Universal Gateway

What is the Universal Gateway?

ngrok's Universal Gateway is a suite of common tools for building API and device gateways, identity-aware proxies, and site-to-site connectivity.

What makes it "universal"? The Universal Gateway is a flexible and composable platform that can be used with software running locally or in the cloud, and with devices running on-premises or distributed in the field. You can deliver traffic to internal and public APIs as well as orchestrate traffic across your devices. It's globally distributed by default and provides support across multiple environments with minimal configuration.

Common use cases

Here are some of the most common use cases for the Universal Gateway, from the examples collection:

• The front door pattern: A single public endpoint serves as the centralized entrance to all upstream services.
• Route to endpoints by geography: Forward requests based on IP geolocation data for improved latency or country-specific features.
• Create identity-based rate limits: Pre-tier requests based on your packaging or pricing model.
• Secure a public Minecraft server: Restrict server access to a specific set of IP addresses.
• Intercept and rewrite headers: Intercept 302 redirect headers to preserve UX and agent behavior.

Universal Gateway features

Here are some of the key features of the Universal Gateway platform:

Traffic Policy

ngrok's is a configuration language for filtering, matching, managing, and orchestrating traffic to your endpoints. With a Traffic Policy in place, you can validate incoming traffic, block malicious traffic, rewrite URLs, respond with custom content, and more.

Learn more in the Traffic Policy documentation.

Kubernetes Operator

ngrok's Kubernetes Operator is the best way to build with the Universal Gateway if your applications run in Kubernetes environments. It comes with custom resources for configuration and also supports both ingress resources as well as cross-platform configuration resources. You can use the Operator to integrate Kubernetes workloads with workloads outside of Kubernetes, such as those running on virtual machines, bare metal, embedded devices, and anywhere else you can run ngrok.

Learn more in the Kubernetes Operator documentation.

Traffic observability

The Universal Gateway provides several options for observing the traffic flowing through your endpoints, including the Traffic Inspector and ngrok's event logging system. With Traffic Inspector, you can choose to capture full request and response bodies or just metadata, and replay requests against your endpoints for easy debugging replication. With ngrok's event logging system, you can subscribe to events triggered whenever traffic transits through your endpoints, and publish them to destinations such as AWS Cloudwatch Logs, AWS Firehose, AWS S3, Datadog Logs, and Azure Monitor.

Learn more in the traffic observability documentation.

Identify and access management

ngrok includes a robust identity and access management (IAM) system. With ngrok's IAM functionality, you can manage credentials for human users and automated processes; record all changes by principal in audit logs; configure single sign-on (SS0); and more.

Learn more in the IAM documentation.

What's next?

• Explore key concepts for working with the Universal Gateway such as endpoint types, protocols, bindings, and pooling.
• Check out the Universal Gateway examples collection to see how to implement even more common use cases.
• Proceed to the Guides section to get started with ngrok as an API gateway, device gateway, identity-aware proxy, or for site-to-site connectivity.