply to the policy rule, either allow or deny |
ip_policy_rule_deleted.v0
Triggers when an IP Policy Rule is deleted
| Field | Type | Description |
|---|---|---|
id | string | unique identifier for this IP policy rule |
uri | string | URI of the IP policy rule API resource |
created_at | string | timestamp when the IP policy rule was created, RFC 3339 format |
description | string | human-readable description of the source IPs of this IP rule. optional, max 255 bytes. |
metadata | string | arbitrary user-defined machine-readable data of this IP policy rule. optional, max 4096 bytes. |
cidr | string | an IP or IP range specified in CIDR notation. IPv4 and IPv6 are both supported. |
ip_policy.id | string | a resource identifier |
ip_policy.uri | string | a uri for locating a resource |
action | string | the action to apply to the policy rule, either allow or deny |
ip_policy_rule_updated.v0
Triggers when an IP Policy Rule is updated
| Field | Type | Description |
|---|---|---|
id | string | unique identifier for this IP policy rule |
uri | string | URI of the IP policy rule API resource |
created_at | string | timestamp when the IP policy rule was created, RFC 3339 format |
description | string | human-readable description of the source IPs of this IP rule. optional, max 255 bytes. |
metadata | string | arbitrary user-defined machine-readable data of this IP policy rule. optional, max 4096 bytes. |
cidr | string | an IP or IP range specified in CIDR notation. IPv4 and IPv6 are both supported. |
ip_policy.id | string | a resource identifier |
ip_policy.uri | string | a uri for locating a resource |
action | string | the action to apply to the policy rule, either allow or deny |
IP Restriction
ip_restriction_created.v0
Triggers when an IP Restriction is created
| Field | Type | Description |
|---|---|---|
id | string | unique identifier for this IP restriction |
uri | string | URI of the IP restriction API resource |
created_at | string | timestamp when the IP restriction was created, RFC 3339 format |
description | string | human-readable description of this IP restriction. optional, max 255 bytes. |
metadata | string | arbitrary user-defined machine-readable data of this IP restriction. optional, max 4096 bytes. |
enforced | boolean | true if the IP restriction will be enforced. if false, only warnings will be issued |
type | string | the type of IP restriction. this defines what traffic will be restricted with the attached policies. four values are currently supported: dashboard, api, agent,andendpoints` |
ip_policies.id | string | a resource identifier |
ip_policies.uri | string | a uri for locating a resource |
ip_restriction_deleted.v0
Triggers when an IP Restriction is deleted
| Field | Type | Description |
|---|---|---|
id | string | unique identifier for this IP restriction |
uri | string | URI of the IP restriction API resource |
created_at | string | timestamp when the IP restriction was created, RFC 3339 format |
description | string | human-readable description of this IP restriction. optional, max 255 bytes. |
metadata | string | arbitrary user-defined machine-readable data of this IP restriction. optional, max 4096 bytes. |
enforced | boolean | true if the IP restriction will be enforced. if false, only warnings will be issued |
type | string | the type of IP restriction. this defines what traffic will be restricted with the attached policies. four values are currently supported: dashboard, api, agent,andendpoints` |
ip_policies.id | string | a resource identifier |
ip_policies.uri | string | a uri for locating a resource |
ip_restriction_updated.v0
Triggers when an IP Restriction is updated
| Field | Type | Description |
|---|---|---|
id | string | unique identifier for this IP restriction |
uri | string | URI of the IP restriction API resource |
created_at | string | timestamp when the IP restriction was created, RFC 3339 format |
description | string | human-readable description of this IP restriction. optional, max 255 bytes. |
metadata | string | arbitrary user-defined machine-readable data of this IP restriction. optional, max 4096 bytes. |
enforced | boolean | true if the IP restriction will be enforced. if false, only warnings will be issued |
type | string | the type of IP restriction. this defines what traffic will be restricted with the attached policies. four values are currently supported: dashboard, api, agent,andendpoints` |
ip_policies.id | string | a resource identifier |
ip_policies.uri | string | a uri for locating a resource |
SSH Certificate Authority
ssh_certificate_authority_created.v0
Triggers when an SSH certificate authority is created
| Field | Type | Description |
|---|---|---|
id | string | unique identifier for this SSH Certificate Authority |
uri | string | URI of the SSH Certificate Authority API resource |
created_at | string | timestamp when the SSH Certificate Authority API resource was created, RFC 3339 format |
description | string | human-readable description of this SSH Certificate Authority. optional, max 255 bytes. |
metadata | string | arbitrary user-defined machine-readable data of this SSH Certificate Authority. optional, max 4096 bytes. |
public_key | string | raw public key for this SSH Certificate Authority |
key_type | string | the type of private key for this SSH Certificate Authority |
ssh_certificate_authority_deleted.v0
Triggers when an SSH certificate authority is deleted
| Field | Type | Description |
|---|---|---|
id | string | unique identifier for this SSH Certificate Authority |
uri | string | URI of the SSH Certificate Authority API resource |
created_at | string | timestamp when the SSH Certificate Authority API resource was created, RFC 3339 format |
description | string | human-readable description of this SSH Certificate Authority. optional, max 255 bytes. |
metadata | string | arbitrary user-defined machine-readable data of this SSH Certificate Authority. optional, max 4096 bytes. |
public_key | string | raw public key for this SSH Certificate Authority |
key_type | string | the type of private key for this SSH Certificate Authority |
ssh_certificate_authority_updated.v0
Triggers when an SSH certificate authority is updated
| Field | Type | Description |
|---|---|---|
id | string | unique identifier for this SSH Certificate Authority |
uri | string | URI of the SSH Certificate Authority API resource |
created_at | string | timestamp when the SSH Certificate Authority API resource was created, RFC 3339 format |
description | string | human-readable description of this SSH Certificate Authority. optional, max 255 bytes. |
metadata | string | arbitrary user-defined machine-readable data of this SSH Certificate Authority. optional, max 4096 bytes. |
public_key | string | raw public key for this SSH Certificate Authority |
key_type | string | the type of private key for this SSH Certificate Authority |
SSH Host Certificate
ssh_host_certificate_created.v0
Triggers when an SSH host certificate is created
| Field | Type | Description |
|---|---|---|
id | string | unique identifier for this SSH Host Certificate |
uri | string | URI of the SSH Host Certificate API resource |
created_at | string | timestamp when the SSH Host Certificate API resource was created, RFC 3339 format |
description | string | human-readable description of this SSH Host Certificate. optional, max 255 bytes. |
metadata | string | arbitrary user-defined machine-readable data of this SSH Host Certificate. optional, max 4096 bytes. |
public_key | string | a public key in OpenSSH Authorized Keys format that this certificate signs |
key_type | string | the key type of the public_key,one ofrsa, ecdsa or ed25519 |
ssh_certificate_authority_id | string | the ssh certificate authority that is used to sign this ssh host certificate |
principals | List<string> | the list of principals included in the ssh host certificate. This is the list of hostnames and/or IP addresses that are authorized to serve SSH traffic with this certificate. Dangerously, if no principals are specified, this certificate is considered valid for all hosts. |
valid_after | string | the time when the ssh host certificate becomes valid, in RFC 3339 format. |
valid_until | string | the time after which the ssh host certificate becomes invalid, in RFC 3339 format. the OpenSSH certificates RFC calls this valid_before.` |
certificate | string | the signed SSH certificate in OpenSSH Authorized Keys format. this value should be placed in a -cert.pub certificate file on disk that should be referenced in your sshd_config configuration file with a HostCertificate directive |
ssh_host_certificate_deleted.v0
Triggers when an SSH host certificate is deleted
| Field | Type | Description |
|---|---|---|
id | string | unique identifier for this SSH Host Certificate |
uri | string | URI of the SSH Host Certificate API resource |
created_at | string | timestamp when the SSH Host Certificate API resource was created, RFC 3339 format |
description | string | human-readable description of this SSH Host Certificate. optional, max 255 bytes. |
metadata | string | arbitrary user-defined machine-readable data of this SSH Host Certificate. optional, max 4096 bytes. |
public_key | string | a public key in OpenSSH Authorized Keys format that this certificate signs |
key_type | string | the key type of the public_key,one ofrsa, ecdsa or ed25519 |
ssh_certificate_authority_id | string | the ssh certificate authority that is used to sign this ssh host certificate |
principals | List<string> | the list of principals included in the ssh host certificate. This is the list of hostnames and/or IP addresses that are authorized to serve SSH traffic with this certificate. Dangerously, if no principals are specified, this certificate is considered valid for all hosts. |
valid_after | string | the time when the ssh host certificate becomes valid, in RFC 3339 format. |
valid_until | string | the time after which the ssh host certificate becomes invalid, in RFC 3339 format. the OpenSSH certificates RFC calls this valid_before.` |
certificate | string | the signed SSH certificate in OpenSSH Authorized Keys format. this value should be placed in a -cert.pub certificate file on disk that should be referenced in your sshd_config configuration file with a HostCertificate directive |
ssh_host_certificate_updated.v0
Triggers when an SSH host certificate is updated
| Field | Type | Description |
|---|---|---|
id | string | unique identifier for this SSH Host Certificate |
uri | string | URI of the SSH Host Certificate API resource |
created_at | string | timestamp when the SSH Host Certificate API resource was created, RFC 3339 format |
description | string | human-readable description of this SSH Host Certificate. optional, max 255 bytes. |
metadata | string | arbitrary user-defined machine-readable data of this SSH Host Certificate. optional, max 4096 bytes. |
public_key | string | a public key in OpenSSH Authorized Keys format that this certificate signs |
key_type | string | the key type of the public_key,one ofrsa, ecdsa or ed25519 |
ssh_certificate_authority_id | string | the ssh certificate authority that is used to sign this ssh host certificate |
principals | List<string> | the list of principals included in the ssh host certificate. This is the list of hostnames and/or IP addresses that are authorized to serve SSH traffic with this certificate. Dangerously, if no principals are specified, this certificate is considered valid for all hosts. |
valid_after | string | the time when the ssh host certificate becomes valid, in RFC 3339 format. |
valid_until | string | the time after which the ssh host certificate becomes invalid, in RFC 3339 format. the OpenSSH certificates RFC calls this valid_before.` |
certificate | string | the signed SSH certificate in OpenSSH Authorized Keys format. this value should be placed in a -cert.pub certificate file on disk that should be referenced in your sshd_config configuration file with a HostCertificate directive |
SSH Public Key
ssh_public_key_created.v0
Triggers when an SSH public key is created
| Field | Type | Description |
|---|---|---|
id | string | unique ssh credential resource identifier |
uri | string | URI of the ssh credential API resource |
created_at | string | timestamp when the ssh credential was created, RFC 3339 format |
description | string | human-readable description of who or what will use the ssh credential to authenticate. Optional, max 255 bytes. |
metadata | string | arbitrary user-defined machine-readable data of this ssh credential. Optional, max 4096 bytes. |
public_key | string | the PEM-encoded public key of the SSH key pair that will be used to authenticate |
acl | List<string> | optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the bind rule. The bind rule allows the caller to restrict what domains and addresses the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule bind:example.ngrok.io.Bind rules may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule ofbind:.example.comwhich will allowx.example.com, y.example.com, .example.com,etc. A rule of'\*' is equivalent to no acl at all and will explicitly permit all actions. |
ssh_public_key_deleted.v0
Triggers when an SSH public key is deleted
| Field | Type | Description |
|---|---|---|
id | string | unique ssh credential resource identifier |
uri | string | URI of the ssh credential API resource |
created_at | string | timestamp when the ssh credential was created, RFC 3339 format |
description | string | human-readable description of who or what will use the ssh credential to authenticate. Optional, max 255 bytes. |
metadata | string | arbitrary user-defined machine-readable data of this ssh credential. Optional, max 4096 bytes. |
public_key | string | the PEM-encoded public key of the SSH key pair that will be used to authenticate |
acl | List<string> | optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the bind rule. The bind rule allows the caller to restrict what domains and addresses the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule bind:example.ngrok.io.Bind rules may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule ofbind:.example.comwhich will allowx.example.com, y.example.com, .example.com,etc. A rule of'\*' is equivalent to no acl at all and will explicitly permit all actions. |
ssh_public_key_updated.v0
Triggers when an SSH public key is updated
| Field | Type | Description |
|---|---|---|
id | string | unique ssh credential resource identifier |
uri | string | URI of the ssh credential API resource |
created_at | string | timestamp when the ssh credential was created, RFC 3339 format |
description | string | human-readable description of who or what will use the ssh credential to authenticate. Optional, max 255 bytes. |
metadata | string | arbitrary user-defined machine-readable data of this ssh credential. Optional, max 4096 bytes. |
public_key | string | the PEM-encoded public key of the SSH key pair that will be used to authenticate |
acl | List<string> | optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the bind rule. The bind rule allows the caller to restrict what domains and addresses the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule bind:example.ngrok.io.Bind rules may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule ofbind:.example.comwhich will allowx.example.com, y.example.com, .example.com,etc. A rule of'\*' is equivalent to no acl at all and will explicitly permit all actions. |
SSH User Certificate
ssh_user_certificate_created.v0
Triggers when an SSH user certificate is created
| Field | Type | Description |
|---|---|---|
id | string | unique identifier for this SSH User Certificate |
uri | string | URI of the SSH User Certificate API resource |
created_at | string | timestamp when the SSH User Certificate API resource was created, RFC 3339 format |
description | string | human-readable description of this SSH User Certificate. optional, max 255 bytes. |
metadata | string | arbitrary user-defined machine-readable data of this SSH User Certificate. optional, max 4096 bytes. |
public_key | string | a public key in OpenSSH Authorized Keys format that this certificate signs |
key_type | string | the key type of the public_key,one ofrsa, ecdsa or ed25519 |
ssh_certificate_authority_id | string | the ssh certificate authority that is used to sign this ssh user certificate |
principals | List<string> | the list of principals included in the ssh user certificate. This is the list of usernames that the certificate holder may sign in as on a machine authorizing the signing certificate authority. Dangerously, if no principals are specified, this certificate may be used to log in as any user. |
critical_options | Map<string, string> | A map of critical options included in the certificate. Only two critical options are currently defined by OpenSSH: force-command and source-address.` See the OpenSSH certificate protocol spec for additional details. |
extensions | Map<string, string> | A map of extensions included in the certificate. Extensions are additional metadata that can be interpreted by the SSH server for any purpose. These can be used to permit or deny the ability to open a terminal, do port forwarding, x11 forwarding, and more. If unspecified, the certificate will include limited permissions with the following extension map: {"permit-pty": "", "permit-user-rc": ""}` OpenSSH understands a number of predefined extensions. See the OpenSSH certificate protocol spec for additional details. |
valid_after | string | the time when the ssh host certificate becomes valid, in RFC 3339 format. |
valid_until | string | the time after which the ssh host certificate becomes invalid, in RFC 3339 format. the OpenSSH certificates RFC calls this valid_before.` |
certificate | string | the signed SSH certificate in OpenSSH Authorized Keys Format. this value should be placed in a -cert.pub certificate file on disk that should be referenced in your sshd_config configuration file with a HostCertificate directive |
ssh_user_certificate_deleted.v0
Triggers when an SSH user certificate is deleted
| Field | Type | Description |
|---|---|---|
id | string | unique identifier for this SSH User Certificate |
uri | string | URI of the SSH User Certificate API resource |
created_at | string | timestamp when the SSH User Certificate API resource was created, RFC 3339 format |
description | string | human-readable description of this SSH User Certificate. optional, max 255 bytes. |
metadata | string | arbitrary user-defined machine-readable data of this SSH User Certificate. optional, max 4096 bytes. |
public_key | string | a public key in OpenSSH Authorized Keys format that this certificate signs |
key_type | string | the key type of the public_key,one ofrsa, ecdsa or ed25519 |
ssh_certificate_authority_id | string | the ssh certificate authority that is used to sign this ssh user certificate |
principals | List<string> | the list of principals included in the ssh user certificate. This is the list of usernames that the certificate holder may sign in as on a machine authorizing the signing certificate authority. Dangerously, if no principals are specified, this certificate may be used to log in as any user. |
critical_options | Map<string, string> | A map of critical options included in the certificate. Only two critical options are currently defined by OpenSSH: force-command and source-address.` See the OpenSSH certificate protocol spec for additional details. |
extensions | Map<string, string> | A map of extensions included in the certificate. Extensions are additional metadata that can be interpreted by the SSH server for any purpose. These can be used to permit or deny the ability to open a terminal, do port forwarding, x11 forwarding, and more. If unspecified, the certificate will include limited permissions with the following extension map: {"permit-pty": "", "permit-user-rc": ""}` OpenSSH understands a number of predefined extensions. See the OpenSSH certificate protocol spec for additional details. |
valid_after | string | the time when the ssh host certificate becomes valid, in RFC 3339 format. |
valid_until | string | the time after which the ssh host certificate becomes invalid, in RFC 3339 format. the OpenSSH certificates RFC calls this valid_before.` |
certificate | string | the signed SSH certificate in OpenSSH Authorized Keys Format. this value should be placed in a -cert.pub certificate file on disk that should be referenced in your sshd_config configuration file with a HostCertificate directive |
ssh_user_certificate_updated.v0
Triggers when an SSH user certificate is updated
| Field | Type | Description |
|---|---|---|
id | string | unique identifier for this SSH User Certificate |
uri | string | URI of the SSH User Certificate API resource |
created_at | string | timestamp when the SSH User Certificate API resource was created, RFC 3339 format |
description | string | human-readable description of this SSH User Certificate. optional, max 255 bytes. |
metadata | string | arbitrary user-defined machine-readable data of this SSH User Certificate. optional, max 4096 bytes. |
public_key | string | a public key in OpenSSH Authorized Keys format that this certificate signs |
key_type | string | the key type of the public_key,one ofrsa, ecdsa or ed25519 |
ssh_certificate_authority_id | string | the ssh certificate authority that is used to sign this ssh user certificate |
principals | List<string> | the list of principals included in the ssh user certificate. This is the list of usernames that the certificate holder may sign in as on a machine authorizing the signing certificate authority. Dangerously, if no principals are specified, this certificate may be used to log in as any user. |
critical_options | Map<string, string> | A map of critical options included in the certificate. Only two critical options are currently defined by OpenSSH: force-command and source-address.` See the OpenSSH certificate protocol spec for additional details. |
extensions | Map<string, string> | A map of extensions included in the certificate. Extensions are additional metadata that can be interpreted by the SSH server for any purpose. These can be used to permit or deny the ability to open a terminal, do port forwarding, x11 forwarding, and more. If unspecified, the certificate will include limited permissions with the following extension map: {"permit-pty": "", "permit-user-rc": ""}` OpenSSH understands a number of predefined extensions. See the OpenSSH certificate protocol spec for additional details. |
valid_after | string | the time when the ssh host certificate becomes valid, in RFC 3339 format. |
valid_until | string | the time after which the ssh host certificate becomes invalid, in RFC 3339 format. the OpenSSH certificates RFC calls this valid_before.` |
certificate | string | the signed SSH certificate in OpenSSH Authorized Keys Format. this value should be placed in a -cert.pub certificate file on disk that should be referenced in your sshd_config configuration file with a HostCertificate directive |
TCP Address
tcp_address_created.v0
Triggers when a TCP address is created
| Field | Type | Description |
|---|---|---|
id | string | unique reserved address resource identifier |
uri | string | URI of the reserved address API resource |
created_at | string | timestamp when the reserved address was created, RFC 3339 format |
description | string | human-readable description of what this reserved address will be used for |
metadata | string | arbitrary user-defined machine-readable data of this reserved address. Optional, max 4096 bytes. |
addr | string | hostname:port of the reserved address that was assigned at creation time |
region | string | reserve the address in this geographic ngrok region. Optional, default is us. (au, eu, ap, us, us-cal-1, jp, in, sa) |
tcp_address_deleted.v0
Triggers when a TCP address is deleted
| Field | Type | Description |
|---|---|---|
id | string | unique reserved address resource identifier |
uri | string | URI of the reserved address API resource |
created_at | string | timestamp when the reserved address was created, RFC 3339 format |
description | string | human-readable description of what this reserved address will be used for |
metadata | string | arbitrary user-defined machine-readable data of this reserved address. Optional, max 4096 bytes. |
addr | string | hostname:port of the reserved address that was assigned at creation time |
region | string | reserve the address in this geographic ngrok region. Optional, default is us. (au, eu, ap, us, us-cal-1, jp, in, sa) |
tcp_address_updated.v0
Triggers when a TCP address is updated
| Field | Type | Description |
|---|---|---|
id | string | unique reserved address resource identifier |
uri | string | URI of the reserved address API resource |
created_at | string | timestamp when the reserved address was created, RFC 3339 format |
description | string | human-readable description of what this reserved address will be used for |
metadata | string | arbitrary user-defined machine-readable data of this reserved address. Optional, max 4096 bytes. |
addr | string | hostname:port of the reserved address that was assigned at creation time |
region | string | reserve the address in this geographic ngrok region. Optional, default is us. (au, eu, ap, us, us-cal-1, jp, in, sa) |
TLS Certificate
tls_certificate_created.v0
Triggers when a TLS certificate is created
| Field | Type | Description |
|---|---|---|
id | string | unique identifier for this TLS certificate |
uri | string | URI of the TLS certificate API resource |
created_at | string | timestamp when the TLS certificate was created, RFC 3339 format |
description | string | human-readable description of this TLS certificate. optional, max 255 bytes. |
metadata | string | arbitrary user-defined machine-readable data of this TLS certificate. optional, max 4096 bytes. |
certificate_pem | string | chain of PEM-encoded certificates, leaf first. See Certificate Bundles. |
subject_common_name | string | subject common name from the leaf of this TLS certificate |
subject_alternative_names.dns_names | List<string> | set of additional domains (including wildcards) this TLS certificate is valid for |
subject_alternative_names.ips | List<string> | set of IP addresses this TLS certificate is also valid for |
issued_at | string | timestamp (in RFC 3339 format) when this TLS certificate was issued automatically, or null if this certificate was user-uploaded |
not_before | string | timestamp when this TLS certificate becomes valid, RFC 3339 format |
not_after | string | timestamp when this TLS certificate becomes invalid, RFC 3339 format |
key_usages | List<string> | set of actions the private key of this TLS certificate can be used for |
extended_key_usages | List<string> | extended set of actions the private key of this TLS certificate can be used for |
private_key_type | string | type of the private key of this TLS certificate. One of rsa, ecdsa, or ed25519. |
issuer_common_name | string | issuer common name from the leaf of this TLS certificate |
serial_number | string | serial number of the leaf of this TLS certificate |
subject_organization | string | subject organization from the leaf of this TLS certificate |
subject_organizational_unit | string | subject organizational unit from the leaf of this TLS certificate |
subject_locality | string | subject locality from the leaf of this TLS certificate |
subject_province | string | subject province from the leaf of this TLS certificate |
subject_country | string | subject country from the leaf of this TLS certificate |
tls_certificate_deleted.v0
Triggers when a TLS certificate is deleted
| Field | Type | Description |
|---|---|---|
id | string | unique identifier for this TLS certificate |
uri | string | URI of the TLS certificate API resource |
created_at | string | timestamp when the TLS certificate was created, RFC 3339 format |
description | string | human-readable description of this TLS certificate. optional, max 255 bytes. |
metadata | string | arbitrary user-defined machine-readable data of this TLS certificate. optional, max 4096 bytes. |
certificate_pem | string | chain of PEM-encoded certificates, leaf first. See Certificate Bundles. |
subject_common_name | string | subject common name from the leaf of this TLS certificate |
subject_alternative_names.dns_names | List<string> | set of additional domains (including wildcards) this TLS certificate is valid for |
subject_alternative_names.ips | List<string> | set of IP addresses this TLS certificate is also valid for |
issued_at | string | timestamp (in RFC 3339 format) when this TLS certificate was issued automatically, or null if this certificate was user-uploaded |
not_before | string | timestamp when this TLS certificate becomes valid, RFC 3339 format |
not_after | string | timestamp when this TLS certificate becomes invalid, RFC 3339 format |
key_usages | List<string> | set of actions the private key of this TLS certificate can be used for |
extended_key_usages | List<string> | extended set of actions the private key of this TLS certificate can be used for |
private_key_type | string | type of the private key of this TLS certificate. One of rsa, ecdsa, or ed25519. |
issuer_common_name | string | issuer common name from the leaf of this TLS certificate |
serial_number | string | serial number of the leaf of this TLS certificate |
subject_organization | string | subject organization from the leaf of this TLS certificate |
subject_organizational_unit | string | subject organizational unit from the leaf of this TLS certificate |
subject_locality | string | subject locality from the leaf of this TLS certificate |
subject_province | string | subject province from the leaf of this TLS certificate |
subject_country | string | subject country from the leaf of this TLS certificate |
tls_certificate_updated.v0
Triggers when a TLS certificate is updated
| Field | Type | Description |
|---|---|---|
id | string | unique identifier for this TLS certificate |
uri | string | URI of the TLS certificate API resource |
created_at | string | timestamp when the TLS certificate was created, RFC 3339 format |
description | string | human-readable description of this TLS certificate. optional, max 255 bytes. |
metadata | string | arbitrary user-defined machine-readable data of this TLS certificate. optional, max 4096 bytes. |
certificate_pem | string | chain of PEM-encoded certificates, leaf first. See Certificate Bundles. |
subject_common_name | string | subject common name from the leaf of this TLS certificate |
subject_alternative_names.dns_names | List<string> | set of additional domains (including wildcards) this TLS certificate is valid for |
subject_alternative_names.ips | List<string> | set of IP addresses this TLS certificate is also valid for |
issued_at | string | timestamp (in RFC 3339 format) when this TLS certificate was issued automatically, or null if this certificate was user-uploaded |
not_before | string | timestamp when this TLS certificate becomes valid, RFC 3339 format |
not_after | string | timestamp when this TLS certificate becomes invalid, RFC 3339 format |
key_usages | List<string> | set of actions the private key of this TLS certificate can be used for |
extended_key_usages | List<string> | extended set of actions the private key of this TLS certificate can be used for |
private_key_type | string | type of the private key of this TLS certificate. One of rsa, ecdsa, or ed25519. |
issuer_common_name | string | issuer common name from the leaf of this TLS certificate |
serial_number | string | serial number of the leaf of this TLS certificate |
subject_organization | string | subject organization from the leaf of this TLS certificate |
subject_organizational_unit | string | subject organizational unit from the leaf of this TLS certificate |
subject_locality | string | subject locality from the leaf of this TLS certificate |
subject_province | string | subject province from the leaf of this TLS certificate |
subject_country | string | subject country from the leaf of this TLS certificate |
Tunnel Credential
tunnel_credential_created.v0
Triggers when a tunnel credential is created
| Field | Type | Description |
|---|---|---|
id | string | unique tunnel credential resource identifier |
uri | string | URI of the tunnel credential API resource |
created_at | string | timestamp when the tunnel credential was created, RFC 3339 format |
description | string | human-readable description of who or what will use the credential to authenticate. Optional, max 255 bytes. |
metadata | string | arbitrary user-defined machine-readable data of this credential. Optional, max 4096 bytes. |
token | string | the credential’s authtoken that can be used to authenticate an ngrok agent. This value is only available one time, on the API response from credential creation, otherwise it is null. |
acl | List<string> | optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the bind rule. The bind rule allows the caller to restrict what domains and addresses the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule bind:example.ngrok.io. Bind rules may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of bind:_.example.com which will allow x.example.com, y.example.com, _.example.com, etc. A rule of '\*' is equivalent to no acl at all and will explicitly permit all actions. |
tunnel_credential_deleted.v0
Triggers when a tunnel credential is deleted
| Field | Type | Description |
|---|---|---|
id | string | unique tunnel credential resource identifier |
uri | string | URI of the tunnel credential API resource |
created_at | string | timestamp when the tunnel credential was created, RFC 3339 format |
description | string | human-readable description of who or what will use the credential to authenticate. Optional, max 255 bytes. |
metadata | string | arbitrary user-defined machine-readable data of this credential. Optional, max 4096 bytes. |
token | string | the credential’s authtoken that can be used to authenticate an ngrok agent. This value is only available one time, on the API response from credential creation, otherwise it is null. |
acl | List<string> | optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the bind rule. The bind rule allows the caller to restrict what domains and addresses the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule bind:example.ngrok.io. Bind rules may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of bind:_.example.com which will allow x.example.com, y.example.com, _.example.com, etc. A rule of '\*' is equivalent to no acl at all and will explicitly permit all actions. |
tunnel_credential_updated.v0
Triggers when a tunnel credential is updated
| Field | Type | Description |
|---|---|---|
id | string | unique tunnel credential resource identifier |
uri | string | URI of the tunnel credential API resource |
created_at | string | timestamp when the tunnel credential was created, RFC 3339 format |
description | string | human-readable description of who or what will use the credential to authenticate. Optional, max 255 bytes. |
metadata | string | arbitrary user-defined machine-readable data of this credential. Optional, max 4096 bytes. |
token | string | the credential’s authtoken that can be used to authenticate an ngrok agent. This value is only available one time, on the API response from credential creation, otherwise it is null. |
acl | List<string> | optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the bind rule. The bind rule allows the caller to restrict what domains and addresses the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule bind:example.ngrok.io. Bind rules may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of bind:_.example.com which will allow x.example.com, y.example.com, _.example.com, etc. A rule of '\*' is equivalent to no acl at all and will explicitly permit all actions. |