> ## Documentation Index
> Fetch the complete documentation index at: https://ngrok.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# ngrok Agent CLI API Commands

With the ngrok agent CLI, you can use built-in commands to interact with the ngrok API.
For more information about the ngrok API and interfacing with it directly, see [the ngrok api page](../api).

<Tip>
  If you want to programmatically control the ngrok agent, the [Agent
  SDKs](/agent-sdks/) are usually a more flexible and powerful choice.
</Tip>

## ngrok api

The api command provides access to ngrok's API. You can use the API through
one of the api subcommmands.

All api subcommands require an API key. You can configure it either through
a command flag (--api-key) or add it in ngrok's configuration file (api\_key).

You can get the initial API key at [https://dashboard.ngrok.com/api](https://dashboard.ngrok.com/api).
Additional keys can be created through 'ngrok api api-key create' subcommand.

### SubCommands

| Command                                                               | Description                                                                               |
| --------------------------------------------------------------------- | ----------------------------------------------------------------------------------------- |
| [abuse-reports](#ngrok-api-abuse-reports)                             | Abuse Reports allow you to submit take-down requests for URLs hosted by ngrok that...     |
| [agent-ingresses](#ngrok-api-agent-ingresses)                         |                                                                                           |
| [ai-gateway-api-keys](#ngrok-api-ai-gateway-api-keys)                 | AIGatewayAPIKeys is an api service for managing API keys used to authenticate requests... |
| [ai-gateway-provider-keys](#ngrok-api-ai-gateway-provider-keys)       | AIGatewayProviderKeys is an api service for managing provider keys attached to an AI...   |
| [api-keys](#ngrok-api-api-keys)                                       | API Keys are used to authenticate to the ngrok API ([https://ngrok](https://ngrok)        |
| [application-sessions](#ngrok-api-application-sessions)               |                                                                                           |
| [application-users](#ngrok-api-application-users)                     |                                                                                           |
| [backends](#ngrok-api-backends)                                       |                                                                                           |
| [bot-users](#ngrok-api-bot-users)                                     |                                                                                           |
| [certificate-authorities](#ngrok-api-certificate-authorities)         | Certificate Authorities are x509 certificates that are used to sign other x509...         |
| [credentials](#ngrok-api-credentials)                                 | Tunnel Credentials are ngrok agent authtokens                                             |
| [edge-modules](#ngrok-api-edge-modules)                               |                                                                                           |
| [edges](#ngrok-api-edges)                                             |                                                                                           |
| [endpoint-configurations](#ngrok-api-endpoint-configurations)         | Endpoint Configurations are a reusable group of modules that encapsulate how traffic...   |
| [endpoints](#ngrok-api-endpoints)                                     | Endpoints provides an API for querying the endpoint objects which define what tunnel...   |
| [event-destinations](#ngrok-api-event-destinations)                   |                                                                                           |
| [event-sources](#ngrok-api-event-sources)                             |                                                                                           |
| [event-subscriptions](#ngrok-api-event-subscriptions)                 |                                                                                           |
| [ip-policies](#ngrok-api-ip-policies)                                 | IP Policies are reusable groups of CIDR ranges with an allow or deny action               |
| [ip-policy-rules](#ngrok-api-ip-policy-rules)                         | IP Policy Rules are the IPv4 or IPv6 CIDRs entries that make up an IP Policy.             |
| [ip-restrictions](#ngrok-api-ip-restrictions)                         | An IP restriction is a restriction placed on the CIDRs that are allowed to initiate...    |
| [kubernetes-operators](#ngrok-api-kubernetes-operators)               | KubernetesOperators is used by the Kubernetes Operator to register and manage its own...  |
| [personal-access-tokens](#ngrok-api-personal-access-tokens)           | Personal Access Tokens (PATs) are bearer credentials that authenticate the ngrok agent... |
| [pointcfg-module](#ngrok-api-pointcfg-module)                         |                                                                                           |
| [reserved-addrs](#ngrok-api-reserved-addrs)                           | Reserved Addresses are TCP addresses that can be used to listen for traffic               |
| [reserved-domains](#ngrok-api-reserved-domains)                       | Reserved Domains are hostnames that you can listen for traffic on                         |
| [root](#ngrok-api-root)                                               |                                                                                           |
| [secrets](#ngrok-api-secrets)                                         | Secrets is an api service for securely storing and managing sensitive data such as...     |
| [service-users](#ngrok-api-service-users)                             |                                                                                           |
| [ssh-certificate-authorities](#ngrok-api-ssh-certificate-authorities) | An SSH Certificate Authority is a pair of an SSH Certificate and its private key that...  |
| [ssh-credentials](#ngrok-api-ssh-credentials)                         | SSH Credentials are SSH public keys that can be used to start SSH tunnels via the...      |
| [ssh-host-certificates](#ngrok-api-ssh-host-certificates)             | SSH Host Certificates along with the corresponding private key allows an SSH server to... |
| [ssh-user-certificates](#ngrok-api-ssh-user-certificates)             | SSH User Certificates are presented by SSH clients when connecting to an SSH server to... |
| [tls-certificates](#ngrok-api-tls-certificates)                       | TLS Certificates are pairs of x509 certificates and their matching private key that...    |
| [tunnel-sessions](#ngrok-api-tunnel-sessions)                         | Tunnel Sessions represent instances of ngrok agents or SSH reverse tunnel sessions...     |
| [tunnels](#ngrok-api-tunnels)                                         | Tunnels provide endpoints to access services exposed by a running ngrok agent tunnel...   |
| [vaults](#ngrok-api-vaults)                                           | Vaults is an api service for securely storing and managing sensitive data such as...      |

### Flags

| Flag       | Description                                       |
| ---------- | ------------------------------------------------- |
| `--config` | path to config files; they are merged if multiple |

## ngrok api abuse-reports

Abuse Reports allow you to submit take-down requests for URLs hosted by
ngrok that violate ngrok's terms of service.

### SubCommands

| Command                                   | Description                                    |
| ----------------------------------------- | ---------------------------------------------- |
| [create](#ngrok-api-abuse-reports-create) | Creates a new abuse report which will be...    |
| [get](#ngrok-api-abuse-reports-get)       | Get the detailed status of abuse report by ID. |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api abuse-reports create

Creates a new abuse report which will be reviewed by our system and abuse response team. This API is only available to authorized accounts. Contact [abuse@ngrok.com](mailto:abuse@ngrok.com) to request access

### Usage

```sh theme={null}
ngrok api abuse-reports create [flags]
```

### Flags

| Flag           | Description                                                                    |
| -------------- | ------------------------------------------------------------------------------ |
| `--metadata`   | arbitrary user-defined data about this abuse report. Optional, max 4096 bytes. |
| `--urls`       | a list of URLs containing suspected abusive content                            |
| `--api-key`    | API key to use                                                                 |
| `--config`     | path to config files; they are merged if multiple                              |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'                                |
| `--log-format` | log record format: 'term', 'logfmt', 'json'                                    |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit'                        |

## ngrok api abuse-reports get

Get the detailed status of abuse report by ID.

### Usage

```sh theme={null}
ngrok api abuse-reports get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api agent-ingresses

### SubCommands

| Command                                     | Description                                    |
| ------------------------------------------- | ---------------------------------------------- |
| [create](#ngrok-api-agent-ingresses-create) | Create a new Agent Ingress                     |
| [delete](#ngrok-api-agent-ingresses-delete) | Delete an Agent Ingress by ID                  |
| [get](#ngrok-api-agent-ingresses-get)       | Get the details of an Agent Ingress by ID.     |
| [list](#ngrok-api-agent-ingresses-list)     | List all Agent Ingresses owned by this account |
| [update](#ngrok-api-agent-ingresses-update) | Update attributes of an Agent Ingress by ID.   |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api agent-ingresses create

Create a new Agent Ingress. The ngrok agent can be configured to connect to ngrok via the new set of addresses on the returned Agent Ingress.

### Usage

```sh theme={null}
ngrok api agent-ingresses create [flags]
```

### Flags

| Flag                                               | Description                                                                                            |
| -------------------------------------------------- | ------------------------------------------------------------------------------------------------------ |
| `--certificate-management-policy.authority`        | certificate authority to request certificates from. The only supported value is letsencrypt.           |
| `--certificate-management-policy.private-key-type` | type of private key to use when requesting certificates. Defaults to rsa, can be either rsa or ecdsa.  |
| `--description`                                    | human-readable description of the use of this Agent Ingress. optional, max 255 bytes.                  |
| `--domain`                                         | the domain that you own to be used as the base domain name to generate regional agent ingress domains. |
| `--metadata`                                       | arbitrary user-defined machine-readable data of this Agent Ingress. optional, max 4096 bytes           |
| `--api-key`                                        | API key to use                                                                                         |
| `--config`                                         | path to config files; they are merged if multiple                                                      |
| `--log`                                            | path to log file, 'stdout', 'stderr' or 'false'                                                        |
| `--log-format`                                     | log record format: 'term', 'logfmt', 'json'                                                            |
| `--log-level`                                      | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                |

## ngrok api agent-ingresses delete

Delete an Agent Ingress by ID

### Usage

```sh theme={null}
ngrok api agent-ingresses delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api agent-ingresses get

Get the details of an Agent Ingress by ID.

### Usage

```sh theme={null}
ngrok api agent-ingresses get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api agent-ingresses list

List all Agent Ingresses owned by this account

### Usage

```sh theme={null}
ngrok api agent-ingresses list [flags]
```

### Flags

| Flag           | Description                                                                                                                                                                                                                                                                                                                                                                               |
| -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--before-id`  | Expects a resource ID as its input. Returns earlier entries in the result set, sorted by ID.                                                                                                                                                                                                                                                                                              |
| `--filter`     | A CEL expression to filter the list results. Supports logical and comparison operators to match on fields such as id, metadata, created\_at, and more. See ngrok API Filtering for syntax and field details: [https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering) ([https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering)). |
| `--limit`      | Constrains the number of results in the dataset. See the API Overview ([https://ngrok.com/docs/api/index#pagination](https://ngrok.com/docs/api/index#pagination)) for details.                                                                                                                                                                                                           |
| `--api-key`    | API key to use                                                                                                                                                                                                                                                                                                                                                                            |
| `--config`     | path to config files; they are merged if multiple                                                                                                                                                                                                                                                                                                                                         |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                                                                                                           |
| `--log-format` | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                                                                                                               |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                                                                                                   |

## ngrok api agent-ingresses update

Update attributes of an Agent Ingress by ID.

### Usage

```sh theme={null}
ngrok api agent-ingresses update <id> [flags]
```

### Flags

| Flag                                               | Description                                                                                           |
| -------------------------------------------------- | ----------------------------------------------------------------------------------------------------- |
| `--certificate-management-policy.authority`        | certificate authority to request certificates from. The only supported value is letsencrypt.          |
| `--certificate-management-policy.private-key-type` | type of private key to use when requesting certificates. Defaults to rsa, can be either rsa or ecdsa. |
| `--description`                                    | human-readable description of the use of this Agent Ingress. optional, max 255 bytes.                 |
| `--metadata`                                       | arbitrary user-defined machine-readable data of this Agent Ingress. optional, max 4096 bytes          |
| `--api-key`                                        | API key to use                                                                                        |
| `--config`                                         | path to config files; they are merged if multiple                                                     |
| `--log`                                            | path to log file, 'stdout', 'stderr' or 'false'                                                       |
| `--log-format`                                     | log record format: 'term', 'logfmt', 'json'                                                           |
| `--log-level`                                      | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                               |

## ngrok api ai-gateway-api-keys

AIGatewayAPIKeys is an api service for managing API keys used to authenticate requests to AI Gateway endpoints.

### SubCommands

| Command                                         | Description                                   |
| ----------------------------------------------- | --------------------------------------------- |
| [create](#ngrok-api-ai-gateway-api-keys-create) | Create a new AI Gateway API Key               |
| [delete](#ngrok-api-ai-gateway-api-keys-delete) | Delete an AI Gateway API Key                  |
| [get](#ngrok-api-ai-gateway-api-keys-get)       | Get an AI Gateway API Key by ID               |
| [list](#ngrok-api-ai-gateway-api-keys-list)     | List all AI Gateway API Keys owned by account |
| [update](#ngrok-api-ai-gateway-api-keys-update) | Update an existing AI Gateway API Key by ID   |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api ai-gateway-api-keys create

Create a new AI Gateway API Key

### Usage

```sh theme={null}
ngrok api ai-gateway-api-keys create [flags]
```

### Flags

| Flag              | Description                                                                 |
| ----------------- | --------------------------------------------------------------------------- |
| `--description`   | human-readable description of this API key                                  |
| `--endpoint-id`   | unique identifier of the AI Gateway endpoint this key is associated with    |
| `--metadata`      | arbitrary user-defined metadata for this API key                            |
| `--provider-keys` | optional list of provider keys to attach to this managed key at create time |
| `--api-key`       | API key to use                                                              |
| `--config`        | path to config files; they are merged if multiple                           |
| `--log`           | path to log file, 'stdout', 'stderr' or 'false'                             |
| `--log-format`    | log record format: 'term', 'logfmt', 'json'                                 |
| `--log-level`     | logging level: 'debug', 'info', 'warn', 'error', 'crit'                     |

## ngrok api ai-gateway-api-keys delete

Delete an AI Gateway API Key

### Usage

```sh theme={null}
ngrok api ai-gateway-api-keys delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api ai-gateway-api-keys get

Get an AI Gateway API Key by ID

### Usage

```sh theme={null}
ngrok api ai-gateway-api-keys get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api ai-gateway-api-keys list

List all AI Gateway API Keys owned by account

### Usage

```sh theme={null}
ngrok api ai-gateway-api-keys list [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--before-id`  |                                                         |
| `--limit`      |                                                         |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api ai-gateway-api-keys update

Update an existing AI Gateway API Key by ID

### Usage

```sh theme={null}
ngrok api ai-gateway-api-keys update <id> [flags]
```

### Flags

| Flag            | Description                                                             |
| --------------- | ----------------------------------------------------------------------- |
| `--description` | human-readable description of this API key                              |
| `--endpoint-id` | unique identifier of the AI Gateway endpoint to associate this key with |
| `--metadata`    | arbitrary user-defined metadata for this API key                        |
| `--api-key`     | API key to use                                                          |
| `--config`      | path to config files; they are merged if multiple                       |
| `--log`         | path to log file, 'stdout', 'stderr' or 'false'                         |
| `--log-format`  | log record format: 'term', 'logfmt', 'json'                             |
| `--log-level`   | logging level: 'debug', 'info', 'warn', 'error', 'crit'                 |

## ngrok api ai-gateway-provider-keys

AIGatewayProviderKeys is an api service for managing provider keys attached to an AI Gateway API Key.

### SubCommands

| Command                                              | Description                                      |
| ---------------------------------------------------- | ------------------------------------------------ |
| [create](#ngrok-api-ai-gateway-provider-keys-create) | Create a new AI Gateway Provider Key             |
| [delete](#ngrok-api-ai-gateway-provider-keys-delete) | Delete an AI Gateway Provider Key                |
| [get](#ngrok-api-ai-gateway-provider-keys-get)       | Get an AI Gateway Provider Key by ID             |
| [list](#ngrok-api-ai-gateway-provider-keys-list)     | List AI Gateway Provider Keys                    |
| [update](#ngrok-api-ai-gateway-provider-keys-update) | Update an existing AI Gateway Provider Key by ID |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api ai-gateway-provider-keys create

Create a new AI Gateway Provider Key

### Usage

```sh theme={null}
ngrok api ai-gateway-provider-keys create [flags]
```

### Flags

| Flag                      | Description                                                                  |
| ------------------------- | ---------------------------------------------------------------------------- |
| `--ai-gateway-api-key-id` | unique identifier of the AI Gateway API Key this provider key is attached to |
| `--description`           | human-readable description of this provider key                              |
| `--metadata`              | arbitrary user-defined metadata for this provider key                        |
| `--provider-id`           | which AI provider this key is for, e.g. "openai", "anthropic"                |
| `--value`                 | plaintext provider key value — write-only input                              |
| `--api-key`               | API key to use                                                               |
| `--config`                | path to config files; they are merged if multiple                            |
| `--log`                   | path to log file, 'stdout', 'stderr' or 'false'                              |
| `--log-format`            | log record format: 'term', 'logfmt', 'json'                                  |
| `--log-level`             | logging level: 'debug', 'info', 'warn', 'error', 'crit'                      |

## ngrok api ai-gateway-provider-keys delete

Delete an AI Gateway Provider Key

### Usage

```sh theme={null}
ngrok api ai-gateway-provider-keys delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api ai-gateway-provider-keys get

Get an AI Gateway Provider Key by ID

### Usage

```sh theme={null}
ngrok api ai-gateway-provider-keys get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api ai-gateway-provider-keys list

List AI Gateway Provider Keys

### Usage

```sh theme={null}
ngrok api ai-gateway-provider-keys list [flags]
```

### Flags

| Flag                      | Description                                                                                  |
| ------------------------- | -------------------------------------------------------------------------------------------- |
| `--ai-gateway-api-key-id` | Filter by the AI Gateway API Key ID this provider key is attached to.                        |
| `--before-id`             | Expects a resource ID as its input. Returns earlier entries in the result set, sorted by ID. |
| `--limit`                 | Constrains the number of results in the dataset.                                             |
| `--api-key`               | API key to use                                                                               |
| `--config`                | path to config files; they are merged if multiple                                            |
| `--log`                   | path to log file, 'stdout', 'stderr' or 'false'                                              |
| `--log-format`            | log record format: 'term', 'logfmt', 'json'                                                  |
| `--log-level`             | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                      |

## ngrok api ai-gateway-provider-keys update

Update an existing AI Gateway Provider Key by ID

### Usage

```sh theme={null}
ngrok api ai-gateway-provider-keys update <id> [flags]
```

### Flags

| Flag            | Description                                             |
| --------------- | ------------------------------------------------------- |
| `--description` | human-readable description of this provider key         |
| `--metadata`    | arbitrary user-defined metadata for this provider key   |
| `--api-key`     | API key to use                                          |
| `--config`      | path to config files; they are merged if multiple       |
| `--log`         | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format`  | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`   | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api api-keys

API Keys are used to authenticate to the ngrok
API ([https://ngrok.com/docs/api#authentication](https://ngrok.com/docs/api#authentication)). You may use the API itself
to provision and manage API Keys but you'll need to provision your first API
key from the API Keys page ([https://dashboard.ngrok.com/api/keys](https://dashboard.ngrok.com/api/keys)) on your
ngrok.com dashboard.

### SubCommands

| Command                              | Description                             |
| ------------------------------------ | --------------------------------------- |
| [create](#ngrok-api-api-keys-create) | Create a new API key                    |
| [delete](#ngrok-api-api-keys-delete) | Delete an API key by ID                 |
| [get](#ngrok-api-api-keys-get)       | Get the details of an API key by ID.    |
| [list](#ngrok-api-api-keys-list)     | List all API keys owned by this account |
| [update](#ngrok-api-api-keys-update) | Update attributes of an API key by ID.  |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api api-keys create

Create a new API key. The generated API key can be used to authenticate to the ngrok API.

### Usage

```sh theme={null}
ngrok api api-keys create [flags]
```

### Flags

| Flag            | Description                                                                                                                                                                                         |
| --------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--description` | human-readable description of what uses the API key to authenticate. optional, max 255 bytes.                                                                                                       |
| `--metadata`    | arbitrary user-defined data of this API key. optional, max 4096 bytes                                                                                                                               |
| `--owner-email` | If supplied at credential creation, ownership will be assigned to the specified User. Only admins may specify an owner other than themselves. Both owner\_id and owner\_email may not be specified. |
| `--owner-id`    | If supplied at credential creation, ownership will be assigned to the specified User or Bot. Only admins may specify an owner other than themselves. Defaults to the authenticated User or Bot.     |
| `--api-key`     | API key to use                                                                                                                                                                                      |
| `--config`      | path to config files; they are merged if multiple                                                                                                                                                   |
| `--log`         | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                     |
| `--log-format`  | log record format: 'term', 'logfmt', 'json'                                                                                                                                                         |
| `--log-level`   | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                             |

## ngrok api api-keys delete

Delete an API key by ID

### Usage

```sh theme={null}
ngrok api api-keys delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api api-keys get

Get the details of an API key by ID.

### Usage

```sh theme={null}
ngrok api api-keys get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api api-keys list

List all API keys owned by this account

### Usage

```sh theme={null}
ngrok api api-keys list [flags]
```

### Flags

| Flag           | Description                                                                                                                                                                                                                                                                                                                                                                               |
| -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--before-id`  | Expects a resource ID as its input. Returns earlier entries in the result set, sorted by ID.                                                                                                                                                                                                                                                                                              |
| `--filter`     | A CEL expression to filter the list results. Supports logical and comparison operators to match on fields such as id, metadata, created\_at, and more. See ngrok API Filtering for syntax and field details: [https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering) ([https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering)). |
| `--limit`      | Constrains the number of results in the dataset. See the API Overview ([https://ngrok.com/docs/api/index#pagination](https://ngrok.com/docs/api/index#pagination)) for details.                                                                                                                                                                                                           |
| `--api-key`    | API key to use                                                                                                                                                                                                                                                                                                                                                                            |
| `--config`     | path to config files; they are merged if multiple                                                                                                                                                                                                                                                                                                                                         |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                                                                                                           |
| `--log-format` | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                                                                                                               |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                                                                                                   |

## ngrok api api-keys update

Update attributes of an API key by ID.

### Usage

```sh theme={null}
ngrok api api-keys update <id> [flags]
```

### Flags

| Flag            | Description                                                                                   |
| --------------- | --------------------------------------------------------------------------------------------- |
| `--description` | human-readable description of what uses the API key to authenticate. optional, max 255 bytes. |
| `--metadata`    | arbitrary user-defined data of this API key. optional, max 4096 bytes                         |
| `--api-key`     | API key to use                                                                                |
| `--config`      | path to config files; they are merged if multiple                                             |
| `--log`         | path to log file, 'stdout', 'stderr' or 'false'                                               |
| `--log-format`  | log record format: 'term', 'logfmt', 'json'                                                   |
| `--log-level`   | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                       |

## ngrok api application-sessions

### SubCommands

| Command                                          | Description                                     |
| ------------------------------------------------ | ----------------------------------------------- |
| [delete](#ngrok-api-application-sessions-delete) | Delete an application session by ID.            |
| [get](#ngrok-api-application-sessions-get)       | Get an application session by ID.               |
| [list](#ngrok-api-application-sessions-list)     | List all application sessions for this account. |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api application-sessions delete

Delete an application session by ID.

### Usage

```sh theme={null}
ngrok api application-sessions delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api application-sessions get

Get an application session by ID.

### Usage

```sh theme={null}
ngrok api application-sessions get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api application-sessions list

List all application sessions for this account.

### Usage

```sh theme={null}
ngrok api application-sessions list [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--before-id`  |                                                         |
| `--limit`      |                                                         |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api application-users

### SubCommands

| Command                                       | Description                                  |
| --------------------------------------------- | -------------------------------------------- |
| [delete](#ngrok-api-application-users-delete) | Delete an application user by ID.            |
| [get](#ngrok-api-application-users-get)       | Get an application user by ID.               |
| [list](#ngrok-api-application-users-list)     | List all application users for this account. |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api application-users delete

Delete an application user by ID.

### Usage

```sh theme={null}
ngrok api application-users delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api application-users get

Get an application user by ID.

### Usage

```sh theme={null}
ngrok api application-users get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api application-users list

List all application users for this account.

### Usage

```sh theme={null}
ngrok api application-users list [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--before-id`  |                                                         |
| `--limit`      |                                                         |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api backends

### SubCommands

| Command                                              | Description                                                                              |
| ---------------------------------------------------- | ---------------------------------------------------------------------------------------- |
| [failover](#ngrok-api-backends-failover)             | A Failover backend defines failover behavior within a list of referenced backends        |
| [http-response](#ngrok-api-backends-http-response)   |                                                                                          |
| [static-address](#ngrok-api-backends-static-address) | A static backend sends traffic to a TCP address (hostname and port) that is reachable... |
| [tunnel-group](#ngrok-api-backends-tunnel-group)     | A Tunnel Group Backend balances traffic among all online tunnels that match a label...   |
| [weighted](#ngrok-api-backends-weighted)             | A Weighted Backend balances traffic among the referenced backends                        |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api backends failover

A Failover backend defines failover behavior within a list of referenced
backends. Traffic is sent to the first backend in the list. If that backend
is offline or no connection can be established, ngrok attempts to connect to
the next backend in the list until one is successful.

### SubCommands

| Command                                       | Description                                  |
| --------------------------------------------- | -------------------------------------------- |
| [create](#ngrok-api-backends-failover-create) | Create a new Failover backend                |
| [delete](#ngrok-api-backends-failover-delete) | Delete a Failover backend by ID.             |
| [get](#ngrok-api-backends-failover-get)       | Get detailed information about a Failover... |
| [list](#ngrok-api-backends-failover-list)     | List all Failover backends on this account   |
| [update](#ngrok-api-backends-failover-update) | Update Failover backend by ID                |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api backends failover create

Create a new Failover backend

### Usage

```sh theme={null}
ngrok api backends failover create [flags]
```

### Flags

| Flag            | Description                                                            |
| --------------- | ---------------------------------------------------------------------- |
| `--backends`    | the ids of the child backends in order                                 |
| `--description` | human-readable description of this backend. Optional                   |
| `--metadata`    | arbitrary user-defined machine-readable data of this backend. Optional |
| `--api-key`     | API key to use                                                         |
| `--config`      | path to config files; they are merged if multiple                      |
| `--log`         | path to log file, 'stdout', 'stderr' or 'false'                        |
| `--log-format`  | log record format: 'term', 'logfmt', 'json'                            |
| `--log-level`   | logging level: 'debug', 'info', 'warn', 'error', 'crit'                |

## ngrok api backends failover delete

Delete a Failover backend by ID.

### Usage

```sh theme={null}
ngrok api backends failover delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api backends failover get

Get detailed information about a Failover backend by ID

### Usage

```sh theme={null}
ngrok api backends failover get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api backends failover list

List all Failover backends on this account

### Usage

```sh theme={null}
ngrok api backends failover list [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--before-id`  |                                                         |
| `--limit`      |                                                         |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api backends failover update

Update Failover backend by ID

### Usage

```sh theme={null}
ngrok api backends failover update <id> [flags]
```

### Flags

| Flag            | Description                                                            |
| --------------- | ---------------------------------------------------------------------- |
| `--backends`    | the ids of the child backends in order                                 |
| `--description` | human-readable description of this backend. Optional                   |
| `--metadata`    | arbitrary user-defined machine-readable data of this backend. Optional |
| `--api-key`     | API key to use                                                         |
| `--config`      | path to config files; they are merged if multiple                      |
| `--log`         | path to log file, 'stdout', 'stderr' or 'false'                        |
| `--log-format`  | log record format: 'term', 'logfmt', 'json'                            |
| `--log-level`   | logging level: 'debug', 'info', 'warn', 'error', 'crit'                |

## ngrok api backends http-response

### SubCommands

| Command                                            | Description |
| -------------------------------------------------- | ----------- |
| [create](#ngrok-api-backends-http-response-create) |             |
| [delete](#ngrok-api-backends-http-response-delete) |             |
| [get](#ngrok-api-backends-http-response-get)       |             |
| [list](#ngrok-api-backends-http-response-list)     |             |
| [update](#ngrok-api-backends-http-response-update) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api backends http-response create

### Usage

```sh theme={null}
ngrok api backends http-response create [flags]
```

### Flags

| Flag            | Description                                                            |
| --------------- | ---------------------------------------------------------------------- |
| `--body`        | body to return as fixed content                                        |
| `--description` | human-readable description of this backend. Optional                   |
| `--headers`     | headers to return                                                      |
| `--metadata`    | arbitrary user-defined machine-readable data of this backend. Optional |
| `--status-code` | status code to return                                                  |
| `--api-key`     | API key to use                                                         |
| `--config`      | path to config files; they are merged if multiple                      |
| `--log`         | path to log file, 'stdout', 'stderr' or 'false'                        |
| `--log-format`  | log record format: 'term', 'logfmt', 'json'                            |
| `--log-level`   | logging level: 'debug', 'info', 'warn', 'error', 'crit'                |

## ngrok api backends http-response delete

### Usage

```sh theme={null}
ngrok api backends http-response delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api backends http-response get

### Usage

```sh theme={null}
ngrok api backends http-response get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api backends http-response list

### Usage

```sh theme={null}
ngrok api backends http-response list [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--before-id`  |                                                         |
| `--limit`      |                                                         |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api backends http-response update

### Usage

```sh theme={null}
ngrok api backends http-response update <id> [flags]
```

### Flags

| Flag            | Description                                                            |
| --------------- | ---------------------------------------------------------------------- |
| `--body`        | body to return as fixed content                                        |
| `--description` | human-readable description of this backend. Optional                   |
| `--headers`     | headers to return                                                      |
| `--metadata`    | arbitrary user-defined machine-readable data of this backend. Optional |
| `--status-code` | status code to return                                                  |
| `--api-key`     | API key to use                                                         |
| `--config`      | path to config files; they are merged if multiple                      |
| `--log`         | path to log file, 'stdout', 'stderr' or 'false'                        |
| `--log-format`  | log record format: 'term', 'logfmt', 'json'                            |
| `--log-level`   | logging level: 'debug', 'info', 'warn', 'error', 'crit'                |

## ngrok api backends static-address

A static backend sends traffic to a TCP address (hostname and port) that
is reachable on the public internet.

### SubCommands

| Command                                             | Description                                |
| --------------------------------------------------- | ------------------------------------------ |
| [create](#ngrok-api-backends-static-address-create) | Create a new static backend                |
| [delete](#ngrok-api-backends-static-address-delete) | Delete a static backend by ID.             |
| [get](#ngrok-api-backends-static-address-get)       | Get detailed information about a static... |
| [list](#ngrok-api-backends-static-address-list)     | List all static backends on this account   |
| [update](#ngrok-api-backends-static-address-update) | Update static backend by ID                |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api backends static-address create

Create a new static backend

### Usage

```sh theme={null}
ngrok api backends static-address create [flags]
```

### Flags

| Flag            | Description                                                            |
| --------------- | ---------------------------------------------------------------------- |
| `--address`     | the address to forward to                                              |
| `--description` | human-readable description of this backend. Optional                   |
| `--metadata`    | arbitrary user-defined machine-readable data of this backend. Optional |
| `--tls.enabled` | if TLS is checked                                                      |
| `--api-key`     | API key to use                                                         |
| `--config`      | path to config files; they are merged if multiple                      |
| `--log`         | path to log file, 'stdout', 'stderr' or 'false'                        |
| `--log-format`  | log record format: 'term', 'logfmt', 'json'                            |
| `--log-level`   | logging level: 'debug', 'info', 'warn', 'error', 'crit'                |

## ngrok api backends static-address delete

Delete a static backend by ID.

### Usage

```sh theme={null}
ngrok api backends static-address delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api backends static-address get

Get detailed information about a static backend by ID

### Usage

```sh theme={null}
ngrok api backends static-address get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api backends static-address list

List all static backends on this account

### Usage

```sh theme={null}
ngrok api backends static-address list [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--before-id`  |                                                         |
| `--limit`      |                                                         |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api backends static-address update

Update static backend by ID

### Usage

```sh theme={null}
ngrok api backends static-address update <id> [flags]
```

### Flags

| Flag            | Description                                                            |
| --------------- | ---------------------------------------------------------------------- |
| `--address`     | the address to forward to                                              |
| `--description` | human-readable description of this backend. Optional                   |
| `--metadata`    | arbitrary user-defined machine-readable data of this backend. Optional |
| `--tls.enabled` | if TLS is checked                                                      |
| `--api-key`     | API key to use                                                         |
| `--config`      | path to config files; they are merged if multiple                      |
| `--log`         | path to log file, 'stdout', 'stderr' or 'false'                        |
| `--log-format`  | log record format: 'term', 'logfmt', 'json'                            |
| `--log-level`   | logging level: 'debug', 'info', 'warn', 'error', 'crit'                |

## ngrok api backends tunnel-group

A Tunnel Group Backend balances traffic among all online tunnels that match
a label selector.

### SubCommands

| Command                                           | Description                                     |
| ------------------------------------------------- | ----------------------------------------------- |
| [create](#ngrok-api-backends-tunnel-group-create) | Create a new TunnelGroup backend                |
| [delete](#ngrok-api-backends-tunnel-group-delete) | Delete a TunnelGroup backend by ID.             |
| [get](#ngrok-api-backends-tunnel-group-get)       | Get detailed information about a TunnelGroup... |
| [list](#ngrok-api-backends-tunnel-group-list)     | List all TunnelGroup backends on this account   |
| [update](#ngrok-api-backends-tunnel-group-update) | Update TunnelGroup backend by ID                |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api backends tunnel-group create

Create a new TunnelGroup backend

### Usage

```sh theme={null}
ngrok api backends tunnel-group create [flags]
```

### Flags

| Flag            | Description                                                            |
| --------------- | ---------------------------------------------------------------------- |
| `--description` | human-readable description of this backend. Optional                   |
| `--labels`      | labels to watch for tunnels on, e.g. app->foo, dc->bar                 |
| `--metadata`    | arbitrary user-defined machine-readable data of this backend. Optional |
| `--api-key`     | API key to use                                                         |
| `--config`      | path to config files; they are merged if multiple                      |
| `--log`         | path to log file, 'stdout', 'stderr' or 'false'                        |
| `--log-format`  | log record format: 'term', 'logfmt', 'json'                            |
| `--log-level`   | logging level: 'debug', 'info', 'warn', 'error', 'crit'                |

## ngrok api backends tunnel-group delete

Delete a TunnelGroup backend by ID.

### Usage

```sh theme={null}
ngrok api backends tunnel-group delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api backends tunnel-group get

Get detailed information about a TunnelGroup backend by ID

### Usage

```sh theme={null}
ngrok api backends tunnel-group get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api backends tunnel-group list

List all TunnelGroup backends on this account

### Usage

```sh theme={null}
ngrok api backends tunnel-group list [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--before-id`  |                                                         |
| `--limit`      |                                                         |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api backends tunnel-group update

Update TunnelGroup backend by ID

### Usage

```sh theme={null}
ngrok api backends tunnel-group update <id> [flags]
```

### Flags

| Flag            | Description                                                            |
| --------------- | ---------------------------------------------------------------------- |
| `--description` | human-readable description of this backend. Optional                   |
| `--labels`      | labels to watch for tunnels on, e.g. app->foo, dc->bar                 |
| `--metadata`    | arbitrary user-defined machine-readable data of this backend. Optional |
| `--api-key`     | API key to use                                                         |
| `--config`      | path to config files; they are merged if multiple                      |
| `--log`         | path to log file, 'stdout', 'stderr' or 'false'                        |
| `--log-format`  | log record format: 'term', 'logfmt', 'json'                            |
| `--log-level`   | logging level: 'debug', 'info', 'warn', 'error', 'crit'                |

## ngrok api backends weighted

A Weighted Backend balances traffic among the referenced backends. Traffic
is assigned proportionally to each based on its weight. The percentage of
traffic is calculated by dividing a backend's weight by the sum of all
weights.

### SubCommands

| Command                                       | Description                                  |
| --------------------------------------------- | -------------------------------------------- |
| [create](#ngrok-api-backends-weighted-create) | Create a new Weighted backend                |
| [delete](#ngrok-api-backends-weighted-delete) | Delete a Weighted backend by ID.             |
| [get](#ngrok-api-backends-weighted-get)       | Get detailed information about a Weighted... |
| [list](#ngrok-api-backends-weighted-list)     | List all Weighted backends on this account   |
| [update](#ngrok-api-backends-weighted-update) | Update Weighted backend by ID                |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api backends weighted create

Create a new Weighted backend

### Usage

```sh theme={null}
ngrok api backends weighted create [flags]
```

### Flags

| Flag            | Description                                                            |
| --------------- | ---------------------------------------------------------------------- |
| `--backends`    | the ids of the child backends to their weights \[0-10000]              |
| `--description` | human-readable description of this backend. Optional                   |
| `--metadata`    | arbitrary user-defined machine-readable data of this backend. Optional |
| `--api-key`     | API key to use                                                         |
| `--config`      | path to config files; they are merged if multiple                      |
| `--log`         | path to log file, 'stdout', 'stderr' or 'false'                        |
| `--log-format`  | log record format: 'term', 'logfmt', 'json'                            |
| `--log-level`   | logging level: 'debug', 'info', 'warn', 'error', 'crit'                |

## ngrok api backends weighted delete

Delete a Weighted backend by ID.

### Usage

```sh theme={null}
ngrok api backends weighted delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api backends weighted get

Get detailed information about a Weighted backend by ID

### Usage

```sh theme={null}
ngrok api backends weighted get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api backends weighted list

List all Weighted backends on this account

### Usage

```sh theme={null}
ngrok api backends weighted list [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--before-id`  |                                                         |
| `--limit`      |                                                         |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api backends weighted update

Update Weighted backend by ID

### Usage

```sh theme={null}
ngrok api backends weighted update <id> [flags]
```

### Flags

| Flag            | Description                                                            |
| --------------- | ---------------------------------------------------------------------- |
| `--backends`    | the ids of the child backends to their weights \[0-10000]              |
| `--description` | human-readable description of this backend. Optional                   |
| `--metadata`    | arbitrary user-defined machine-readable data of this backend. Optional |
| `--api-key`     | API key to use                                                         |
| `--config`      | path to config files; they are merged if multiple                      |
| `--log`         | path to log file, 'stdout', 'stderr' or 'false'                        |
| `--log-format`  | log record format: 'term', 'logfmt', 'json'                            |
| `--log-level`   | logging level: 'debug', 'info', 'warn', 'error', 'crit'                |

## ngrok api bot-users

### SubCommands

| Command                               | Description                            |
| ------------------------------------- | -------------------------------------- |
| [create](#ngrok-api-bot-users-create) | Create a new bot user                  |
| [delete](#ngrok-api-bot-users-delete) | Delete a bot user by ID                |
| [get](#ngrok-api-bot-users-get)       | Get the details of a Bot User by ID.   |
| [list](#ngrok-api-bot-users-list)     | List all bot users in this account.    |
| [update](#ngrok-api-bot-users-update) | Update attributes of a bot user by ID. |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api bot-users create

Create a new bot user

### Usage

```sh theme={null}
ngrok api bot-users create [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--active`     | whether or not the service user is active               |
| `--name`       | human-readable name used to identify the service user   |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api bot-users delete

Delete a bot user by ID

### Usage

```sh theme={null}
ngrok api bot-users delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api bot-users get

Get the details of a Bot User by ID.

### Usage

```sh theme={null}
ngrok api bot-users get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api bot-users list

List all bot users in this account.

### Usage

```sh theme={null}
ngrok api bot-users list [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--before-id`  |                                                         |
| `--limit`      |                                                         |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api bot-users update

Update attributes of a bot user by ID.

### Usage

```sh theme={null}
ngrok api bot-users update <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--active`     | whether or not the service user is active               |
| `--name`       | human-readable name used to identify the service user   |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api certificate-authorities

Certificate Authorities are x509 certificates that are used to sign other
x509 certificates. Attach a Certificate Authority to the Mutual TLS module
to verify that the TLS certificate presented by a client has been signed by
this CA. Certificate Authorities  are used only for mTLS validation only and
thus a private key is not included in the resource.

### SubCommands

| Command                                             | Description                                     |
| --------------------------------------------------- | ----------------------------------------------- |
| [create](#ngrok-api-certificate-authorities-create) | Upload a new Certificate Authority              |
| [delete](#ngrok-api-certificate-authorities-delete) | Delete a Certificate Authority                  |
| [get](#ngrok-api-certificate-authorities-get)       | Get detailed information about a certificate... |
| [list](#ngrok-api-certificate-authorities-list)     | List all Certificate Authority on this account  |
| [update](#ngrok-api-certificate-authorities-update) | Update attributes of a Certificate Authority... |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api certificate-authorities create

Upload a new Certificate Authority

### Usage

```sh theme={null}
ngrok api certificate-authorities create [flags]
```

### Flags

| Flag            | Description                                                                                           |
| --------------- | ----------------------------------------------------------------------------------------------------- |
| `--ca-pem`      | raw PEM of the Certificate Authority                                                                  |
| `--description` | human-readable description of this Certificate Authority. optional, max 255 bytes.                    |
| `--metadata`    | arbitrary user-defined machine-readable data of this Certificate Authority. optional, max 4096 bytes. |
| `--api-key`     | API key to use                                                                                        |
| `--config`      | path to config files; they are merged if multiple                                                     |
| `--log`         | path to log file, 'stdout', 'stderr' or 'false'                                                       |
| `--log-format`  | log record format: 'term', 'logfmt', 'json'                                                           |
| `--log-level`   | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                               |

## ngrok api certificate-authorities delete

Delete a Certificate Authority

### Usage

```sh theme={null}
ngrok api certificate-authorities delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api certificate-authorities get

Get detailed information about a certificate authority

### Usage

```sh theme={null}
ngrok api certificate-authorities get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api certificate-authorities list

List all Certificate Authority on this account

### Usage

```sh theme={null}
ngrok api certificate-authorities list [flags]
```

### Flags

| Flag           | Description                                                                                                                                                                                                                                                                                                                                                                               |
| -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--before-id`  | Expects a resource ID as its input. Returns earlier entries in the result set, sorted by ID.                                                                                                                                                                                                                                                                                              |
| `--filter`     | A CEL expression to filter the list results. Supports logical and comparison operators to match on fields such as id, metadata, created\_at, and more. See ngrok API Filtering for syntax and field details: [https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering) ([https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering)). |
| `--limit`      | Constrains the number of results in the dataset. See the API Overview ([https://ngrok.com/docs/api/index#pagination](https://ngrok.com/docs/api/index#pagination)) for details.                                                                                                                                                                                                           |
| `--api-key`    | API key to use                                                                                                                                                                                                                                                                                                                                                                            |
| `--config`     | path to config files; they are merged if multiple                                                                                                                                                                                                                                                                                                                                         |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                                                                                                           |
| `--log-format` | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                                                                                                               |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                                                                                                   |

## ngrok api certificate-authorities update

Update attributes of a Certificate Authority by ID

### Usage

```sh theme={null}
ngrok api certificate-authorities update <id> [flags]
```

### Flags

| Flag            | Description                                                                                           |
| --------------- | ----------------------------------------------------------------------------------------------------- |
| `--description` | human-readable description of this Certificate Authority. optional, max 255 bytes.                    |
| `--metadata`    | arbitrary user-defined machine-readable data of this Certificate Authority. optional, max 4096 bytes. |
| `--api-key`     | API key to use                                                                                        |
| `--config`      | path to config files; they are merged if multiple                                                     |
| `--log`         | path to log file, 'stdout', 'stderr' or 'false'                                                       |
| `--log-format`  | log record format: 'term', 'logfmt', 'json'                                                           |
| `--log-level`   | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                               |

## ngrok api credentials

Tunnel Credentials are ngrok agent authtokens. They authorize the ngrok
agent to connect the ngrok service as your account. They are installed with
the ngrok config add-authtoken command or by specifying it in the ngrok.yml
configuration file with the authtoken property.

### SubCommands

| Command                                 | Description                                      |
| --------------------------------------- | ------------------------------------------------ |
| [create](#ngrok-api-credentials-create) | Create a new tunnel authtoken credential         |
| [delete](#ngrok-api-credentials-delete) | Delete a tunnel authtoken credential by ID       |
| [get](#ngrok-api-credentials-get)       | Get detailed information about a tunnel...       |
| [list](#ngrok-api-credentials-list)     | List all tunnel authtoken credentials on this... |
| [update](#ngrok-api-credentials-update) | Update attributes of an tunnel authtoken...      |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api credentials create

Create a new tunnel authtoken credential. This authtoken credential can be used to start a new tunnel session. The response to this API call is the only time the generated token is available. If you need it for future use, you must save it securely yourself.

### Usage

```sh theme={null}
ngrok api credentials create [flags]
```

### Flags

| Flag                  | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |
| --------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--acl`               | optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the bind rule. The bind rule allows the caller to restrict what domains, addresses, and labels the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule bind:example.ngrok.io. Bind rules for domains may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of bind:*.example.com which will allow x.example.com, y.example.com, *.example.com, etc. Bind rules for labels may specify a wildcard key and/or value to match multiple labels. For example, you may specify a rule of bind:*=example which will allow x=example, y=example, etc. A rule of '*' is equivalent to no acl at all and will explicitly permit all actions. |
| `--description`       | human-readable description of who or what will use the credential to authenticate. Optional, max 255 bytes.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |
| `--metadata`          | arbitrary user-defined machine-readable data of this credential. Optional, max 4096 bytes.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |
| `--owner-email`       | If supplied at credential creation, ownership will be assigned to the specified User. Only admins may specify an owner other than themselves. Only one of owner\_id, owner\_email, or scim\_user\_id may be specified. specified.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
| `--owner-id`          | If supplied at credential creation, ownership will be assigned to the specified User or Service User. Only admins may specify an owner other than themselves. Defaults to the authenticated User or Service User. Accepts one of: User ID, User email, or SCIM User ID.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |
| `--precomputed-token` | Only authorized accounts may supply a pre-computed token that will be associated with the created credentials.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |
| `--scim-user-id`      | If supplied at credential creation, ownership will be assigned to the specified SCIM User. Only admins may specify an owner other than themselves. Only one of owner\_id, owner\_email, or scim\_user\_id may be specified.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |
| `--api-key`           | API key to use                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |
| `--config`            | path to config files; they are merged if multiple                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
| `--log`               | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
| `--log-format`        | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |
| `--log-level`         | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |

## ngrok api credentials delete

Delete a tunnel authtoken credential by ID

### Usage

```sh theme={null}
ngrok api credentials delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api credentials get

Get detailed information about a tunnel authtoken credential

### Usage

```sh theme={null}
ngrok api credentials get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api credentials list

List all tunnel authtoken credentials on this account

### Usage

```sh theme={null}
ngrok api credentials list [flags]
```

### Flags

| Flag           | Description                                                                                                                                                                                                                                                                                                                                                                               |
| -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--before-id`  | Expects a resource ID as its input. Returns earlier entries in the result set, sorted by ID.                                                                                                                                                                                                                                                                                              |
| `--filter`     | A CEL expression to filter the list results. Supports logical and comparison operators to match on fields such as id, metadata, created\_at, and more. See ngrok API Filtering for syntax and field details: [https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering) ([https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering)). |
| `--limit`      | Constrains the number of results in the dataset. See the API Overview ([https://ngrok.com/docs/api/index#pagination](https://ngrok.com/docs/api/index#pagination)) for details.                                                                                                                                                                                                           |
| `--api-key`    | API key to use                                                                                                                                                                                                                                                                                                                                                                            |
| `--config`     | path to config files; they are merged if multiple                                                                                                                                                                                                                                                                                                                                         |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                                                                                                           |
| `--log-format` | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                                                                                                               |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                                                                                                   |

## ngrok api credentials update

Update attributes of an tunnel authtoken credential by ID

### Usage

```sh theme={null}
ngrok api credentials update <id> [flags]
```

### Flags

| Flag            | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |
| --------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--acl`         | optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the bind rule. The bind rule allows the caller to restrict what domains, addresses, and labels the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule bind:example.ngrok.io. Bind rules for domains may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of bind:*.example.com which will allow x.example.com, y.example.com, *.example.com, etc. Bind rules for labels may specify a wildcard key and/or value to match multiple labels. For example, you may specify a rule of bind:*=example which will allow x=example, y=example, etc. A rule of '*' is equivalent to no acl at all and will explicitly permit all actions. |
| `--description` | human-readable description of who or what will use the credential to authenticate. Optional, max 255 bytes.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |
| `--metadata`    | arbitrary user-defined machine-readable data of this credential. Optional, max 4096 bytes.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |
| `--api-key`     | API key to use                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |
| `--config`      | path to config files; they are merged if multiple                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
| `--log`         | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
| `--log-format`  | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |
| `--log-level`   | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |

## ngrok api edge-modules

### SubCommands

| Command                                                                                                      | Description |
| ------------------------------------------------------------------------------------------------------------ | ----------- |
| [https-edge-mutual-tls](#ngrok-api-edge-modules-https-edge-mutual-tls)                                       |             |
| [https-edge-route-backend](#ngrok-api-edge-modules-https-edge-route-backend)                                 |             |
| [https-edge-route-circuit-breaker](#ngrok-api-edge-modules-https-edge-route-circuit-breaker)                 |             |
| [https-edge-route-compression](#ngrok-api-edge-modules-https-edge-route-compression)                         |             |
| [https-edge-route-ip-restriction](#ngrok-api-edge-modules-https-edge-route-ip-restriction)                   |             |
| [https-edge-route-oauth](#ngrok-api-edge-modules-https-edge-route-oauth)                                     |             |
| [https-edge-route-oidc](#ngrok-api-edge-modules-https-edge-route-oidc)                                       |             |
| [https-edge-route-request-headers](#ngrok-api-edge-modules-https-edge-route-request-headers)                 |             |
| [https-edge-route-response-headers](#ngrok-api-edge-modules-https-edge-route-response-headers)               |             |
| [https-edge-route-saml](#ngrok-api-edge-modules-https-edge-route-saml)                                       |             |
| [https-edge-route-traffic-policy](#ngrok-api-edge-modules-https-edge-route-traffic-policy)                   |             |
| [https-edge-route-user-agent-filter](#ngrok-api-edge-modules-https-edge-route-user-agent-filter)             |             |
| [https-edge-route-webhook-verification](#ngrok-api-edge-modules-https-edge-route-webhook-verification)       |             |
| [https-edge-route-websocket-tcp-converter](#ngrok-api-edge-modules-https-edge-route-websocket-tcp-converter) |             |
| [https-edge-tls-termination](#ngrok-api-edge-modules-https-edge-tls-termination)                             |             |
| [tcp-edge-backend](#ngrok-api-edge-modules-tcp-edge-backend)                                                 |             |
| [tcp-edge-ip-restriction](#ngrok-api-edge-modules-tcp-edge-ip-restriction)                                   |             |
| [tcp-edge-traffic-policy](#ngrok-api-edge-modules-tcp-edge-traffic-policy)                                   |             |
| [tls-edge-backend](#ngrok-api-edge-modules-tls-edge-backend)                                                 |             |
| [tls-edge-ip-restriction](#ngrok-api-edge-modules-tls-edge-ip-restriction)                                   |             |
| [tls-edge-mutual-tls](#ngrok-api-edge-modules-tls-edge-mutual-tls)                                           |             |
| [tls-edge-tls-termination](#ngrok-api-edge-modules-tls-edge-tls-termination)                                 |             |
| [tls-edge-traffic-policy](#ngrok-api-edge-modules-tls-edge-traffic-policy)                                   |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-mutual-tls

### SubCommands

| Command                                                          | Description |
| ---------------------------------------------------------------- | ----------- |
| [delete](#ngrok-api-edge-modules-https-edge-mutual-tls-delete)   |             |
| [get](#ngrok-api-edge-modules-https-edge-mutual-tls-get)         |             |
| [replace](#ngrok-api-edge-modules-https-edge-mutual-tls-replace) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-mutual-tls delete

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-mutual-tls delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-mutual-tls get

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-mutual-tls get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-mutual-tls replace

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-mutual-tls replace <id> [flags]
```

### Flags

| Flag                                 | Description                                                                                                                               |
| ------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------- |
| `--module.certificate-authority-ids` | list of certificate authorities that will be used to validate the TLS client certificate presented by the initiator of the TLS connection |
| `--module.enabled`                   | true if the module will be applied to traffic, false to disable. default true if unspecified                                              |
| `--api-key`                          | API key to use                                                                                                                            |
| `--config`                           | path to config files; they are merged if multiple                                                                                         |
| `--log`                              | path to log file, 'stdout', 'stderr' or 'false'                                                                                           |
| `--log-format`                       | log record format: 'term', 'logfmt', 'json'                                                                                               |
| `--log-level`                        | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                   |

## ngrok api edge-modules https-edge-route-backend

### SubCommands

| Command                                                             | Description |
| ------------------------------------------------------------------- | ----------- |
| [delete](#ngrok-api-edge-modules-https-edge-route-backend-delete)   |             |
| [get](#ngrok-api-edge-modules-https-edge-route-backend-get)         |             |
| [replace](#ngrok-api-edge-modules-https-edge-route-backend-replace) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-backend delete

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-backend delete <edge-id> <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-backend get

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-backend get <edge-id> <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-backend replace

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-backend replace <edge-id> <id> [flags]
```

### Flags

| Flag                  | Description                                                                                  |
| --------------------- | -------------------------------------------------------------------------------------------- |
| `--module.backend-id` | backend to be used to back this endpoint                                                     |
| `--module.enabled`    | true if the module will be applied to traffic, false to disable. default true if unspecified |
| `--api-key`           | API key to use                                                                               |
| `--config`            | path to config files; they are merged if multiple                                            |
| `--log`               | path to log file, 'stdout', 'stderr' or 'false'                                              |
| `--log-format`        | log record format: 'term', 'logfmt', 'json'                                                  |
| `--log-level`         | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                      |

## ngrok api edge-modules https-edge-route-circuit-breaker

### SubCommands

| Command                                                                     | Description |
| --------------------------------------------------------------------------- | ----------- |
| [delete](#ngrok-api-edge-modules-https-edge-route-circuit-breaker-delete)   |             |
| [get](#ngrok-api-edge-modules-https-edge-route-circuit-breaker-get)         |             |
| [replace](#ngrok-api-edge-modules-https-edge-route-circuit-breaker-replace) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-circuit-breaker delete

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-circuit-breaker delete <edge-id> <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-circuit-breaker get

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-circuit-breaker get <edge-id> <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-circuit-breaker replace

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-circuit-breaker replace <edge-id> <id> [flags]
```

### Flags

| Flag                                  | Description                                                                                                  |
| ------------------------------------- | ------------------------------------------------------------------------------------------------------------ |
| `--module.enabled`                    | true if the module will be applied to traffic, false to disable. default true if unspecified                 |
| `--module.error-threshold-percentage` | Error threshold percentage should be between 0 - 1.0, not 0-100.0                                            |
| `--module.num-buckets`                | Integer number of buckets into which metrics are retained. Max 128.                                          |
| `--module.rolling-window`             | Integer number of seconds in the statistical rolling window that metrics are retained for.                   |
| `--module.tripped-duration`           | Integer number of seconds after which the circuit is tripped to wait before re-evaluating upstream health    |
| `--module.volume-threshold`           | Integer number of requests in a rolling window that will trip the circuit. Helpful if traffic volume is low. |
| `--api-key`                           | API key to use                                                                                               |
| `--config`                            | path to config files; they are merged if multiple                                                            |
| `--log`                               | path to log file, 'stdout', 'stderr' or 'false'                                                              |
| `--log-format`                        | log record format: 'term', 'logfmt', 'json'                                                                  |
| `--log-level`                         | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                      |

## ngrok api edge-modules https-edge-route-compression

### SubCommands

| Command                                                                 | Description |
| ----------------------------------------------------------------------- | ----------- |
| [delete](#ngrok-api-edge-modules-https-edge-route-compression-delete)   |             |
| [get](#ngrok-api-edge-modules-https-edge-route-compression-get)         |             |
| [replace](#ngrok-api-edge-modules-https-edge-route-compression-replace) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-compression delete

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-compression delete <edge-id> <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-compression get

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-compression get <edge-id> <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-compression replace

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-compression replace <edge-id> <id> [flags]
```

### Flags

| Flag               | Description                                                                                  |
| ------------------ | -------------------------------------------------------------------------------------------- |
| `--module.enabled` | true if the module will be applied to traffic, false to disable. default true if unspecified |
| `--api-key`        | API key to use                                                                               |
| `--config`         | path to config files; they are merged if multiple                                            |
| `--log`            | path to log file, 'stdout', 'stderr' or 'false'                                              |
| `--log-format`     | log record format: 'term', 'logfmt', 'json'                                                  |
| `--log-level`      | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                      |

## ngrok api edge-modules https-edge-route-ip-restriction

### SubCommands

| Command                                                                    | Description |
| -------------------------------------------------------------------------- | ----------- |
| [delete](#ngrok-api-edge-modules-https-edge-route-ip-restriction-delete)   |             |
| [get](#ngrok-api-edge-modules-https-edge-route-ip-restriction-get)         |             |
| [replace](#ngrok-api-edge-modules-https-edge-route-ip-restriction-replace) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-ip-restriction delete

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-ip-restriction delete <edge-id> <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-ip-restriction get

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-ip-restriction get <edge-id> <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-ip-restriction replace

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-ip-restriction replace <edge-id> <id> [flags]
```

### Flags

| Flag                     | Description                                                                                         |
| ------------------------ | --------------------------------------------------------------------------------------------------- |
| `--module.enabled`       | true if the module will be applied to traffic, false to disable. default true if unspecified        |
| `--module.ip-policy-ids` | list of all IP policies that will be used to check if a source IP is allowed access to the endpoint |
| `--api-key`              | API key to use                                                                                      |
| `--config`               | path to config files; they are merged if multiple                                                   |
| `--log`                  | path to log file, 'stdout', 'stderr' or 'false'                                                     |
| `--log-format`           | log record format: 'term', 'logfmt', 'json'                                                         |
| `--log-level`            | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                             |

## ngrok api edge-modules https-edge-route-oauth

### SubCommands

| Command                                                           | Description |
| ----------------------------------------------------------------- | ----------- |
| [delete](#ngrok-api-edge-modules-https-edge-route-oauth-delete)   |             |
| [get](#ngrok-api-edge-modules-https-edge-route-oauth-get)         |             |
| [replace](#ngrok-api-edge-modules-https-edge-route-oauth-replace) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-oauth delete

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-oauth delete <edge-id> <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-oauth get

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-oauth get <edge-id> <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-oauth replace

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-oauth replace <edge-id> <id> [flags]
```

### Flags

| Flag                                          | Description                                                                                                                                                                                                                                                                                                                              |
| --------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--module.auth-check-interval`                | Integer number of seconds after which ngrok guarantees it will refresh user state from the identity provider and recheck whether the user is still authorized to access the endpoint. This is the preferred tunable to use to enforce a minimum amount of time after which a revoked user will no longer be able to access the resource. |
| `--module.cookie-prefix`                      | the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'                                                                                                                                                                                                                         |
| `--module.enabled`                            | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                             |
| `--module.inactivity-timeout`                 | Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.                                                                                                                                                                    |
| `--module.maximum-duration`                   | Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.                                                                                                                                                                                                |
| `--module.options-passthrough`                | Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.                                                                                                                                                                                                                                            |
| `--module.provider.amazon.client-id`          |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.amazon.client-secret`      |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.amazon.email-addresses`    |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.amazon.email-domains`      |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.amazon.scopes`             |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.facebook.client-id`        | the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client\_secret must be present as well.          |
| `--module.provider.facebook.client-secret`    | the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client\_id.                                                                                                                                                       |
| `--module.provider.facebook.email-addresses`  | a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                             |
| `--module.provider.facebook.email-domains`    | a list of email domains of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                               |
| `--module.provider.facebook.scopes`           | a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client\_id and client\_secret to set scopes)                                                                                              |
| `--module.provider.github.client-id`          | the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client\_secret must be present as well.          |
| `--module.provider.github.client-secret`      | the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client\_id.                                                                                                                                                       |
| `--module.provider.github.email-addresses`    | a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                             |
| `--module.provider.github.email-domains`      | a list of email domains of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                               |
| `--module.provider.github.organizations`      | a list of github org identifiers. users who are members of any of the listed organizations will be allowed access. identifiers should be the organization's 'slug'                                                                                                                                                                       |
| `--module.provider.github.scopes`             | a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client\_id and client\_secret to set scopes)                                                                                              |
| `--module.provider.github.teams`              | a list of github teams identifiers. users will be allowed access to the endpoint if they are a member of any of these teams. identifiers should be in the 'slug' format qualified with the org name, e.g. org-name/team-name                                                                                                             |
| `--module.provider.gitlab.client-id`          |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.gitlab.client-secret`      |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.gitlab.email-addresses`    |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.gitlab.email-domains`      |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.gitlab.scopes`             |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.google.client-id`          | the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client\_secret must be present as well.          |
| `--module.provider.google.client-secret`      | the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client\_id.                                                                                                                                                       |
| `--module.provider.google.email-addresses`    | a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                             |
| `--module.provider.google.email-domains`      | a list of email domains of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                               |
| `--module.provider.google.scopes`             | a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client\_id and client\_secret to set scopes)                                                                                              |
| `--module.provider.linkedin.client-id`        |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.linkedin.client-secret`    |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.linkedin.email-addresses`  |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.linkedin.email-domains`    |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.linkedin.scopes`           |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.microsoft.client-id`       | the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client\_secret must be present as well.          |
| `--module.provider.microsoft.client-secret`   | the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client\_id.                                                                                                                                                       |
| `--module.provider.microsoft.email-addresses` | a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                             |
| `--module.provider.microsoft.email-domains`   | a list of email domains of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                               |
| `--module.provider.microsoft.scopes`          | a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client\_id and client\_secret to set scopes)                                                                                              |
| `--module.provider.twitch.client-id`          |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.twitch.client-secret`      |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.twitch.email-addresses`    |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.twitch.email-domains`      |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.twitch.scopes`             |                                                                                                                                                                                                                                                                                                                                          |
| `--api-key`                                   | API key to use                                                                                                                                                                                                                                                                                                                           |
| `--config`                                    | path to config files; they are merged if multiple                                                                                                                                                                                                                                                                                        |
| `--log`                                       | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                                                          |
| `--log-format`                                | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                                                              |
| `--log-level`                                 | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                                                  |

## ngrok api edge-modules https-edge-route-oidc

### SubCommands

| Command                                                          | Description |
| ---------------------------------------------------------------- | ----------- |
| [delete](#ngrok-api-edge-modules-https-edge-route-oidc-delete)   |             |
| [get](#ngrok-api-edge-modules-https-edge-route-oidc-get)         |             |
| [replace](#ngrok-api-edge-modules-https-edge-route-oidc-replace) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-oidc delete

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-oidc delete <edge-id> <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-oidc get

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-oidc get <edge-id> <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-oidc replace

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-oidc replace <edge-id> <id> [flags]
```

### Flags

| Flag                           | Description                                                                                                                                                           |
| ------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--module.client-id`           | The OIDC app's client ID and OIDC audience.                                                                                                                           |
| `--module.client-secret`       | The OIDC app's client secret.                                                                                                                                         |
| `--module.cookie-prefix`       | the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'                                                      |
| `--module.enabled`             | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                          |
| `--module.inactivity-timeout`  | Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate. |
| `--module.issuer`              | URL of the OIDC "OpenID provider". This is the base URL used for discovery.                                                                                           |
| `--module.maximum-duration`    | Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.                             |
| `--module.options-passthrough` | Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.                                                                         |
| `--module.scopes`              | The set of scopes to request from the OIDC identity provider.                                                                                                         |
| `--api-key`                    | API key to use                                                                                                                                                        |
| `--config`                     | path to config files; they are merged if multiple                                                                                                                     |
| `--log`                        | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                       |
| `--log-format`                 | log record format: 'term', 'logfmt', 'json'                                                                                                                           |
| `--log-level`                  | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                               |

## ngrok api edge-modules https-edge-route-request-headers

### SubCommands

| Command                                                                     | Description |
| --------------------------------------------------------------------------- | ----------- |
| [delete](#ngrok-api-edge-modules-https-edge-route-request-headers-delete)   |             |
| [get](#ngrok-api-edge-modules-https-edge-route-request-headers-get)         |             |
| [replace](#ngrok-api-edge-modules-https-edge-route-request-headers-replace) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-request-headers delete

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-request-headers delete <edge-id> <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-request-headers get

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-request-headers get <edge-id> <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-request-headers replace

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-request-headers replace <edge-id> <id> [flags]
```

### Flags

| Flag               | Description                                                                                                                          |
| ------------------ | ------------------------------------------------------------------------------------------------------------------------------------ |
| `--module.add`     | a map of header key to header value that will be injected into the HTTP Request before being sent to the upstream application server |
| `--module.enabled` | true if the module will be applied to traffic, false to disable. default true if unspecified                                         |
| `--module.remove`  | a list of header names that will be removed from the HTTP Request before being sent to the upstream application server               |
| `--api-key`        | API key to use                                                                                                                       |
| `--config`         | path to config files; they are merged if multiple                                                                                    |
| `--log`            | path to log file, 'stdout', 'stderr' or 'false'                                                                                      |
| `--log-format`     | log record format: 'term', 'logfmt', 'json'                                                                                          |
| `--log-level`      | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                              |

## ngrok api edge-modules https-edge-route-response-headers

### SubCommands

| Command                                                                      | Description |
| ---------------------------------------------------------------------------- | ----------- |
| [delete](#ngrok-api-edge-modules-https-edge-route-response-headers-delete)   |             |
| [get](#ngrok-api-edge-modules-https-edge-route-response-headers-get)         |             |
| [replace](#ngrok-api-edge-modules-https-edge-route-response-headers-replace) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-response-headers delete

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-response-headers delete <edge-id> <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-response-headers get

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-response-headers get <edge-id> <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-response-headers replace

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-response-headers replace <edge-id> <id> [flags]
```

### Flags

| Flag               | Description                                                                                                  |
| ------------------ | ------------------------------------------------------------------------------------------------------------ |
| `--module.add`     | a map of header key to header value that will be injected into the HTTP Response returned to the HTTP client |
| `--module.enabled` | true if the module will be applied to traffic, false to disable. default true if unspecified                 |
| `--module.remove`  | a list of header names that will be removed from the HTTP Response returned to the HTTP client               |
| `--api-key`        | API key to use                                                                                               |
| `--config`         | path to config files; they are merged if multiple                                                            |
| `--log`            | path to log file, 'stdout', 'stderr' or 'false'                                                              |
| `--log-format`     | log record format: 'term', 'logfmt', 'json'                                                                  |
| `--log-level`      | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                      |

## ngrok api edge-modules https-edge-route-saml

### SubCommands

| Command                                                          | Description |
| ---------------------------------------------------------------- | ----------- |
| [delete](#ngrok-api-edge-modules-https-edge-route-saml-delete)   |             |
| [get](#ngrok-api-edge-modules-https-edge-route-saml-get)         |             |
| [replace](#ngrok-api-edge-modules-https-edge-route-saml-replace) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-saml delete

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-saml delete <edge-id> <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-saml get

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-saml get <edge-id> <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-saml replace

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-saml replace <edge-id> <id> [flags]
```

### Flags

| Flag                           | Description                                                                                                                                                                                                                                                                                              |
| ------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--module.allow-idp-initiated` | If true, the IdP may initiate a login directly (e.g. the user does not need to visit the endpoint first and then be redirected). The IdP should set the RelayState parameter to the target URL of the resource they want the user to be redirected to after the SAML login assertion has been processed. |
| `--module.authorized-groups`   | If present, only users who are a member of one of the listed groups may access the target endpoint.                                                                                                                                                                                                      |
| `--module.cookie-prefix`       | the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'                                                                                                                                                                                         |
| `--module.enabled`             | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                             |
| `--module.force-authn`         | If true, indicates that whenever we redirect a user to the IdP for authentication that the IdP must prompt the user for authentication credentials even if the user already has a valid session with the IdP.                                                                                            |
| `--module.idp-metadata`        | The full XML IdP EntityDescriptor. Your IdP may provide this to you as a a file to download or as a URL.                                                                                                                                                                                                 |
| `--module.idp-metadata-url`    | The IdP's metadata URL which returns the XML IdP EntityDescriptor. The IdP's metadata URL specifies how to connect to the IdP as well as its public key which is then used to validate the signature on incoming SAML assertions to the ACS endpoint.                                                    |
| `--module.inactivity-timeout`  | Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.                                                                                                                                    |
| `--module.maximum-duration`    | Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.                                                                                                                                                                |
| `--module.nameid-format`       | Defines the name identifier format the SP expects the IdP to use in its assertions to identify subjects. If unspecified, a default value of urn:oasis:names:tc:SAML:2.0:nameid-format:persistent will be used. A subset of the allowed values enumerated by the SAML specification are supported.        |
| `--module.options-passthrough` | Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.                                                                                                                                                                                                            |
| `--api-key`                    | API key to use                                                                                                                                                                                                                                                                                           |
| `--config`                     | path to config files; they are merged if multiple                                                                                                                                                                                                                                                        |
| `--log`                        | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                          |
| `--log-format`                 | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                              |
| `--log-level`                  | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                  |

## ngrok api edge-modules https-edge-route-traffic-policy

### SubCommands

| Command                                                                    | Description |
| -------------------------------------------------------------------------- | ----------- |
| [delete](#ngrok-api-edge-modules-https-edge-route-traffic-policy-delete)   |             |
| [get](#ngrok-api-edge-modules-https-edge-route-traffic-policy-get)         |             |
| [replace](#ngrok-api-edge-modules-https-edge-route-traffic-policy-replace) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-traffic-policy delete

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-traffic-policy delete <edge-id> <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-traffic-policy get

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-traffic-policy get <edge-id> <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-traffic-policy replace

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-traffic-policy replace <edge-id> <id> [flags]
```

### Flags

| Flag               | Description                                                                                  |
| ------------------ | -------------------------------------------------------------------------------------------- |
| `--module.enabled` | true if the module will be applied to traffic, false to disable. default true if unspecified |
| `--module.value`   | the traffic policy that should be applied to the traffic on your endpoint.                   |
| `--api-key`        | API key to use                                                                               |
| `--config`         | path to config files; they are merged if multiple                                            |
| `--log`            | path to log file, 'stdout', 'stderr' or 'false'                                              |
| `--log-format`     | log record format: 'term', 'logfmt', 'json'                                                  |
| `--log-level`      | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                      |

## ngrok api edge-modules https-edge-route-user-agent-filter

### SubCommands

| Command                                                                       | Description |
| ----------------------------------------------------------------------------- | ----------- |
| [delete](#ngrok-api-edge-modules-https-edge-route-user-agent-filter-delete)   |             |
| [get](#ngrok-api-edge-modules-https-edge-route-user-agent-filter-get)         |             |
| [replace](#ngrok-api-edge-modules-https-edge-route-user-agent-filter-replace) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-user-agent-filter delete

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-user-agent-filter delete <edge-id> <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-user-agent-filter get

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-user-agent-filter get <edge-id> <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-user-agent-filter replace

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-user-agent-filter replace <edge-id> <id> [flags]
```

### Flags

| Flag               | Description                                             |
| ------------------ | ------------------------------------------------------- |
| `--module.allow`   |                                                         |
| `--module.deny`    |                                                         |
| `--module.enabled` |                                                         |
| `--api-key`        | API key to use                                          |
| `--config`         | path to config files; they are merged if multiple       |
| `--log`            | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format`     | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`      | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-webhook-verification

### SubCommands

| Command                                                                          | Description |
| -------------------------------------------------------------------------------- | ----------- |
| [delete](#ngrok-api-edge-modules-https-edge-route-webhook-verification-delete)   |             |
| [get](#ngrok-api-edge-modules-https-edge-route-webhook-verification-get)         |             |
| [replace](#ngrok-api-edge-modules-https-edge-route-webhook-verification-replace) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-webhook-verification delete

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-webhook-verification delete <edge-id> <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-webhook-verification get

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-webhook-verification get <edge-id> <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-webhook-verification replace

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-webhook-verification replace <edge-id> <id> [flags]
```

### Flags

| Flag                | Description                                                                                                                                                                                                                                                                                                                                                                                                       |
| ------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--module.enabled`  | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--module.provider` | a string indicating which webhook provider will be sending webhooks to this endpoint. Value must be one of the supported providers defined at [https://ngrok.com/docs/cloud-edge/modules/webhook-verification](https://ngrok.com/docs/cloud-edge/modules/webhook-verification) ([https://ngrok.com/docs/cloud-edge/modules/webhook-verification](https://ngrok.com/docs/cloud-edge/modules/webhook-verification)) |
| `--module.secret`   | a string secret used to validate requests from the given provider. All providers except AWS SNS require a secret                                                                                                                                                                                                                                                                                                  |
| `--api-key`         | API key to use                                                                                                                                                                                                                                                                                                                                                                                                    |
| `--config`          | path to config files; they are merged if multiple                                                                                                                                                                                                                                                                                                                                                                 |
| `--log`             | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                                                                                                                                   |
| `--log-format`      | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                                                                                                                                       |
| `--log-level`       | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                                                                                                                           |

## ngrok api edge-modules https-edge-route-websocket-tcp-converter

### SubCommands

| Command                                                                             | Description |
| ----------------------------------------------------------------------------------- | ----------- |
| [delete](#ngrok-api-edge-modules-https-edge-route-websocket-tcp-converter-delete)   |             |
| [get](#ngrok-api-edge-modules-https-edge-route-websocket-tcp-converter-get)         |             |
| [replace](#ngrok-api-edge-modules-https-edge-route-websocket-tcp-converter-replace) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-websocket-tcp-converter delete

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-websocket-tcp-converter delete <edge-id> <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-websocket-tcp-converter get

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-websocket-tcp-converter get <edge-id> <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-route-websocket-tcp-converter replace

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-route-websocket-tcp-converter replace <edge-id> <id> [flags]
```

### Flags

| Flag               | Description                                                                                  |
| ------------------ | -------------------------------------------------------------------------------------------- |
| `--module.enabled` | true if the module will be applied to traffic, false to disable. default true if unspecified |
| `--api-key`        | API key to use                                                                               |
| `--config`         | path to config files; they are merged if multiple                                            |
| `--log`            | path to log file, 'stdout', 'stderr' or 'false'                                              |
| `--log-format`     | log record format: 'term', 'logfmt', 'json'                                                  |
| `--log-level`      | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                      |

## ngrok api edge-modules https-edge-tls-termination

### SubCommands

| Command                                                               | Description |
| --------------------------------------------------------------------- | ----------- |
| [delete](#ngrok-api-edge-modules-https-edge-tls-termination-delete)   |             |
| [get](#ngrok-api-edge-modules-https-edge-tls-termination-get)         |             |
| [replace](#ngrok-api-edge-modules-https-edge-tls-termination-replace) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-tls-termination delete

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-tls-termination delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-tls-termination get

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-tls-termination get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules https-edge-tls-termination replace

### Usage

```sh theme={null}
ngrok api edge-modules https-edge-tls-termination replace <id> [flags]
```

### Flags

| Flag                   | Description                                                                                                                                                                                                                  |
| ---------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--module.enabled`     | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                 |
| `--module.min-version` | The minimum TLS version used for termination and advertised to the client during the TLS handshake. if unspecified, ngrok will choose an industry-safe default. This value must be null if terminate\_at is set to upstream. |
| `--api-key`            | API key to use                                                                                                                                                                                                               |
| `--config`             | path to config files; they are merged if multiple                                                                                                                                                                            |
| `--log`                | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                              |
| `--log-format`         | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                  |
| `--log-level`          | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                      |

## ngrok api edge-modules tcp-edge-backend

### SubCommands

| Command                                                     | Description |
| ----------------------------------------------------------- | ----------- |
| [delete](#ngrok-api-edge-modules-tcp-edge-backend-delete)   |             |
| [get](#ngrok-api-edge-modules-tcp-edge-backend-get)         |             |
| [replace](#ngrok-api-edge-modules-tcp-edge-backend-replace) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules tcp-edge-backend delete

### Usage

```sh theme={null}
ngrok api edge-modules tcp-edge-backend delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules tcp-edge-backend get

### Usage

```sh theme={null}
ngrok api edge-modules tcp-edge-backend get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules tcp-edge-backend replace

### Usage

```sh theme={null}
ngrok api edge-modules tcp-edge-backend replace <id> [flags]
```

### Flags

| Flag                  | Description                                                                                  |
| --------------------- | -------------------------------------------------------------------------------------------- |
| `--module.backend-id` | backend to be used to back this endpoint                                                     |
| `--module.enabled`    | true if the module will be applied to traffic, false to disable. default true if unspecified |
| `--api-key`           | API key to use                                                                               |
| `--config`            | path to config files; they are merged if multiple                                            |
| `--log`               | path to log file, 'stdout', 'stderr' or 'false'                                              |
| `--log-format`        | log record format: 'term', 'logfmt', 'json'                                                  |
| `--log-level`         | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                      |

## ngrok api edge-modules tcp-edge-ip-restriction

### SubCommands

| Command                                                            | Description |
| ------------------------------------------------------------------ | ----------- |
| [delete](#ngrok-api-edge-modules-tcp-edge-ip-restriction-delete)   |             |
| [get](#ngrok-api-edge-modules-tcp-edge-ip-restriction-get)         |             |
| [replace](#ngrok-api-edge-modules-tcp-edge-ip-restriction-replace) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules tcp-edge-ip-restriction delete

### Usage

```sh theme={null}
ngrok api edge-modules tcp-edge-ip-restriction delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules tcp-edge-ip-restriction get

### Usage

```sh theme={null}
ngrok api edge-modules tcp-edge-ip-restriction get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules tcp-edge-ip-restriction replace

### Usage

```sh theme={null}
ngrok api edge-modules tcp-edge-ip-restriction replace <id> [flags]
```

### Flags

| Flag                     | Description                                                                                         |
| ------------------------ | --------------------------------------------------------------------------------------------------- |
| `--module.enabled`       | true if the module will be applied to traffic, false to disable. default true if unspecified        |
| `--module.ip-policy-ids` | list of all IP policies that will be used to check if a source IP is allowed access to the endpoint |
| `--api-key`              | API key to use                                                                                      |
| `--config`               | path to config files; they are merged if multiple                                                   |
| `--log`                  | path to log file, 'stdout', 'stderr' or 'false'                                                     |
| `--log-format`           | log record format: 'term', 'logfmt', 'json'                                                         |
| `--log-level`            | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                             |

## ngrok api edge-modules tcp-edge-traffic-policy

### SubCommands

| Command                                                            | Description |
| ------------------------------------------------------------------ | ----------- |
| [delete](#ngrok-api-edge-modules-tcp-edge-traffic-policy-delete)   |             |
| [get](#ngrok-api-edge-modules-tcp-edge-traffic-policy-get)         |             |
| [replace](#ngrok-api-edge-modules-tcp-edge-traffic-policy-replace) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules tcp-edge-traffic-policy delete

### Usage

```sh theme={null}
ngrok api edge-modules tcp-edge-traffic-policy delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules tcp-edge-traffic-policy get

### Usage

```sh theme={null}
ngrok api edge-modules tcp-edge-traffic-policy get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules tcp-edge-traffic-policy replace

### Usage

```sh theme={null}
ngrok api edge-modules tcp-edge-traffic-policy replace <id> [flags]
```

### Flags

| Flag               | Description                                                                                  |
| ------------------ | -------------------------------------------------------------------------------------------- |
| `--module.enabled` | true if the module will be applied to traffic, false to disable. default true if unspecified |
| `--module.value`   | the traffic policy that should be applied to the traffic on your endpoint.                   |
| `--api-key`        | API key to use                                                                               |
| `--config`         | path to config files; they are merged if multiple                                            |
| `--log`            | path to log file, 'stdout', 'stderr' or 'false'                                              |
| `--log-format`     | log record format: 'term', 'logfmt', 'json'                                                  |
| `--log-level`      | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                      |

## ngrok api edge-modules tls-edge-backend

### SubCommands

| Command                                                     | Description |
| ----------------------------------------------------------- | ----------- |
| [delete](#ngrok-api-edge-modules-tls-edge-backend-delete)   |             |
| [get](#ngrok-api-edge-modules-tls-edge-backend-get)         |             |
| [replace](#ngrok-api-edge-modules-tls-edge-backend-replace) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules tls-edge-backend delete

### Usage

```sh theme={null}
ngrok api edge-modules tls-edge-backend delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules tls-edge-backend get

### Usage

```sh theme={null}
ngrok api edge-modules tls-edge-backend get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules tls-edge-backend replace

### Usage

```sh theme={null}
ngrok api edge-modules tls-edge-backend replace <id> [flags]
```

### Flags

| Flag                  | Description                                                                                  |
| --------------------- | -------------------------------------------------------------------------------------------- |
| `--module.backend-id` | backend to be used to back this endpoint                                                     |
| `--module.enabled`    | true if the module will be applied to traffic, false to disable. default true if unspecified |
| `--api-key`           | API key to use                                                                               |
| `--config`            | path to config files; they are merged if multiple                                            |
| `--log`               | path to log file, 'stdout', 'stderr' or 'false'                                              |
| `--log-format`        | log record format: 'term', 'logfmt', 'json'                                                  |
| `--log-level`         | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                      |

## ngrok api edge-modules tls-edge-ip-restriction

### SubCommands

| Command                                                            | Description |
| ------------------------------------------------------------------ | ----------- |
| [delete](#ngrok-api-edge-modules-tls-edge-ip-restriction-delete)   |             |
| [get](#ngrok-api-edge-modules-tls-edge-ip-restriction-get)         |             |
| [replace](#ngrok-api-edge-modules-tls-edge-ip-restriction-replace) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules tls-edge-ip-restriction delete

### Usage

```sh theme={null}
ngrok api edge-modules tls-edge-ip-restriction delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules tls-edge-ip-restriction get

### Usage

```sh theme={null}
ngrok api edge-modules tls-edge-ip-restriction get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules tls-edge-ip-restriction replace

### Usage

```sh theme={null}
ngrok api edge-modules tls-edge-ip-restriction replace <id> [flags]
```

### Flags

| Flag                     | Description                                                                                         |
| ------------------------ | --------------------------------------------------------------------------------------------------- |
| `--module.enabled`       | true if the module will be applied to traffic, false to disable. default true if unspecified        |
| `--module.ip-policy-ids` | list of all IP policies that will be used to check if a source IP is allowed access to the endpoint |
| `--api-key`              | API key to use                                                                                      |
| `--config`               | path to config files; they are merged if multiple                                                   |
| `--log`                  | path to log file, 'stdout', 'stderr' or 'false'                                                     |
| `--log-format`           | log record format: 'term', 'logfmt', 'json'                                                         |
| `--log-level`            | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                             |

## ngrok api edge-modules tls-edge-mutual-tls

### SubCommands

| Command                                                        | Description |
| -------------------------------------------------------------- | ----------- |
| [delete](#ngrok-api-edge-modules-tls-edge-mutual-tls-delete)   |             |
| [get](#ngrok-api-edge-modules-tls-edge-mutual-tls-get)         |             |
| [replace](#ngrok-api-edge-modules-tls-edge-mutual-tls-replace) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules tls-edge-mutual-tls delete

### Usage

```sh theme={null}
ngrok api edge-modules tls-edge-mutual-tls delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules tls-edge-mutual-tls get

### Usage

```sh theme={null}
ngrok api edge-modules tls-edge-mutual-tls get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules tls-edge-mutual-tls replace

### Usage

```sh theme={null}
ngrok api edge-modules tls-edge-mutual-tls replace <id> [flags]
```

### Flags

| Flag                                 | Description                                                                                                                               |
| ------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------- |
| `--module.certificate-authority-ids` | list of certificate authorities that will be used to validate the TLS client certificate presented by the initiator of the TLS connection |
| `--module.enabled`                   | true if the module will be applied to traffic, false to disable. default true if unspecified                                              |
| `--api-key`                          | API key to use                                                                                                                            |
| `--config`                           | path to config files; they are merged if multiple                                                                                         |
| `--log`                              | path to log file, 'stdout', 'stderr' or 'false'                                                                                           |
| `--log-format`                       | log record format: 'term', 'logfmt', 'json'                                                                                               |
| `--log-level`                        | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                   |

## ngrok api edge-modules tls-edge-tls-termination

### SubCommands

| Command                                                             | Description |
| ------------------------------------------------------------------- | ----------- |
| [delete](#ngrok-api-edge-modules-tls-edge-tls-termination-delete)   |             |
| [get](#ngrok-api-edge-modules-tls-edge-tls-termination-get)         |             |
| [replace](#ngrok-api-edge-modules-tls-edge-tls-termination-replace) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules tls-edge-tls-termination delete

### Usage

```sh theme={null}
ngrok api edge-modules tls-edge-tls-termination delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules tls-edge-tls-termination get

### Usage

```sh theme={null}
ngrok api edge-modules tls-edge-tls-termination get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules tls-edge-tls-termination replace

### Usage

```sh theme={null}
ngrok api edge-modules tls-edge-tls-termination replace <id> [flags]
```

### Flags

| Flag                    | Description                                                                                                                                                                                                                                                                                                           |
| ----------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--module.enabled`      | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                          |
| `--module.min-version`  | The minimum TLS version used for termination and advertised to the client during the TLS handshake. if unspecified, ngrok will choose an industry-safe default. This value must be null if terminate\_at is set to upstream.                                                                                          |
| `--module.terminate-at` | edge if the ngrok edge should terminate TLS traffic, upstream if TLS traffic should be passed through to the upstream ngrok agent / application server for termination. if upstream is chosen, most other modules will be disallowed because they rely on the ngrok edge being able to access the underlying traffic. |
| `--api-key`             | API key to use                                                                                                                                                                                                                                                                                                        |
| `--config`              | path to config files; they are merged if multiple                                                                                                                                                                                                                                                                     |
| `--log`                 | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                                       |
| `--log-format`          | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                                           |
| `--log-level`           | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                               |

## ngrok api edge-modules tls-edge-traffic-policy

### SubCommands

| Command                                                            | Description |
| ------------------------------------------------------------------ | ----------- |
| [delete](#ngrok-api-edge-modules-tls-edge-traffic-policy-delete)   |             |
| [get](#ngrok-api-edge-modules-tls-edge-traffic-policy-get)         |             |
| [replace](#ngrok-api-edge-modules-tls-edge-traffic-policy-replace) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules tls-edge-traffic-policy delete

### Usage

```sh theme={null}
ngrok api edge-modules tls-edge-traffic-policy delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules tls-edge-traffic-policy get

### Usage

```sh theme={null}
ngrok api edge-modules tls-edge-traffic-policy get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edge-modules tls-edge-traffic-policy replace

### Usage

```sh theme={null}
ngrok api edge-modules tls-edge-traffic-policy replace <id> [flags]
```

### Flags

| Flag               | Description                                                                                  |
| ------------------ | -------------------------------------------------------------------------------------------- |
| `--module.enabled` | true if the module will be applied to traffic, false to disable. default true if unspecified |
| `--module.value`   | the traffic policy that should be applied to the traffic on your endpoint.                   |
| `--api-key`        | API key to use                                                                               |
| `--config`         | path to config files; they are merged if multiple                                            |
| `--log`            | path to log file, 'stdout', 'stderr' or 'false'                                              |
| `--log-format`     | log record format: 'term', 'logfmt', 'json'                                                  |
| `--log-level`      | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                      |

## ngrok api edges

### SubCommands

| Command                                       | Description |
| --------------------------------------------- | ----------- |
| [https](#ngrok-api-edges-https)               |             |
| [https-routes](#ngrok-api-edges-https-routes) |             |
| [tcp](#ngrok-api-edges-tcp)                   |             |
| [tls](#ngrok-api-edges-tls)                   |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edges https

### SubCommands

| Command                                 | Description                                       |
| --------------------------------------- | ------------------------------------------------- |
| [create](#ngrok-api-edges-https-create) | Create an HTTPS Edge                              |
| [delete](#ngrok-api-edges-https-delete) | Delete an HTTPS Edge by ID                        |
| [get](#ngrok-api-edges-https-get)       | Get an HTTPS Edge by ID                           |
| [list](#ngrok-api-edges-https-list)     | Returns a list of all HTTPS Edges on this account |
| [update](#ngrok-api-edges-https-update) | Updates an HTTPS Edge by ID                       |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edges https create

Create an HTTPS Edge

### Usage

```sh theme={null}
ngrok api edges https create [flags]
```

### Flags

| Flag                                     | Description                                                                                                                                                                                                                  |
| ---------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--description`                          | human-readable description of what this edge will be used for; optional, max 255 bytes.                                                                                                                                      |
| `--hostports`                            | hostports served by this edge                                                                                                                                                                                                |
| `--metadata`                             | arbitrary user-defined machine-readable data of this edge; optional, max 4096 bytes.                                                                                                                                         |
| `--mutual-tls.certificate-authority-ids` | list of certificate authorities that will be used to validate the TLS client certificate presented by the initiator of the TLS connection                                                                                    |
| `--mutual-tls.enabled`                   | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                 |
| `--tls-termination.enabled`              | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                 |
| `--tls-termination.min-version`          | The minimum TLS version used for termination and advertised to the client during the TLS handshake. if unspecified, ngrok will choose an industry-safe default. This value must be null if terminate\_at is set to upstream. |
| `--api-key`                              | API key to use                                                                                                                                                                                                               |
| `--config`                               | path to config files; they are merged if multiple                                                                                                                                                                            |
| `--log`                                  | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                              |
| `--log-format`                           | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                  |
| `--log-level`                            | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                      |

## ngrok api edges https delete

Delete an HTTPS Edge by ID

### Usage

```sh theme={null}
ngrok api edges https delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edges https get

Get an HTTPS Edge by ID

### Usage

```sh theme={null}
ngrok api edges https get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edges https list

Returns a list of all HTTPS Edges on this account

### Usage

```sh theme={null}
ngrok api edges https list [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--before-id`  |                                                         |
| `--limit`      |                                                         |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edges https update

Updates an HTTPS Edge by ID. If a module is not specified in the update, it will not be modified. However, each module configuration that is specified will completely replace the existing value. There is no way to delete an existing module via this API, instead use the delete module API.

### Usage

```sh theme={null}
ngrok api edges https update <id> [flags]
```

### Flags

| Flag                                     | Description                                                                                                                                                                                                                  |
| ---------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--description`                          | human-readable description of what this edge will be used for; optional, max 255 bytes.                                                                                                                                      |
| `--hostports`                            | hostports served by this edge                                                                                                                                                                                                |
| `--metadata`                             | arbitrary user-defined machine-readable data of this edge; optional, max 4096 bytes.                                                                                                                                         |
| `--mutual-tls.certificate-authority-ids` | list of certificate authorities that will be used to validate the TLS client certificate presented by the initiator of the TLS connection                                                                                    |
| `--mutual-tls.enabled`                   | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                 |
| `--tls-termination.enabled`              | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                 |
| `--tls-termination.min-version`          | The minimum TLS version used for termination and advertised to the client during the TLS handshake. if unspecified, ngrok will choose an industry-safe default. This value must be null if terminate\_at is set to upstream. |
| `--api-key`                              | API key to use                                                                                                                                                                                                               |
| `--config`                               | path to config files; they are merged if multiple                                                                                                                                                                            |
| `--log`                                  | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                              |
| `--log-format`                           | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                  |
| `--log-level`                            | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                      |

## ngrok api edges https-routes

### SubCommands

| Command                                        | Description                       |
| ---------------------------------------------- | --------------------------------- |
| [create](#ngrok-api-edges-https-routes-create) | Create an HTTPS Edge Route        |
| [delete](#ngrok-api-edges-https-routes-delete) | Delete an HTTPS Edge Route by ID  |
| [get](#ngrok-api-edges-https-routes-get)       | Get an HTTPS Edge Route by ID     |
| [update](#ngrok-api-edges-https-routes-update) | Updates an HTTPS Edge Route by ID |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edges https-routes create

Create an HTTPS Edge Route

### Usage

```sh theme={null}
ngrok api edges https-routes create <edge-id> [flags]
```

### Flags

| Flag                                           | Description                                                                                                                                                                                                                                                                                                                                                                                                       |
| ---------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--backend.backend-id`                         | backend to be used to back this endpoint                                                                                                                                                                                                                                                                                                                                                                          |
| `--backend.enabled`                            | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--circuit-breaker.enabled`                    | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--circuit-breaker.error-threshold-percentage` | Error threshold percentage should be between 0 - 1.0, not 0-100.0                                                                                                                                                                                                                                                                                                                                                 |
| `--circuit-breaker.num-buckets`                | Integer number of buckets into which metrics are retained. Max 128.                                                                                                                                                                                                                                                                                                                                               |
| `--circuit-breaker.rolling-window`             | Integer number of seconds in the statistical rolling window that metrics are retained for.                                                                                                                                                                                                                                                                                                                        |
| `--circuit-breaker.tripped-duration`           | Integer number of seconds after which the circuit is tripped to wait before re-evaluating upstream health                                                                                                                                                                                                                                                                                                         |
| `--circuit-breaker.volume-threshold`           | Integer number of requests in a rolling window that will trip the circuit. Helpful if traffic volume is low.                                                                                                                                                                                                                                                                                                      |
| `--compression.enabled`                        | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--description`                                | human-readable description of what this edge will be used for; optional, max 255 bytes.                                                                                                                                                                                                                                                                                                                           |
| `--ip-restriction.enabled`                     | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--ip-restriction.ip-policy-ids`               | list of all IP policies that will be used to check if a source IP is allowed access to the endpoint                                                                                                                                                                                                                                                                                                               |
| `--match`                                      | Route selector: "/blog" or "example.com" or "example.com/blog"                                                                                                                                                                                                                                                                                                                                                    |
| `--match-type`                                 | Type of match to use for this route. Valid values are "exact\_path" and "path\_prefix".                                                                                                                                                                                                                                                                                                                           |
| `--metadata`                                   | arbitrary user-defined machine-readable data of this edge. Optional, max 4096 bytes.                                                                                                                                                                                                                                                                                                                              |
| `--oauth.auth-check-interval`                  | Integer number of seconds after which ngrok guarantees it will refresh user state from the identity provider and recheck whether the user is still authorized to access the endpoint. This is the preferred tunable to use to enforce a minimum amount of time after which a revoked user will no longer be able to access the resource.                                                                          |
| `--oauth.cookie-prefix`                        | the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'                                                                                                                                                                                                                                                                                                  |
| `--oauth.enabled`                              | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--oauth.inactivity-timeout`                   | Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.                                                                                                                                                                                                                                             |
| `--oauth.maximum-duration`                     | Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.                                                                                                                                                                                                                                                                         |
| `--oauth.options-passthrough`                  | Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.                                                                                                                                                                                                                                                                                                                     |
| `--oauth.provider.amazon.client-id`            |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.amazon.client-secret`        |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.amazon.email-addresses`      |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.amazon.email-domains`        |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.amazon.scopes`               |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.facebook.client-id`          | the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client\_secret must be present as well.                                                                                   |
| `--oauth.provider.facebook.client-secret`      | the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client\_id.                                                                                                                                                                                                                                |
| `--oauth.provider.facebook.email-addresses`    | a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                                                                                                      |
| `--oauth.provider.facebook.email-domains`      | a list of email domains of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                                                                                                        |
| `--oauth.provider.facebook.scopes`             | a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client\_id and client\_secret to set scopes)                                                                                                                                                                       |
| `--oauth.provider.github.client-id`            | the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client\_secret must be present as well.                                                                                   |
| `--oauth.provider.github.client-secret`        | the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client\_id.                                                                                                                                                                                                                                |
| `--oauth.provider.github.email-addresses`      | a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                                                                                                      |
| `--oauth.provider.github.email-domains`        | a list of email domains of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                                                                                                        |
| `--oauth.provider.github.organizations`        | a list of github org identifiers. users who are members of any of the listed organizations will be allowed access. identifiers should be the organization's 'slug'                                                                                                                                                                                                                                                |
| `--oauth.provider.github.scopes`               | a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client\_id and client\_secret to set scopes)                                                                                                                                                                       |
| `--oauth.provider.github.teams`                | a list of github teams identifiers. users will be allowed access to the endpoint if they are a member of any of these teams. identifiers should be in the 'slug' format qualified with the org name, e.g. org-name/team-name                                                                                                                                                                                      |
| `--oauth.provider.gitlab.client-id`            |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.gitlab.client-secret`        |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.gitlab.email-addresses`      |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.gitlab.email-domains`        |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.gitlab.scopes`               |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.google.client-id`            | the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client\_secret must be present as well.                                                                                   |
| `--oauth.provider.google.client-secret`        | the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client\_id.                                                                                                                                                                                                                                |
| `--oauth.provider.google.email-addresses`      | a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                                                                                                      |
| `--oauth.provider.google.email-domains`        | a list of email domains of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                                                                                                        |
| `--oauth.provider.google.scopes`               | a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client\_id and client\_secret to set scopes)                                                                                                                                                                       |
| `--oauth.provider.linkedin.client-id`          |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.linkedin.client-secret`      |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.linkedin.email-addresses`    |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.linkedin.email-domains`      |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.linkedin.scopes`             |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.microsoft.client-id`         | the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client\_secret must be present as well.                                                                                   |
| `--oauth.provider.microsoft.client-secret`     | the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client\_id.                                                                                                                                                                                                                                |
| `--oauth.provider.microsoft.email-addresses`   | a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                                                                                                      |
| `--oauth.provider.microsoft.email-domains`     | a list of email domains of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                                                                                                        |
| `--oauth.provider.microsoft.scopes`            | a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client\_id and client\_secret to set scopes)                                                                                                                                                                       |
| `--oauth.provider.twitch.client-id`            |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.twitch.client-secret`        |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.twitch.email-addresses`      |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.twitch.email-domains`        |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.twitch.scopes`               |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oidc.client-id`                             | The OIDC app's client ID and OIDC audience.                                                                                                                                                                                                                                                                                                                                                                       |
| `--oidc.client-secret`                         | The OIDC app's client secret.                                                                                                                                                                                                                                                                                                                                                                                     |
| `--oidc.cookie-prefix`                         | the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'                                                                                                                                                                                                                                                                                                  |
| `--oidc.enabled`                               | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--oidc.inactivity-timeout`                    | Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.                                                                                                                                                                                                                                             |
| `--oidc.issuer`                                | URL of the OIDC "OpenID provider". This is the base URL used for discovery.                                                                                                                                                                                                                                                                                                                                       |
| `--oidc.maximum-duration`                      | Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.                                                                                                                                                                                                                                                                         |
| `--oidc.options-passthrough`                   | Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.                                                                                                                                                                                                                                                                                                                     |
| `--oidc.scopes`                                | The set of scopes to request from the OIDC identity provider.                                                                                                                                                                                                                                                                                                                                                     |
| `--request-headers.add`                        | a map of header key to header value that will be injected into the HTTP Request before being sent to the upstream application server                                                                                                                                                                                                                                                                              |
| `--request-headers.enabled`                    | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--request-headers.remove`                     | a list of header names that will be removed from the HTTP Request before being sent to the upstream application server                                                                                                                                                                                                                                                                                            |
| `--response-headers.add`                       | a map of header key to header value that will be injected into the HTTP Response returned to the HTTP client                                                                                                                                                                                                                                                                                                      |
| `--response-headers.enabled`                   | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--response-headers.remove`                    | a list of header names that will be removed from the HTTP Response returned to the HTTP client                                                                                                                                                                                                                                                                                                                    |
| `--saml.allow-idp-initiated`                   | If true, the IdP may initiate a login directly (e.g. the user does not need to visit the endpoint first and then be redirected). The IdP should set the RelayState parameter to the target URL of the resource they want the user to be redirected to after the SAML login assertion has been processed.                                                                                                          |
| `--saml.authorized-groups`                     | If present, only users who are a member of one of the listed groups may access the target endpoint.                                                                                                                                                                                                                                                                                                               |
| `--saml.cookie-prefix`                         | the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'                                                                                                                                                                                                                                                                                                  |
| `--saml.enabled`                               | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--saml.force-authn`                           | If true, indicates that whenever we redirect a user to the IdP for authentication that the IdP must prompt the user for authentication credentials even if the user already has a valid session with the IdP.                                                                                                                                                                                                     |
| `--saml.idp-metadata`                          | The full XML IdP EntityDescriptor. Your IdP may provide this to you as a a file to download or as a URL.                                                                                                                                                                                                                                                                                                          |
| `--saml.idp-metadata-url`                      | The IdP's metadata URL which returns the XML IdP EntityDescriptor. The IdP's metadata URL specifies how to connect to the IdP as well as its public key which is then used to validate the signature on incoming SAML assertions to the ACS endpoint.                                                                                                                                                             |
| `--saml.inactivity-timeout`                    | Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.                                                                                                                                                                                                                                             |
| `--saml.maximum-duration`                      | Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.                                                                                                                                                                                                                                                                         |
| `--saml.nameid-format`                         | Defines the name identifier format the SP expects the IdP to use in its assertions to identify subjects. If unspecified, a default value of urn:oasis:names:tc:SAML:2.0:nameid-format:persistent will be used. A subset of the allowed values enumerated by the SAML specification are supported.                                                                                                                 |
| `--saml.options-passthrough`                   | Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.                                                                                                                                                                                                                                                                                                                     |
| `--traffic-policy.enabled`                     | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--traffic-policy.value`                       | the traffic policy that should be applied to the traffic on your endpoint.                                                                                                                                                                                                                                                                                                                                        |
| `--user-agent-filter.allow`                    |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--user-agent-filter.deny`                     |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--user-agent-filter.enabled`                  |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--webhook-verification.enabled`               | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--webhook-verification.provider`              | a string indicating which webhook provider will be sending webhooks to this endpoint. Value must be one of the supported providers defined at [https://ngrok.com/docs/cloud-edge/modules/webhook-verification](https://ngrok.com/docs/cloud-edge/modules/webhook-verification) ([https://ngrok.com/docs/cloud-edge/modules/webhook-verification](https://ngrok.com/docs/cloud-edge/modules/webhook-verification)) |
| `--webhook-verification.secret`                | a string secret used to validate requests from the given provider. All providers except AWS SNS require a secret                                                                                                                                                                                                                                                                                                  |
| `--websocket-tcp-converter.enabled`            | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--api-key`                                    | API key to use                                                                                                                                                                                                                                                                                                                                                                                                    |
| `--config`                                     | path to config files; they are merged if multiple                                                                                                                                                                                                                                                                                                                                                                 |
| `--log`                                        | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                                                                                                                                   |
| `--log-format`                                 | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                                                                                                                                       |
| `--log-level`                                  | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                                                                                                                           |

## ngrok api edges https-routes delete

Delete an HTTPS Edge Route by ID

### Usage

```sh theme={null}
ngrok api edges https-routes delete <edge-id> <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edges https-routes get

Get an HTTPS Edge Route by ID

### Usage

```sh theme={null}
ngrok api edges https-routes get <edge-id> <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edges https-routes update

Updates an HTTPS Edge Route by ID. If a module is not specified in the update, it will not be modified. However, each module configuration that is specified will completely replace the existing value. There is no way to delete an existing module via this API, instead use the delete module API.

### Usage

```sh theme={null}
ngrok api edges https-routes update <edge-id> <id> [flags]
```

### Flags

| Flag                                           | Description                                                                                                                                                                                                                                                                                                                                                                                                       |
| ---------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--backend.backend-id`                         | backend to be used to back this endpoint                                                                                                                                                                                                                                                                                                                                                                          |
| `--backend.enabled`                            | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--circuit-breaker.enabled`                    | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--circuit-breaker.error-threshold-percentage` | Error threshold percentage should be between 0 - 1.0, not 0-100.0                                                                                                                                                                                                                                                                                                                                                 |
| `--circuit-breaker.num-buckets`                | Integer number of buckets into which metrics are retained. Max 128.                                                                                                                                                                                                                                                                                                                                               |
| `--circuit-breaker.rolling-window`             | Integer number of seconds in the statistical rolling window that metrics are retained for.                                                                                                                                                                                                                                                                                                                        |
| `--circuit-breaker.tripped-duration`           | Integer number of seconds after which the circuit is tripped to wait before re-evaluating upstream health                                                                                                                                                                                                                                                                                                         |
| `--circuit-breaker.volume-threshold`           | Integer number of requests in a rolling window that will trip the circuit. Helpful if traffic volume is low.                                                                                                                                                                                                                                                                                                      |
| `--compression.enabled`                        | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--description`                                | human-readable description of what this edge will be used for; optional, max 255 bytes.                                                                                                                                                                                                                                                                                                                           |
| `--ip-restriction.enabled`                     | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--ip-restriction.ip-policy-ids`               | list of all IP policies that will be used to check if a source IP is allowed access to the endpoint                                                                                                                                                                                                                                                                                                               |
| `--match`                                      | Route selector: "/blog" or "example.com" or "example.com/blog"                                                                                                                                                                                                                                                                                                                                                    |
| `--match-type`                                 | Type of match to use for this route. Valid values are "exact\_path" and "path\_prefix".                                                                                                                                                                                                                                                                                                                           |
| `--metadata`                                   | arbitrary user-defined machine-readable data of this edge. Optional, max 4096 bytes.                                                                                                                                                                                                                                                                                                                              |
| `--oauth.auth-check-interval`                  | Integer number of seconds after which ngrok guarantees it will refresh user state from the identity provider and recheck whether the user is still authorized to access the endpoint. This is the preferred tunable to use to enforce a minimum amount of time after which a revoked user will no longer be able to access the resource.                                                                          |
| `--oauth.cookie-prefix`                        | the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'                                                                                                                                                                                                                                                                                                  |
| `--oauth.enabled`                              | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--oauth.inactivity-timeout`                   | Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.                                                                                                                                                                                                                                             |
| `--oauth.maximum-duration`                     | Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.                                                                                                                                                                                                                                                                         |
| `--oauth.options-passthrough`                  | Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.                                                                                                                                                                                                                                                                                                                     |
| `--oauth.provider.amazon.client-id`            |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.amazon.client-secret`        |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.amazon.email-addresses`      |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.amazon.email-domains`        |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.amazon.scopes`               |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.facebook.client-id`          | the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client\_secret must be present as well.                                                                                   |
| `--oauth.provider.facebook.client-secret`      | the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client\_id.                                                                                                                                                                                                                                |
| `--oauth.provider.facebook.email-addresses`    | a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                                                                                                      |
| `--oauth.provider.facebook.email-domains`      | a list of email domains of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                                                                                                        |
| `--oauth.provider.facebook.scopes`             | a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client\_id and client\_secret to set scopes)                                                                                                                                                                       |
| `--oauth.provider.github.client-id`            | the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client\_secret must be present as well.                                                                                   |
| `--oauth.provider.github.client-secret`        | the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client\_id.                                                                                                                                                                                                                                |
| `--oauth.provider.github.email-addresses`      | a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                                                                                                      |
| `--oauth.provider.github.email-domains`        | a list of email domains of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                                                                                                        |
| `--oauth.provider.github.organizations`        | a list of github org identifiers. users who are members of any of the listed organizations will be allowed access. identifiers should be the organization's 'slug'                                                                                                                                                                                                                                                |
| `--oauth.provider.github.scopes`               | a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client\_id and client\_secret to set scopes)                                                                                                                                                                       |
| `--oauth.provider.github.teams`                | a list of github teams identifiers. users will be allowed access to the endpoint if they are a member of any of these teams. identifiers should be in the 'slug' format qualified with the org name, e.g. org-name/team-name                                                                                                                                                                                      |
| `--oauth.provider.gitlab.client-id`            |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.gitlab.client-secret`        |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.gitlab.email-addresses`      |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.gitlab.email-domains`        |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.gitlab.scopes`               |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.google.client-id`            | the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client\_secret must be present as well.                                                                                   |
| `--oauth.provider.google.client-secret`        | the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client\_id.                                                                                                                                                                                                                                |
| `--oauth.provider.google.email-addresses`      | a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                                                                                                      |
| `--oauth.provider.google.email-domains`        | a list of email domains of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                                                                                                        |
| `--oauth.provider.google.scopes`               | a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client\_id and client\_secret to set scopes)                                                                                                                                                                       |
| `--oauth.provider.linkedin.client-id`          |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.linkedin.client-secret`      |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.linkedin.email-addresses`    |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.linkedin.email-domains`      |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.linkedin.scopes`             |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.microsoft.client-id`         | the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client\_secret must be present as well.                                                                                   |
| `--oauth.provider.microsoft.client-secret`     | the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client\_id.                                                                                                                                                                                                                                |
| `--oauth.provider.microsoft.email-addresses`   | a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                                                                                                      |
| `--oauth.provider.microsoft.email-domains`     | a list of email domains of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                                                                                                        |
| `--oauth.provider.microsoft.scopes`            | a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client\_id and client\_secret to set scopes)                                                                                                                                                                       |
| `--oauth.provider.twitch.client-id`            |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.twitch.client-secret`        |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.twitch.email-addresses`      |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.twitch.email-domains`        |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.twitch.scopes`               |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oidc.client-id`                             | The OIDC app's client ID and OIDC audience.                                                                                                                                                                                                                                                                                                                                                                       |
| `--oidc.client-secret`                         | The OIDC app's client secret.                                                                                                                                                                                                                                                                                                                                                                                     |
| `--oidc.cookie-prefix`                         | the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'                                                                                                                                                                                                                                                                                                  |
| `--oidc.enabled`                               | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--oidc.inactivity-timeout`                    | Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.                                                                                                                                                                                                                                             |
| `--oidc.issuer`                                | URL of the OIDC "OpenID provider". This is the base URL used for discovery.                                                                                                                                                                                                                                                                                                                                       |
| `--oidc.maximum-duration`                      | Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.                                                                                                                                                                                                                                                                         |
| `--oidc.options-passthrough`                   | Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.                                                                                                                                                                                                                                                                                                                     |
| `--oidc.scopes`                                | The set of scopes to request from the OIDC identity provider.                                                                                                                                                                                                                                                                                                                                                     |
| `--request-headers.add`                        | a map of header key to header value that will be injected into the HTTP Request before being sent to the upstream application server                                                                                                                                                                                                                                                                              |
| `--request-headers.enabled`                    | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--request-headers.remove`                     | a list of header names that will be removed from the HTTP Request before being sent to the upstream application server                                                                                                                                                                                                                                                                                            |
| `--response-headers.add`                       | a map of header key to header value that will be injected into the HTTP Response returned to the HTTP client                                                                                                                                                                                                                                                                                                      |
| `--response-headers.enabled`                   | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--response-headers.remove`                    | a list of header names that will be removed from the HTTP Response returned to the HTTP client                                                                                                                                                                                                                                                                                                                    |
| `--saml.allow-idp-initiated`                   | If true, the IdP may initiate a login directly (e.g. the user does not need to visit the endpoint first and then be redirected). The IdP should set the RelayState parameter to the target URL of the resource they want the user to be redirected to after the SAML login assertion has been processed.                                                                                                          |
| `--saml.authorized-groups`                     | If present, only users who are a member of one of the listed groups may access the target endpoint.                                                                                                                                                                                                                                                                                                               |
| `--saml.cookie-prefix`                         | the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'                                                                                                                                                                                                                                                                                                  |
| `--saml.enabled`                               | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--saml.force-authn`                           | If true, indicates that whenever we redirect a user to the IdP for authentication that the IdP must prompt the user for authentication credentials even if the user already has a valid session with the IdP.                                                                                                                                                                                                     |
| `--saml.idp-metadata`                          | The full XML IdP EntityDescriptor. Your IdP may provide this to you as a a file to download or as a URL.                                                                                                                                                                                                                                                                                                          |
| `--saml.idp-metadata-url`                      | The IdP's metadata URL which returns the XML IdP EntityDescriptor. The IdP's metadata URL specifies how to connect to the IdP as well as its public key which is then used to validate the signature on incoming SAML assertions to the ACS endpoint.                                                                                                                                                             |
| `--saml.inactivity-timeout`                    | Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.                                                                                                                                                                                                                                             |
| `--saml.maximum-duration`                      | Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.                                                                                                                                                                                                                                                                         |
| `--saml.nameid-format`                         | Defines the name identifier format the SP expects the IdP to use in its assertions to identify subjects. If unspecified, a default value of urn:oasis:names:tc:SAML:2.0:nameid-format:persistent will be used. A subset of the allowed values enumerated by the SAML specification are supported.                                                                                                                 |
| `--saml.options-passthrough`                   | Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.                                                                                                                                                                                                                                                                                                                     |
| `--traffic-policy.enabled`                     | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--traffic-policy.value`                       | the traffic policy that should be applied to the traffic on your endpoint.                                                                                                                                                                                                                                                                                                                                        |
| `--user-agent-filter.allow`                    |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--user-agent-filter.deny`                     |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--user-agent-filter.enabled`                  |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--webhook-verification.enabled`               | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--webhook-verification.provider`              | a string indicating which webhook provider will be sending webhooks to this endpoint. Value must be one of the supported providers defined at [https://ngrok.com/docs/cloud-edge/modules/webhook-verification](https://ngrok.com/docs/cloud-edge/modules/webhook-verification) ([https://ngrok.com/docs/cloud-edge/modules/webhook-verification](https://ngrok.com/docs/cloud-edge/modules/webhook-verification)) |
| `--webhook-verification.secret`                | a string secret used to validate requests from the given provider. All providers except AWS SNS require a secret                                                                                                                                                                                                                                                                                                  |
| `--websocket-tcp-converter.enabled`            | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--api-key`                                    | API key to use                                                                                                                                                                                                                                                                                                                                                                                                    |
| `--config`                                     | path to config files; they are merged if multiple                                                                                                                                                                                                                                                                                                                                                                 |
| `--log`                                        | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                                                                                                                                   |
| `--log-format`                                 | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                                                                                                                                       |
| `--log-level`                                  | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                                                                                                                           |

## ngrok api edges tcp

### SubCommands

| Command                               | Description                                     |
| ------------------------------------- | ----------------------------------------------- |
| [create](#ngrok-api-edges-tcp-create) | Create a TCP Edge                               |
| [delete](#ngrok-api-edges-tcp-delete) | Delete a TCP Edge by ID                         |
| [get](#ngrok-api-edges-tcp-get)       | Get a TCP Edge by ID                            |
| [list](#ngrok-api-edges-tcp-list)     | Returns a list of all TCP Edges on this account |
| [update](#ngrok-api-edges-tcp-update) | Updates a TCP Edge by ID                        |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edges tcp create

Create a TCP Edge

### Usage

```sh theme={null}
ngrok api edges tcp create [flags]
```

### Flags

| Flag                             | Description                                                                                         |
| -------------------------------- | --------------------------------------------------------------------------------------------------- |
| `--backend.backend-id`           | backend to be used to back this endpoint                                                            |
| `--backend.enabled`              | true if the module will be applied to traffic, false to disable. default true if unspecified        |
| `--description`                  | human-readable description of what this edge will be used for; optional, max 255 bytes.             |
| `--hostports`                    | hostports served by this edge                                                                       |
| `--ip-restriction.enabled`       | true if the module will be applied to traffic, false to disable. default true if unspecified        |
| `--ip-restriction.ip-policy-ids` | list of all IP policies that will be used to check if a source IP is allowed access to the endpoint |
| `--metadata`                     | arbitrary user-defined machine-readable data of this edge. Optional, max 4096 bytes.                |
| `--traffic-policy.enabled`       | true if the module will be applied to traffic, false to disable. default true if unspecified        |
| `--traffic-policy.value`         | the traffic policy that should be applied to the traffic on your endpoint.                          |
| `--api-key`                      | API key to use                                                                                      |
| `--config`                       | path to config files; they are merged if multiple                                                   |
| `--log`                          | path to log file, 'stdout', 'stderr' or 'false'                                                     |
| `--log-format`                   | log record format: 'term', 'logfmt', 'json'                                                         |
| `--log-level`                    | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                             |

## ngrok api edges tcp delete

Delete a TCP Edge by ID

### Usage

```sh theme={null}
ngrok api edges tcp delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edges tcp get

Get a TCP Edge by ID

### Usage

```sh theme={null}
ngrok api edges tcp get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edges tcp list

Returns a list of all TCP Edges on this account

### Usage

```sh theme={null}
ngrok api edges tcp list [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--before-id`  |                                                         |
| `--limit`      |                                                         |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edges tcp update

Updates a TCP Edge by ID. If a module is not specified in the update, it will not be modified. However, each module configuration that is specified will completely replace the existing value. There is no way to delete an existing module via this API, instead use the delete module API.

### Usage

```sh theme={null}
ngrok api edges tcp update <id> [flags]
```

### Flags

| Flag                             | Description                                                                                         |
| -------------------------------- | --------------------------------------------------------------------------------------------------- |
| `--backend.backend-id`           | backend to be used to back this endpoint                                                            |
| `--backend.enabled`              | true if the module will be applied to traffic, false to disable. default true if unspecified        |
| `--description`                  | human-readable description of what this edge will be used for; optional, max 255 bytes.             |
| `--hostports`                    | hostports served by this edge                                                                       |
| `--ip-restriction.enabled`       | true if the module will be applied to traffic, false to disable. default true if unspecified        |
| `--ip-restriction.ip-policy-ids` | list of all IP policies that will be used to check if a source IP is allowed access to the endpoint |
| `--metadata`                     | arbitrary user-defined machine-readable data of this edge. Optional, max 4096 bytes.                |
| `--traffic-policy.enabled`       | true if the module will be applied to traffic, false to disable. default true if unspecified        |
| `--traffic-policy.value`         | the traffic policy that should be applied to the traffic on your endpoint.                          |
| `--api-key`                      | API key to use                                                                                      |
| `--config`                       | path to config files; they are merged if multiple                                                   |
| `--log`                          | path to log file, 'stdout', 'stderr' or 'false'                                                     |
| `--log-format`                   | log record format: 'term', 'logfmt', 'json'                                                         |
| `--log-level`                    | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                             |

## ngrok api edges tls

### SubCommands

| Command                               | Description                                     |
| ------------------------------------- | ----------------------------------------------- |
| [create](#ngrok-api-edges-tls-create) | Create a TLS Edge                               |
| [delete](#ngrok-api-edges-tls-delete) | Delete a TLS Edge by ID                         |
| [get](#ngrok-api-edges-tls-get)       | Get a TLS Edge by ID                            |
| [list](#ngrok-api-edges-tls-list)     | Returns a list of all TLS Edges on this account |
| [update](#ngrok-api-edges-tls-update) | Updates a TLS Edge by ID                        |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edges tls create

Create a TLS Edge

### Usage

```sh theme={null}
ngrok api edges tls create [flags]
```

### Flags

| Flag                                     | Description                                                                                                                                                                                                                                                                                                           |
| ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--backend.backend-id`                   | backend to be used to back this endpoint                                                                                                                                                                                                                                                                              |
| `--backend.enabled`                      | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                          |
| `--description`                          | human-readable description of what this edge will be used for; optional, max 255 bytes.                                                                                                                                                                                                                               |
| `--hostports`                            | hostports served by this edge                                                                                                                                                                                                                                                                                         |
| `--ip-restriction.enabled`               | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                          |
| `--ip-restriction.ip-policy-ids`         | list of all IP policies that will be used to check if a source IP is allowed access to the endpoint                                                                                                                                                                                                                   |
| `--metadata`                             | arbitrary user-defined machine-readable data of this edge. Optional, max 4096 bytes.                                                                                                                                                                                                                                  |
| `--mutual-tls.certificate-authority-ids` | list of certificate authorities that will be used to validate the TLS client certificate presented by the initiator of the TLS connection                                                                                                                                                                             |
| `--mutual-tls.enabled`                   | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                          |
| `--tls-termination.enabled`              | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                          |
| `--tls-termination.min-version`          | The minimum TLS version used for termination and advertised to the client during the TLS handshake. if unspecified, ngrok will choose an industry-safe default. This value must be null if terminate\_at is set to upstream.                                                                                          |
| `--tls-termination.terminate-at`         | edge if the ngrok edge should terminate TLS traffic, upstream if TLS traffic should be passed through to the upstream ngrok agent / application server for termination. if upstream is chosen, most other modules will be disallowed because they rely on the ngrok edge being able to access the underlying traffic. |
| `--traffic-policy.enabled`               | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                          |
| `--traffic-policy.value`                 | the traffic policy that should be applied to the traffic on your endpoint.                                                                                                                                                                                                                                            |
| `--api-key`                              | API key to use                                                                                                                                                                                                                                                                                                        |
| `--config`                               | path to config files; they are merged if multiple                                                                                                                                                                                                                                                                     |
| `--log`                                  | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                                       |
| `--log-format`                           | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                                           |
| `--log-level`                            | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                               |

## ngrok api edges tls delete

Delete a TLS Edge by ID

### Usage

```sh theme={null}
ngrok api edges tls delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edges tls get

Get a TLS Edge by ID

### Usage

```sh theme={null}
ngrok api edges tls get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edges tls list

Returns a list of all TLS Edges on this account

### Usage

```sh theme={null}
ngrok api edges tls list [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--before-id`  |                                                         |
| `--limit`      |                                                         |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api edges tls update

Updates a TLS Edge by ID. If a module is not specified in the update, it will not be modified. However, each module configuration that is specified will completely replace the existing value. There is no way to delete an existing module via this API, instead use the delete module API.

### Usage

```sh theme={null}
ngrok api edges tls update <id> [flags]
```

### Flags

| Flag                                     | Description                                                                                                                                                                                                                                                                                                           |
| ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--backend.backend-id`                   | backend to be used to back this endpoint                                                                                                                                                                                                                                                                              |
| `--backend.enabled`                      | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                          |
| `--description`                          | human-readable description of what this edge will be used for; optional, max 255 bytes.                                                                                                                                                                                                                               |
| `--hostports`                            | hostports served by this edge                                                                                                                                                                                                                                                                                         |
| `--ip-restriction.enabled`               | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                          |
| `--ip-restriction.ip-policy-ids`         | list of all IP policies that will be used to check if a source IP is allowed access to the endpoint                                                                                                                                                                                                                   |
| `--metadata`                             | arbitrary user-defined machine-readable data of this edge. Optional, max 4096 bytes.                                                                                                                                                                                                                                  |
| `--mutual-tls.certificate-authority-ids` | list of certificate authorities that will be used to validate the TLS client certificate presented by the initiator of the TLS connection                                                                                                                                                                             |
| `--mutual-tls.enabled`                   | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                          |
| `--tls-termination.enabled`              | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                          |
| `--tls-termination.min-version`          | The minimum TLS version used for termination and advertised to the client during the TLS handshake. if unspecified, ngrok will choose an industry-safe default. This value must be null if terminate\_at is set to upstream.                                                                                          |
| `--tls-termination.terminate-at`         | edge if the ngrok edge should terminate TLS traffic, upstream if TLS traffic should be passed through to the upstream ngrok agent / application server for termination. if upstream is chosen, most other modules will be disallowed because they rely on the ngrok edge being able to access the underlying traffic. |
| `--traffic-policy.enabled`               | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                          |
| `--traffic-policy.value`                 | the traffic policy that should be applied to the traffic on your endpoint.                                                                                                                                                                                                                                            |
| `--api-key`                              | API key to use                                                                                                                                                                                                                                                                                                        |
| `--config`                               | path to config files; they are merged if multiple                                                                                                                                                                                                                                                                     |
| `--log`                                  | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                                       |
| `--log-format`                           | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                                           |
| `--log-level`                            | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                               |

## ngrok api endpoint-configurations

Endpoint Configurations are a reusable group of modules that encapsulate how
traffic to a domain or address is handled. Endpoint configurations are only
applied to Domains and TCP Addresses they have been attached to.

### SubCommands

| Command                                             | Description                                       |
| --------------------------------------------------- | ------------------------------------------------- |
| [create](#ngrok-api-endpoint-configurations-create) | Create a new endpoint configuration               |
| [delete](#ngrok-api-endpoint-configurations-delete) | Delete an endpoint configuration                  |
| [get](#ngrok-api-endpoint-configurations-get)       | Returns detailed information about an endpoint... |
| [list](#ngrok-api-endpoint-configurations-list)     | Returns a list of all endpoint configurations...  |
| [update](#ngrok-api-endpoint-configurations-update) | Updates an endpoint configuration                 |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api endpoint-configurations create

Create a new endpoint configuration

### Usage

```sh theme={null}
ngrok api endpoint-configurations create [flags]
```

### Flags

| Flag                                           | Description                                                                                                                                                                                                                                                                                                                                                                                                       |
| ---------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--backend.backend-id`                         | backend to be used to back this endpoint                                                                                                                                                                                                                                                                                                                                                                          |
| `--backend.enabled`                            | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--basic-auth.allow-options`                   | true or false indicating whether to allow OPTIONS requests through without authentication which is necessary for CORS. default is false                                                                                                                                                                                                                                                                           |
| `--basic-auth.auth-provider-id`                | determines how the basic auth credentials are validated. Currently only the value agent is supported which means that credentials will be validated against the username and password specified by the ngrok agent's --basic-auth flag, if any.                                                                                                                                                                   |
| `--basic-auth.enabled`                         | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--basic-auth.realm`                           | an arbitrary string to be specified in as the 'realm' value in the WWW-Authenticate header. default is ngrok                                                                                                                                                                                                                                                                                                      |
| `--circuit-breaker.enabled`                    | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--circuit-breaker.error-threshold-percentage` | Error threshold percentage should be between 0 - 1.0, not 0-100.0                                                                                                                                                                                                                                                                                                                                                 |
| `--circuit-breaker.num-buckets`                | Integer number of buckets into which metrics are retained. Max 128.                                                                                                                                                                                                                                                                                                                                               |
| `--circuit-breaker.rolling-window`             | Integer number of seconds in the statistical rolling window that metrics are retained for.                                                                                                                                                                                                                                                                                                                        |
| `--circuit-breaker.tripped-duration`           | Integer number of seconds after which the circuit is tripped to wait before re-evaluating upstream health                                                                                                                                                                                                                                                                                                         |
| `--circuit-breaker.volume-threshold`           | Integer number of requests in a rolling window that will trip the circuit. Helpful if traffic volume is low.                                                                                                                                                                                                                                                                                                      |
| `--compression.enabled`                        | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--description`                                | human-readable description of what this endpoint configuration will be do when applied or what traffic it will be applied to. Optional, max 255 bytes                                                                                                                                                                                                                                                             |
| `--ip-policy.enabled`                          | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--ip-policy.ip-policy-ids`                    | list of all IP policies that will be used to check if a source IP is allowed access to the endpoint                                                                                                                                                                                                                                                                                                               |
| `--metadata`                                   | arbitrary user-defined machine-readable data of this endpoint configuration. Optional, max 4096 bytes.                                                                                                                                                                                                                                                                                                            |
| `--mutual-tls.certificate-authority-ids`       | list of certificate authorities that will be used to validate the TLS client certificate presented by the initiator of the TLS connection                                                                                                                                                                                                                                                                         |
| `--mutual-tls.enabled`                         | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--oauth.auth-check-interval`                  | Integer number of seconds after which ngrok guarantees it will refresh user state from the identity provider and recheck whether the user is still authorized to access the endpoint. This is the preferred tunable to use to enforce a minimum amount of time after which a revoked user will no longer be able to access the resource.                                                                          |
| `--oauth.cookie-prefix`                        | the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'                                                                                                                                                                                                                                                                                                  |
| `--oauth.enabled`                              | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--oauth.inactivity-timeout`                   | Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.                                                                                                                                                                                                                                             |
| `--oauth.maximum-duration`                     | Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.                                                                                                                                                                                                                                                                         |
| `--oauth.options-passthrough`                  | Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.                                                                                                                                                                                                                                                                                                                     |
| `--oauth.provider.amazon.client-id`            |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.amazon.client-secret`        |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.amazon.email-addresses`      |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.amazon.email-domains`        |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.amazon.scopes`               |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.facebook.client-id`          | the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client\_secret must be present as well.                                                                                   |
| `--oauth.provider.facebook.client-secret`      | the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client\_id.                                                                                                                                                                                                                                |
| `--oauth.provider.facebook.email-addresses`    | a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                                                                                                      |
| `--oauth.provider.facebook.email-domains`      | a list of email domains of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                                                                                                        |
| `--oauth.provider.facebook.scopes`             | a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client\_id and client\_secret to set scopes)                                                                                                                                                                       |
| `--oauth.provider.github.client-id`            | the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client\_secret must be present as well.                                                                                   |
| `--oauth.provider.github.client-secret`        | the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client\_id.                                                                                                                                                                                                                                |
| `--oauth.provider.github.email-addresses`      | a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                                                                                                      |
| `--oauth.provider.github.email-domains`        | a list of email domains of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                                                                                                        |
| `--oauth.provider.github.organizations`        | a list of github org identifiers. users who are members of any of the listed organizations will be allowed access. identifiers should be the organization's 'slug'                                                                                                                                                                                                                                                |
| `--oauth.provider.github.scopes`               | a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client\_id and client\_secret to set scopes)                                                                                                                                                                       |
| `--oauth.provider.github.teams`                | a list of github teams identifiers. users will be allowed access to the endpoint if they are a member of any of these teams. identifiers should be in the 'slug' format qualified with the org name, e.g. org-name/team-name                                                                                                                                                                                      |
| `--oauth.provider.gitlab.client-id`            |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.gitlab.client-secret`        |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.gitlab.email-addresses`      |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.gitlab.email-domains`        |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.gitlab.scopes`               |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.google.client-id`            | the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client\_secret must be present as well.                                                                                   |
| `--oauth.provider.google.client-secret`        | the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client\_id.                                                                                                                                                                                                                                |
| `--oauth.provider.google.email-addresses`      | a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                                                                                                      |
| `--oauth.provider.google.email-domains`        | a list of email domains of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                                                                                                        |
| `--oauth.provider.google.scopes`               | a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client\_id and client\_secret to set scopes)                                                                                                                                                                       |
| `--oauth.provider.linkedin.client-id`          |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.linkedin.client-secret`      |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.linkedin.email-addresses`    |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.linkedin.email-domains`      |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.linkedin.scopes`             |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.microsoft.client-id`         | the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client\_secret must be present as well.                                                                                   |
| `--oauth.provider.microsoft.client-secret`     | the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client\_id.                                                                                                                                                                                                                                |
| `--oauth.provider.microsoft.email-addresses`   | a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                                                                                                      |
| `--oauth.provider.microsoft.email-domains`     | a list of email domains of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                                                                                                        |
| `--oauth.provider.microsoft.scopes`            | a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client\_id and client\_secret to set scopes)                                                                                                                                                                       |
| `--oauth.provider.twitch.client-id`            |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.twitch.client-secret`        |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.twitch.email-addresses`      |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.twitch.email-domains`        |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.twitch.scopes`               |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oidc.client-id`                             | The OIDC app's client ID and OIDC audience.                                                                                                                                                                                                                                                                                                                                                                       |
| `--oidc.client-secret`                         | The OIDC app's client secret.                                                                                                                                                                                                                                                                                                                                                                                     |
| `--oidc.cookie-prefix`                         | the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'                                                                                                                                                                                                                                                                                                  |
| `--oidc.enabled`                               | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--oidc.inactivity-timeout`                    | Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.                                                                                                                                                                                                                                             |
| `--oidc.issuer`                                | URL of the OIDC "OpenID provider". This is the base URL used for discovery.                                                                                                                                                                                                                                                                                                                                       |
| `--oidc.maximum-duration`                      | Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.                                                                                                                                                                                                                                                                         |
| `--oidc.options-passthrough`                   | Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.                                                                                                                                                                                                                                                                                                                     |
| `--oidc.scopes`                                | The set of scopes to request from the OIDC identity provider.                                                                                                                                                                                                                                                                                                                                                     |
| `--request-headers.add`                        | a map of header key to header value that will be injected into the HTTP Request before being sent to the upstream application server                                                                                                                                                                                                                                                                              |
| `--request-headers.enabled`                    | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--request-headers.remove`                     | a list of header names that will be removed from the HTTP Request before being sent to the upstream application server                                                                                                                                                                                                                                                                                            |
| `--response-headers.add`                       | a map of header key to header value that will be injected into the HTTP Response returned to the HTTP client                                                                                                                                                                                                                                                                                                      |
| `--response-headers.enabled`                   | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--response-headers.remove`                    | a list of header names that will be removed from the HTTP Response returned to the HTTP client                                                                                                                                                                                                                                                                                                                    |
| `--saml.allow-idp-initiated`                   | If true, the IdP may initiate a login directly (e.g. the user does not need to visit the endpoint first and then be redirected). The IdP should set the RelayState parameter to the target URL of the resource they want the user to be redirected to after the SAML login assertion has been processed.                                                                                                          |
| `--saml.authorized-groups`                     | If present, only users who are a member of one of the listed groups may access the target endpoint.                                                                                                                                                                                                                                                                                                               |
| `--saml.cookie-prefix`                         | the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'                                                                                                                                                                                                                                                                                                  |
| `--saml.enabled`                               | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--saml.force-authn`                           | If true, indicates that whenever we redirect a user to the IdP for authentication that the IdP must prompt the user for authentication credentials even if the user already has a valid session with the IdP.                                                                                                                                                                                                     |
| `--saml.idp-metadata`                          | The full XML IdP EntityDescriptor. Your IdP may provide this to you as a a file to download or as a URL.                                                                                                                                                                                                                                                                                                          |
| `--saml.idp-metadata-url`                      | The IdP's metadata URL which returns the XML IdP EntityDescriptor. The IdP's metadata URL specifies how to connect to the IdP as well as its public key which is then used to validate the signature on incoming SAML assertions to the ACS endpoint.                                                                                                                                                             |
| `--saml.inactivity-timeout`                    | Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.                                                                                                                                                                                                                                             |
| `--saml.maximum-duration`                      | Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.                                                                                                                                                                                                                                                                         |
| `--saml.nameid-format`                         | Defines the name identifier format the SP expects the IdP to use in its assertions to identify subjects. If unspecified, a default value of urn:oasis:names:tc:SAML:2.0:nameid-format:persistent will be used. A subset of the allowed values enumerated by the SAML specification are supported.                                                                                                                 |
| `--saml.options-passthrough`                   | Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.                                                                                                                                                                                                                                                                                                                     |
| `--tls-termination.enabled`                    | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--tls-termination.min-version`                | The minimum TLS version used for termination and advertised to the client during the TLS handshake. if unspecified, ngrok will choose an industry-safe default. This value must be null if terminate\_at is set to upstream.                                                                                                                                                                                      |
| `--tls-termination.terminate-at`               | edge if the ngrok edge should terminate TLS traffic, upstream if TLS traffic should be passed through to the upstream ngrok agent / application server for termination. if upstream is chosen, most other modules will be disallowed because they rely on the ngrok edge being able to access the underlying traffic.                                                                                             |
| `--type`                                       | they type of traffic this endpoint configuration can be applied to. one of: http, https, tcp                                                                                                                                                                                                                                                                                                                      |
| `--webhook-validation.enabled`                 | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--webhook-validation.provider`                | a string indicating which webhook provider will be sending webhooks to this endpoint. Value must be one of the supported providers defined at [https://ngrok.com/docs/cloud-edge/modules/webhook-verification](https://ngrok.com/docs/cloud-edge/modules/webhook-verification) ([https://ngrok.com/docs/cloud-edge/modules/webhook-verification](https://ngrok.com/docs/cloud-edge/modules/webhook-verification)) |
| `--webhook-validation.secret`                  | a string secret used to validate requests from the given provider. All providers except AWS SNS require a secret                                                                                                                                                                                                                                                                                                  |
| `--api-key`                                    | API key to use                                                                                                                                                                                                                                                                                                                                                                                                    |
| `--config`                                     | path to config files; they are merged if multiple                                                                                                                                                                                                                                                                                                                                                                 |
| `--log`                                        | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                                                                                                                                   |
| `--log-format`                                 | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                                                                                                                                       |
| `--log-level`                                  | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                                                                                                                           |

## ngrok api endpoint-configurations delete

Delete an endpoint configuration. This operation will fail if the endpoint configuration is still referenced by any reserved domain or reserved address.

### Usage

```sh theme={null}
ngrok api endpoint-configurations delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api endpoint-configurations get

Returns detailed information about an endpoint configuration

### Usage

```sh theme={null}
ngrok api endpoint-configurations get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api endpoint-configurations list

Returns a list of all endpoint configurations on this account

### Usage

```sh theme={null}
ngrok api endpoint-configurations list [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--before-id`  |                                                         |
| `--limit`      |                                                         |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api endpoint-configurations update

Updates an endpoint configuration. If a module is not specified in the update, it will not be modified. However, each module configuration that is specified will completely replace the existing value. There is no way to delete an existing module via this API, instead use the delete module API.

### Usage

```sh theme={null}
ngrok api endpoint-configurations update <id> [flags]
```

### Flags

| Flag                                           | Description                                                                                                                                                                                                                                                                                                                                                                                                       |
| ---------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--backend.backend-id`                         | backend to be used to back this endpoint                                                                                                                                                                                                                                                                                                                                                                          |
| `--backend.enabled`                            | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--basic-auth.allow-options`                   | true or false indicating whether to allow OPTIONS requests through without authentication which is necessary for CORS. default is false                                                                                                                                                                                                                                                                           |
| `--basic-auth.auth-provider-id`                | determines how the basic auth credentials are validated. Currently only the value agent is supported which means that credentials will be validated against the username and password specified by the ngrok agent's --basic-auth flag, if any.                                                                                                                                                                   |
| `--basic-auth.enabled`                         | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--basic-auth.realm`                           | an arbitrary string to be specified in as the 'realm' value in the WWW-Authenticate header. default is ngrok                                                                                                                                                                                                                                                                                                      |
| `--circuit-breaker.enabled`                    | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--circuit-breaker.error-threshold-percentage` | Error threshold percentage should be between 0 - 1.0, not 0-100.0                                                                                                                                                                                                                                                                                                                                                 |
| `--circuit-breaker.num-buckets`                | Integer number of buckets into which metrics are retained. Max 128.                                                                                                                                                                                                                                                                                                                                               |
| `--circuit-breaker.rolling-window`             | Integer number of seconds in the statistical rolling window that metrics are retained for.                                                                                                                                                                                                                                                                                                                        |
| `--circuit-breaker.tripped-duration`           | Integer number of seconds after which the circuit is tripped to wait before re-evaluating upstream health                                                                                                                                                                                                                                                                                                         |
| `--circuit-breaker.volume-threshold`           | Integer number of requests in a rolling window that will trip the circuit. Helpful if traffic volume is low.                                                                                                                                                                                                                                                                                                      |
| `--compression.enabled`                        | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--description`                                | human-readable description of what this endpoint configuration will be do when applied or what traffic it will be applied to. Optional, max 255 bytes                                                                                                                                                                                                                                                             |
| `--ip-policy.enabled`                          | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--ip-policy.ip-policy-ids`                    | list of all IP policies that will be used to check if a source IP is allowed access to the endpoint                                                                                                                                                                                                                                                                                                               |
| `--metadata`                                   | arbitrary user-defined machine-readable data of this endpoint configuration. Optional, max 4096 bytes.                                                                                                                                                                                                                                                                                                            |
| `--mutual-tls.certificate-authority-ids`       | list of certificate authorities that will be used to validate the TLS client certificate presented by the initiator of the TLS connection                                                                                                                                                                                                                                                                         |
| `--mutual-tls.enabled`                         | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--oauth.auth-check-interval`                  | Integer number of seconds after which ngrok guarantees it will refresh user state from the identity provider and recheck whether the user is still authorized to access the endpoint. This is the preferred tunable to use to enforce a minimum amount of time after which a revoked user will no longer be able to access the resource.                                                                          |
| `--oauth.cookie-prefix`                        | the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'                                                                                                                                                                                                                                                                                                  |
| `--oauth.enabled`                              | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--oauth.inactivity-timeout`                   | Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.                                                                                                                                                                                                                                             |
| `--oauth.maximum-duration`                     | Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.                                                                                                                                                                                                                                                                         |
| `--oauth.options-passthrough`                  | Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.                                                                                                                                                                                                                                                                                                                     |
| `--oauth.provider.amazon.client-id`            |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.amazon.client-secret`        |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.amazon.email-addresses`      |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.amazon.email-domains`        |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.amazon.scopes`               |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.facebook.client-id`          | the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client\_secret must be present as well.                                                                                   |
| `--oauth.provider.facebook.client-secret`      | the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client\_id.                                                                                                                                                                                                                                |
| `--oauth.provider.facebook.email-addresses`    | a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                                                                                                      |
| `--oauth.provider.facebook.email-domains`      | a list of email domains of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                                                                                                        |
| `--oauth.provider.facebook.scopes`             | a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client\_id and client\_secret to set scopes)                                                                                                                                                                       |
| `--oauth.provider.github.client-id`            | the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client\_secret must be present as well.                                                                                   |
| `--oauth.provider.github.client-secret`        | the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client\_id.                                                                                                                                                                                                                                |
| `--oauth.provider.github.email-addresses`      | a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                                                                                                      |
| `--oauth.provider.github.email-domains`        | a list of email domains of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                                                                                                        |
| `--oauth.provider.github.organizations`        | a list of github org identifiers. users who are members of any of the listed organizations will be allowed access. identifiers should be the organization's 'slug'                                                                                                                                                                                                                                                |
| `--oauth.provider.github.scopes`               | a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client\_id and client\_secret to set scopes)                                                                                                                                                                       |
| `--oauth.provider.github.teams`                | a list of github teams identifiers. users will be allowed access to the endpoint if they are a member of any of these teams. identifiers should be in the 'slug' format qualified with the org name, e.g. org-name/team-name                                                                                                                                                                                      |
| `--oauth.provider.gitlab.client-id`            |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.gitlab.client-secret`        |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.gitlab.email-addresses`      |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.gitlab.email-domains`        |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.gitlab.scopes`               |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.google.client-id`            | the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client\_secret must be present as well.                                                                                   |
| `--oauth.provider.google.client-secret`        | the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client\_id.                                                                                                                                                                                                                                |
| `--oauth.provider.google.email-addresses`      | a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                                                                                                      |
| `--oauth.provider.google.email-domains`        | a list of email domains of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                                                                                                        |
| `--oauth.provider.google.scopes`               | a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client\_id and client\_secret to set scopes)                                                                                                                                                                       |
| `--oauth.provider.linkedin.client-id`          |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.linkedin.client-secret`      |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.linkedin.email-addresses`    |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.linkedin.email-domains`      |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.linkedin.scopes`             |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.microsoft.client-id`         | the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client\_secret must be present as well.                                                                                   |
| `--oauth.provider.microsoft.client-secret`     | the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client\_id.                                                                                                                                                                                                                                |
| `--oauth.provider.microsoft.email-addresses`   | a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                                                                                                      |
| `--oauth.provider.microsoft.email-domains`     | a list of email domains of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                                                                                                        |
| `--oauth.provider.microsoft.scopes`            | a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client\_id and client\_secret to set scopes)                                                                                                                                                                       |
| `--oauth.provider.twitch.client-id`            |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.twitch.client-secret`        |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.twitch.email-addresses`      |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.twitch.email-domains`        |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oauth.provider.twitch.scopes`               |                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `--oidc.client-id`                             | The OIDC app's client ID and OIDC audience.                                                                                                                                                                                                                                                                                                                                                                       |
| `--oidc.client-secret`                         | The OIDC app's client secret.                                                                                                                                                                                                                                                                                                                                                                                     |
| `--oidc.cookie-prefix`                         | the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'                                                                                                                                                                                                                                                                                                  |
| `--oidc.enabled`                               | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--oidc.inactivity-timeout`                    | Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.                                                                                                                                                                                                                                             |
| `--oidc.issuer`                                | URL of the OIDC "OpenID provider". This is the base URL used for discovery.                                                                                                                                                                                                                                                                                                                                       |
| `--oidc.maximum-duration`                      | Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.                                                                                                                                                                                                                                                                         |
| `--oidc.options-passthrough`                   | Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.                                                                                                                                                                                                                                                                                                                     |
| `--oidc.scopes`                                | The set of scopes to request from the OIDC identity provider.                                                                                                                                                                                                                                                                                                                                                     |
| `--request-headers.add`                        | a map of header key to header value that will be injected into the HTTP Request before being sent to the upstream application server                                                                                                                                                                                                                                                                              |
| `--request-headers.enabled`                    | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--request-headers.remove`                     | a list of header names that will be removed from the HTTP Request before being sent to the upstream application server                                                                                                                                                                                                                                                                                            |
| `--response-headers.add`                       | a map of header key to header value that will be injected into the HTTP Response returned to the HTTP client                                                                                                                                                                                                                                                                                                      |
| `--response-headers.enabled`                   | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--response-headers.remove`                    | a list of header names that will be removed from the HTTP Response returned to the HTTP client                                                                                                                                                                                                                                                                                                                    |
| `--saml.allow-idp-initiated`                   | If true, the IdP may initiate a login directly (e.g. the user does not need to visit the endpoint first and then be redirected). The IdP should set the RelayState parameter to the target URL of the resource they want the user to be redirected to after the SAML login assertion has been processed.                                                                                                          |
| `--saml.authorized-groups`                     | If present, only users who are a member of one of the listed groups may access the target endpoint.                                                                                                                                                                                                                                                                                                               |
| `--saml.cookie-prefix`                         | the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'                                                                                                                                                                                                                                                                                                  |
| `--saml.enabled`                               | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--saml.force-authn`                           | If true, indicates that whenever we redirect a user to the IdP for authentication that the IdP must prompt the user for authentication credentials even if the user already has a valid session with the IdP.                                                                                                                                                                                                     |
| `--saml.idp-metadata`                          | The full XML IdP EntityDescriptor. Your IdP may provide this to you as a a file to download or as a URL.                                                                                                                                                                                                                                                                                                          |
| `--saml.idp-metadata-url`                      | The IdP's metadata URL which returns the XML IdP EntityDescriptor. The IdP's metadata URL specifies how to connect to the IdP as well as its public key which is then used to validate the signature on incoming SAML assertions to the ACS endpoint.                                                                                                                                                             |
| `--saml.inactivity-timeout`                    | Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.                                                                                                                                                                                                                                             |
| `--saml.maximum-duration`                      | Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.                                                                                                                                                                                                                                                                         |
| `--saml.nameid-format`                         | Defines the name identifier format the SP expects the IdP to use in its assertions to identify subjects. If unspecified, a default value of urn:oasis:names:tc:SAML:2.0:nameid-format:persistent will be used. A subset of the allowed values enumerated by the SAML specification are supported.                                                                                                                 |
| `--saml.options-passthrough`                   | Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.                                                                                                                                                                                                                                                                                                                     |
| `--tls-termination.enabled`                    | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--tls-termination.min-version`                | The minimum TLS version used for termination and advertised to the client during the TLS handshake. if unspecified, ngrok will choose an industry-safe default. This value must be null if terminate\_at is set to upstream.                                                                                                                                                                                      |
| `--tls-termination.terminate-at`               | edge if the ngrok edge should terminate TLS traffic, upstream if TLS traffic should be passed through to the upstream ngrok agent / application server for termination. if upstream is chosen, most other modules will be disallowed because they rely on the ngrok edge being able to access the underlying traffic.                                                                                             |
| `--webhook-validation.enabled`                 | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--webhook-validation.provider`                | a string indicating which webhook provider will be sending webhooks to this endpoint. Value must be one of the supported providers defined at [https://ngrok.com/docs/cloud-edge/modules/webhook-verification](https://ngrok.com/docs/cloud-edge/modules/webhook-verification) ([https://ngrok.com/docs/cloud-edge/modules/webhook-verification](https://ngrok.com/docs/cloud-edge/modules/webhook-verification)) |
| `--webhook-validation.secret`                  | a string secret used to validate requests from the given provider. All providers except AWS SNS require a secret                                                                                                                                                                                                                                                                                                  |
| `--api-key`                                    | API key to use                                                                                                                                                                                                                                                                                                                                                                                                    |
| `--config`                                     | path to config files; they are merged if multiple                                                                                                                                                                                                                                                                                                                                                                 |
| `--log`                                        | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                                                                                                                                   |
| `--log-format`                                 | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                                                                                                                                       |
| `--log-level`                                  | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                                                                                                                           |

## ngrok api endpoints

Endpoints provides an API for querying the endpoint objects
which define what tunnel or edge is used to serve a hostport.
Only active endpoints associated with a tunnel or backend are returned.

### SubCommands

| Command                               | Description                              |
| ------------------------------------- | ---------------------------------------- |
| [create](#ngrok-api-endpoints-create) | Create an endpoint, ...                  |
| [delete](#ngrok-api-endpoints-delete) | Delete an Endpoint by ID, ...            |
| [get](#ngrok-api-endpoints-get)       | Get the status of an endpoint by ID      |
| [list](#ngrok-api-endpoints-list)     | List all active endpoints on the account |
| [update](#ngrok-api-endpoints-update) | Update an Endpoint by ID, ...            |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api endpoints create

Create an endpoint, currently available only for cloud endpoints

### Usage

```sh theme={null}
ngrok api endpoints create [flags]
```

### Flags

| Flag                    | Description                                                                                                                |
| ----------------------- | -------------------------------------------------------------------------------------------------------------------------- |
| `--bindings`            | the bindings associated with this endpoint                                                                                 |
| `--description`         | user-supplied description of the associated tunnel                                                                         |
| `--metadata`            | user-supplied metadata of the associated tunnel or edge object                                                             |
| `--pooling-enabled`     |                                                                                                                            |
| `--traffic-policy`      | The traffic policy attached to this endpoint                                                                               |
| `--traffic-policy-file` | The traffic policy attached to this endpoint (path to a file)                                                              |
| `--traffic-policy-url`  | The traffic policy attached to this endpoint (URL to fetch from)                                                           |
| `--type`                | Type of endpoint. Only 'cloud' is currently supported (represents a cloud endpoint). Defaults to 'cloud' if not specified. |
| `--url`                 | the url of the endpoint                                                                                                    |
| `--api-key`             | API key to use                                                                                                             |
| `--config`              | path to config files; they are merged if multiple                                                                          |
| `--log`                 | path to log file, 'stdout', 'stderr' or 'false'                                                                            |
| `--log-format`          | log record format: 'term', 'logfmt', 'json'                                                                                |
| `--log-level`           | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                    |

## ngrok api endpoints delete

Delete an Endpoint by ID, currently available only for cloud endpoints

### Usage

```sh theme={null}
ngrok api endpoints delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api endpoints get

Get the status of an endpoint by ID

### Usage

```sh theme={null}
ngrok api endpoints get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api endpoints list

List all active endpoints on the account

### Usage

```sh theme={null}
ngrok api endpoints list [flags]
```

### Flags

| Flag           | Description                                                                                                                                                                                                                                                                                                                                                                               |
| -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--before-id`  | Expects a resource ID as its input. Returns earlier entries in the result set, sorted by ID.                                                                                                                                                                                                                                                                                              |
| `--filter`     | A CEL expression to filter the list results. Supports logical and comparison operators to match on fields such as id, metadata, created\_at, and more. See ngrok API Filtering for syntax and field details: [https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering) ([https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering)). |
| `--limit`      | Constrains the number of results in the dataset. See the API Overview ([https://ngrok.com/docs/api/index#pagination](https://ngrok.com/docs/api/index#pagination)) for details.                                                                                                                                                                                                           |
| `--api-key`    | API key to use                                                                                                                                                                                                                                                                                                                                                                            |
| `--config`     | path to config files; they are merged if multiple                                                                                                                                                                                                                                                                                                                                         |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                                                                                                           |
| `--log-format` | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                                                                                                               |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                                                                                                   |

## ngrok api endpoints update

Update an Endpoint by ID, currently available only for cloud endpoints

### Usage

```sh theme={null}
ngrok api endpoints update <id> [flags]
```

### Flags

| Flag                    | Description                                                      |
| ----------------------- | ---------------------------------------------------------------- |
| `--bindings`            | the bindings associated with this endpoint                       |
| `--description`         | user-supplied description of the associated tunnel               |
| `--metadata`            | user-supplied metadata of the associated tunnel or edge object   |
| `--pooling-enabled`     |                                                                  |
| `--traffic-policy`      | The traffic policy attached to this endpoint                     |
| `--traffic-policy-file` | The traffic policy attached to this endpoint (path to a file)    |
| `--traffic-policy-url`  | The traffic policy attached to this endpoint (URL to fetch from) |
| `--url`                 | the url of the endpoint                                          |
| `--api-key`             | API key to use                                                   |
| `--config`              | path to config files; they are merged if multiple                |
| `--log`                 | path to log file, 'stdout', 'stderr' or 'false'                  |
| `--log-format`          | log record format: 'term', 'logfmt', 'json'                      |
| `--log-level`           | logging level: 'debug', 'info', 'warn', 'error', 'crit'          |

## ngrok api event-destinations

### SubCommands

| Command                                                          | Description                                  |
| ---------------------------------------------------------------- | -------------------------------------------- |
| [create](#ngrok-api-event-destinations-create)                   | Create a new Event Destination               |
| [delete](#ngrok-api-event-destinations-delete)                   | Delete an Event Destination                  |
| [get](#ngrok-api-event-destinations-get)                         | Get detailed information about an Event...   |
| [list](#ngrok-api-event-destinations-list)                       | List all Event Destinations on this account. |
| [send-test-event](#ngrok-api-event-destinations-send-test-event) | Send a test event to an Event Destination    |
| [update](#ngrok-api-event-destinations-update)                   | Update attributes of an Event Destination.   |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api event-destinations create

Create a new Event Destination. It will not apply to anything until it is associated with an Event Subscription.

### Usage

```sh theme={null}
ngrok api event-destinations create [flags]
```

### Flags

| Flag                                                        | Description                                                                                                                        |
| ----------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- |
| `--description`                                             | Human-readable description of the Event Destination. Optional, max 255 bytes.                                                      |
| `--format`                                                  | The output format you would like to serialize events into when sending to their target. Currently the only accepted value is JSON. |
| `--metadata`                                                | Arbitrary user-defined machine-readable data of this Event Destination. Optional, max 4096 bytes.                                  |
| `--target.azure-logs-ingestion.client-id`                   | Client ID for the application client                                                                                               |
| `--target.azure-logs-ingestion.client-secret`               | Client Secret for the application client                                                                                           |
| `--target.azure-logs-ingestion.data-collection-rule-id`     | Data collection rule immutable ID                                                                                                  |
| `--target.azure-logs-ingestion.data-collection-stream-name` | Data collection stream name to use as destination, located inside the DCR                                                          |
| `--target.azure-logs-ingestion.logs-ingestion-uri`          | Data collection endpoint logs ingestion URI                                                                                        |
| `--target.azure-logs-ingestion.tenant-id`                   | Tenant ID for the Azure account                                                                                                    |
| `--target.cloudwatch-logs.auth.creds.aws-access-key-id`     | The ID portion of an AWS access key.                                                                                               |
| `--target.cloudwatch-logs.auth.creds.aws-secret-access-key` | The secret portion of an AWS access key.                                                                                           |
| `--target.cloudwatch-logs.auth.role.role-arn`               | An ARN that specifies the role that ngrok should use to deliver to the configured target.                                          |
| `--target.cloudwatch-logs.log-group-arn`                    | An Amazon Resource Name specifying the CloudWatch Logs group to deposit events into.                                               |
| `--target.datadog.api-key`                                  | Datadog API key to use.                                                                                                            |
| `--target.datadog.ddsite`                                   | Datadog site to send event to.                                                                                                     |
| `--target.datadog.ddtags`                                   | Tags to send with the event.                                                                                                       |
| `--target.datadog.service`                                  | Service name to send with the event.                                                                                               |
| `--target.debug.callback-url`                               | URL to send events to.                                                                                                             |
| `--target.debug.log`                                        | Whether or not to output to publisher service logs.                                                                                |
| `--target.firehose.auth.creds.aws-access-key-id`            | The ID portion of an AWS access key.                                                                                               |
| `--target.firehose.auth.creds.aws-secret-access-key`        | The secret portion of an AWS access key.                                                                                           |
| `--target.firehose.auth.role.role-arn`                      | An ARN that specifies the role that ngrok should use to deliver to the configured target.                                          |
| `--target.firehose.delivery-stream-arn`                     | An Amazon Resource Name specifying the Firehose delivery stream to deposit events into.                                            |
| `--target.kinesis.auth.creds.aws-access-key-id`             | The ID portion of an AWS access key.                                                                                               |
| `--target.kinesis.auth.creds.aws-secret-access-key`         | The secret portion of an AWS access key.                                                                                           |
| `--target.kinesis.auth.role.role-arn`                       | An ARN that specifies the role that ngrok should use to deliver to the configured target.                                          |
| `--target.kinesis.stream-arn`                               | An Amazon Resource Name specifying the Kinesis stream to deposit events into.                                                      |
| `--verify-with-test-event`                                  |                                                                                                                                    |
| `--api-key`                                                 | API key to use                                                                                                                     |
| `--config`                                                  | path to config files; they are merged if multiple                                                                                  |
| `--log`                                                     | path to log file, 'stdout', 'stderr' or 'false'                                                                                    |
| `--log-format`                                              | log record format: 'term', 'logfmt', 'json'                                                                                        |
| `--log-level`                                               | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                            |

## ngrok api event-destinations delete

Delete an Event Destination. If the Event Destination is still referenced by an Event Subscription.

### Usage

```sh theme={null}
ngrok api event-destinations delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api event-destinations get

Get detailed information about an Event Destination by ID.

### Usage

```sh theme={null}
ngrok api event-destinations get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api event-destinations list

List all Event Destinations on this account.

### Usage

```sh theme={null}
ngrok api event-destinations list [flags]
```

### Flags

| Flag           | Description                                                                                                                                                                                                                                                                                                                                                                               |
| -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--before-id`  | Expects a resource ID as its input. Returns earlier entries in the result set, sorted by ID.                                                                                                                                                                                                                                                                                              |
| `--filter`     | A CEL expression to filter the list results. Supports logical and comparison operators to match on fields such as id, metadata, created\_at, and more. See ngrok API Filtering for syntax and field details: [https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering) ([https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering)). |
| `--limit`      | Constrains the number of results in the dataset. See the API Overview ([https://ngrok.com/docs/api/index#pagination](https://ngrok.com/docs/api/index#pagination)) for details.                                                                                                                                                                                                           |
| `--api-key`    | API key to use                                                                                                                                                                                                                                                                                                                                                                            |
| `--config`     | path to config files; they are merged if multiple                                                                                                                                                                                                                                                                                                                                         |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                                                                                                           |
| `--log-format` | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                                                                                                               |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                                                                                                   |

## ngrok api event-destinations send-test-event

Send a test event to an Event Destination

### Usage

```sh theme={null}
ngrok api event-destinations send-test-event <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api event-destinations update

Update attributes of an Event Destination.

### Usage

```sh theme={null}
ngrok api event-destinations update <id> [flags]
```

### Flags

| Flag                                                        | Description                                                                                                                        |
| ----------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- |
| `--description`                                             | Human-readable description of the Event Destination. Optional, max 255 bytes.                                                      |
| `--format`                                                  | The output format you would like to serialize events into when sending to their target. Currently the only accepted value is JSON. |
| `--metadata`                                                | Arbitrary user-defined machine-readable data of this Event Destination. Optional, max 4096 bytes.                                  |
| `--target.azure-logs-ingestion.client-id`                   | Client ID for the application client                                                                                               |
| `--target.azure-logs-ingestion.client-secret`               | Client Secret for the application client                                                                                           |
| `--target.azure-logs-ingestion.data-collection-rule-id`     | Data collection rule immutable ID                                                                                                  |
| `--target.azure-logs-ingestion.data-collection-stream-name` | Data collection stream name to use as destination, located inside the DCR                                                          |
| `--target.azure-logs-ingestion.logs-ingestion-uri`          | Data collection endpoint logs ingestion URI                                                                                        |
| `--target.azure-logs-ingestion.tenant-id`                   | Tenant ID for the Azure account                                                                                                    |
| `--target.cloudwatch-logs.auth.creds.aws-access-key-id`     | The ID portion of an AWS access key.                                                                                               |
| `--target.cloudwatch-logs.auth.creds.aws-secret-access-key` | The secret portion of an AWS access key.                                                                                           |
| `--target.cloudwatch-logs.auth.role.role-arn`               | An ARN that specifies the role that ngrok should use to deliver to the configured target.                                          |
| `--target.cloudwatch-logs.log-group-arn`                    | An Amazon Resource Name specifying the CloudWatch Logs group to deposit events into.                                               |
| `--target.datadog.api-key`                                  | Datadog API key to use.                                                                                                            |
| `--target.datadog.ddsite`                                   | Datadog site to send event to.                                                                                                     |
| `--target.datadog.ddtags`                                   | Tags to send with the event.                                                                                                       |
| `--target.datadog.service`                                  | Service name to send with the event.                                                                                               |
| `--target.debug.callback-url`                               | URL to send events to.                                                                                                             |
| `--target.debug.log`                                        | Whether or not to output to publisher service logs.                                                                                |
| `--target.firehose.auth.creds.aws-access-key-id`            | The ID portion of an AWS access key.                                                                                               |
| `--target.firehose.auth.creds.aws-secret-access-key`        | The secret portion of an AWS access key.                                                                                           |
| `--target.firehose.auth.role.role-arn`                      | An ARN that specifies the role that ngrok should use to deliver to the configured target.                                          |
| `--target.firehose.delivery-stream-arn`                     | An Amazon Resource Name specifying the Firehose delivery stream to deposit events into.                                            |
| `--target.kinesis.auth.creds.aws-access-key-id`             | The ID portion of an AWS access key.                                                                                               |
| `--target.kinesis.auth.creds.aws-secret-access-key`         | The secret portion of an AWS access key.                                                                                           |
| `--target.kinesis.auth.role.role-arn`                       | An ARN that specifies the role that ngrok should use to deliver to the configured target.                                          |
| `--target.kinesis.stream-arn`                               | An Amazon Resource Name specifying the Kinesis stream to deposit events into.                                                      |
| `--verify-with-test-event`                                  |                                                                                                                                    |
| `--api-key`                                                 | API key to use                                                                                                                     |
| `--config`                                                  | path to config files; they are merged if multiple                                                                                  |
| `--log`                                                     | path to log file, 'stdout', 'stderr' or 'false'                                                                                    |
| `--log-format`                                              | log record format: 'term', 'logfmt', 'json'                                                                                        |
| `--log-level`                                               | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                            |

## ngrok api event-sources

### SubCommands

| Command                                   | Description                                       |
| ----------------------------------------- | ------------------------------------------------- |
| [create](#ngrok-api-event-sources-create) | Add an additional type for which this event...    |
| [delete](#ngrok-api-event-sources-delete) | Remove a type for which this event...             |
| [get](#ngrok-api-event-sources-get)       | Get the details for a given type that triggers... |
| [list](#ngrok-api-event-sources-list)     | List the types for which this event...            |
| [update](#ngrok-api-event-sources-update) | Update the type for which this event...           |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api event-sources create

Add an additional type for which this event subscription will trigger

### Usage

```sh theme={null}
ngrok api event-sources create [flags]
```

### Flags

| Flag                | Description                                                                             |
| ------------------- | --------------------------------------------------------------------------------------- |
| `--fields`          |                                                                                         |
| `--filter`          |                                                                                         |
| `--subscription-id` | The unique identifier for the Event Subscription that this Event Source is attached to. |
| `--type`            | Type of event for which an event subscription will trigger                              |
| `--api-key`         | API key to use                                                                          |
| `--config`          | path to config files; they are merged if multiple                                       |
| `--log`             | path to log file, 'stdout', 'stderr' or 'false'                                         |
| `--log-format`      | log record format: 'term', 'logfmt', 'json'                                             |
| `--log-level`       | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                 |

## ngrok api event-sources delete

Remove a type for which this event subscription will trigger

### Usage

```sh theme={null}
ngrok api event-sources delete [flags]
```

### Flags

| Flag                | Description                                                                             |
| ------------------- | --------------------------------------------------------------------------------------- |
| `--subscription-id` | The unique identifier for the Event Subscription that this Event Source is attached to. |
| `--type`            | Type of event for which an event subscription will trigger                              |
| `--api-key`         | API key to use                                                                          |
| `--config`          | path to config files; they are merged if multiple                                       |
| `--log`             | path to log file, 'stdout', 'stderr' or 'false'                                         |
| `--log-format`      | log record format: 'term', 'logfmt', 'json'                                             |
| `--log-level`       | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                 |

## ngrok api event-sources get

Get the details for a given type that triggers for the given event subscription

### Usage

```sh theme={null}
ngrok api event-sources get [flags]
```

### Flags

| Flag                | Description                                                                             |
| ------------------- | --------------------------------------------------------------------------------------- |
| `--subscription-id` | The unique identifier for the Event Subscription that this Event Source is attached to. |
| `--type`            | Type of event for which an event subscription will trigger                              |
| `--api-key`         | API key to use                                                                          |
| `--config`          | path to config files; they are merged if multiple                                       |
| `--log`             | path to log file, 'stdout', 'stderr' or 'false'                                         |
| `--log-format`      | log record format: 'term', 'logfmt', 'json'                                             |
| `--log-level`       | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                 |

## ngrok api event-sources list

List the types for which this event subscription will trigger

### Usage

```sh theme={null}
ngrok api event-sources list <subscription-id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api event-sources update

Update the type for which this event subscription will trigger

### Usage

```sh theme={null}
ngrok api event-sources update [flags]
```

### Flags

| Flag                | Description                                                                             |
| ------------------- | --------------------------------------------------------------------------------------- |
| `--fields`          |                                                                                         |
| `--filter`          |                                                                                         |
| `--subscription-id` | The unique identifier for the Event Subscription that this Event Source is attached to. |
| `--type`            | Type of event for which an event subscription will trigger                              |
| `--api-key`         | API key to use                                                                          |
| `--config`          | path to config files; they are merged if multiple                                       |
| `--log`             | path to log file, 'stdout', 'stderr' or 'false'                                         |
| `--log-format`      | log record format: 'term', 'logfmt', 'json'                                             |
| `--log-level`       | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                 |

## ngrok api event-subscriptions

### SubCommands

| Command                                         | Description                              |
| ----------------------------------------------- | ---------------------------------------- |
| [create](#ngrok-api-event-subscriptions-create) | Create an Event Subscription.            |
| [delete](#ngrok-api-event-subscriptions-delete) | Delete an Event Subscription.            |
| [get](#ngrok-api-event-subscriptions-get)       | Get an Event Subscription by ID.         |
| [list](#ngrok-api-event-subscriptions-list)     | List this Account's Event Subscriptions. |
| [update](#ngrok-api-event-subscriptions-update) | Update an Event Subscription.            |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api event-subscriptions create

Create an Event Subscription.

### Usage

```sh theme={null}
ngrok api event-subscriptions create [flags]
```

### Flags

| Flag                | Description                                                                                        |
| ------------------- | -------------------------------------------------------------------------------------------------- |
| `--description`     | Arbitrary customer supplied information intended to be human readable. Optional, max 255 chars.    |
| `--destination-ids` | A list of Event Destination IDs which should be used for this Event Subscription.                  |
| `--metadata`        | Arbitrary customer supplied information intended to be machine readable. Optional, max 4096 chars. |
| `--api-key`         | API key to use                                                                                     |
| `--config`          | path to config files; they are merged if multiple                                                  |
| `--log`             | path to log file, 'stdout', 'stderr' or 'false'                                                    |
| `--log-format`      | log record format: 'term', 'logfmt', 'json'                                                        |
| `--log-level`       | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                            |

## ngrok api event-subscriptions delete

Delete an Event Subscription.

### Usage

```sh theme={null}
ngrok api event-subscriptions delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api event-subscriptions get

Get an Event Subscription by ID.

### Usage

```sh theme={null}
ngrok api event-subscriptions get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api event-subscriptions list

List this Account's Event Subscriptions.

### Usage

```sh theme={null}
ngrok api event-subscriptions list [flags]
```

### Flags

| Flag           | Description                                                                                                                                                                                                                                                                                                                                                                               |
| -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--before-id`  | Expects a resource ID as its input. Returns earlier entries in the result set, sorted by ID.                                                                                                                                                                                                                                                                                              |
| `--filter`     | A CEL expression to filter the list results. Supports logical and comparison operators to match on fields such as id, metadata, created\_at, and more. See ngrok API Filtering for syntax and field details: [https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering) ([https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering)). |
| `--limit`      | Constrains the number of results in the dataset. See the API Overview ([https://ngrok.com/docs/api/index#pagination](https://ngrok.com/docs/api/index#pagination)) for details.                                                                                                                                                                                                           |
| `--api-key`    | API key to use                                                                                                                                                                                                                                                                                                                                                                            |
| `--config`     | path to config files; they are merged if multiple                                                                                                                                                                                                                                                                                                                                         |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                                                                                                           |
| `--log-format` | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                                                                                                               |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                                                                                                   |

## ngrok api event-subscriptions update

Update an Event Subscription.

### Usage

```sh theme={null}
ngrok api event-subscriptions update <id> [flags]
```

### Flags

| Flag                | Description                                                                                        |
| ------------------- | -------------------------------------------------------------------------------------------------- |
| `--description`     | Arbitrary customer supplied information intended to be human readable. Optional, max 255 chars.    |
| `--destination-ids` | A list of Event Destination IDs which should be used for this Event Subscription.                  |
| `--metadata`        | Arbitrary customer supplied information intended to be machine readable. Optional, max 4096 chars. |
| `--api-key`         | API key to use                                                                                     |
| `--config`          | path to config files; they are merged if multiple                                                  |
| `--log`             | path to log file, 'stdout', 'stderr' or 'false'                                                    |
| `--log-format`      | log record format: 'term', 'logfmt', 'json'                                                        |
| `--log-level`       | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                            |

## ngrok api ip-policies

IP Policies are reusable groups of CIDR ranges with an allow or deny
action. They can be attached to endpoints via the Endpoint Configuration IP
Policy module. They can also be used with IP Restrictions to control source
IP ranges that can start tunnel sessions and connect to the API and dashboard.

### SubCommands

| Command                                 | Description                                       |
| --------------------------------------- | ------------------------------------------------- |
| [create](#ngrok-api-ip-policies-create) | Create a new IP policy                            |
| [delete](#ngrok-api-ip-policies-delete) | Delete an IP policy                               |
| [get](#ngrok-api-ip-policies-get)       | Get detailed information about an IP policy by ID |
| [list](#ngrok-api-ip-policies-list)     | List all IP policies on this account              |
| [update](#ngrok-api-ip-policies-update) | Update attributes of an IP policy by ID           |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api ip-policies create

Create a new IP policy. It will not apply to any traffic until you associate to a traffic source via an endpoint configuration or IP restriction.

### Usage

```sh theme={null}
ngrok api ip-policies create [flags]
```

### Flags

| Flag            | Description                                                                                                                                                                 |
| --------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--action`      | this field is deprecated. Please leave it empty and use the ip policy rule object's "action" field instead. It is temporarily retained for backwards compatibility reasons. |
| `--description` | human-readable description of the source IPs of this IP policy. optional, max 255 bytes.                                                                                    |
| `--metadata`    | arbitrary user-defined machine-readable data of this IP policy. optional, max 4096 bytes.                                                                                   |
| `--api-key`     | API key to use                                                                                                                                                              |
| `--config`      | path to config files; they are merged if multiple                                                                                                                           |
| `--log`         | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                             |
| `--log-format`  | log record format: 'term', 'logfmt', 'json'                                                                                                                                 |
| `--log-level`   | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                     |

## ngrok api ip-policies delete

Delete an IP policy. If the IP policy is referenced by another object for the purposes of traffic restriction it will be treated as if the IP policy remains but has zero rules.

### Usage

```sh theme={null}
ngrok api ip-policies delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api ip-policies get

Get detailed information about an IP policy by ID.

### Usage

```sh theme={null}
ngrok api ip-policies get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api ip-policies list

List all IP policies on this account

### Usage

```sh theme={null}
ngrok api ip-policies list [flags]
```

### Flags

| Flag           | Description                                                                                                                                                                                                                                                                                                                                                                               |
| -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--before-id`  | Expects a resource ID as its input. Returns earlier entries in the result set, sorted by ID.                                                                                                                                                                                                                                                                                              |
| `--filter`     | A CEL expression to filter the list results. Supports logical and comparison operators to match on fields such as id, metadata, created\_at, and more. See ngrok API Filtering for syntax and field details: [https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering) ([https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering)). |
| `--limit`      | Constrains the number of results in the dataset. See the API Overview ([https://ngrok.com/docs/api/index#pagination](https://ngrok.com/docs/api/index#pagination)) for details.                                                                                                                                                                                                           |
| `--api-key`    | API key to use                                                                                                                                                                                                                                                                                                                                                                            |
| `--config`     | path to config files; they are merged if multiple                                                                                                                                                                                                                                                                                                                                         |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                                                                                                           |
| `--log-format` | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                                                                                                               |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                                                                                                   |

## ngrok api ip-policies update

Update attributes of an IP policy by ID

### Usage

```sh theme={null}
ngrok api ip-policies update <id> [flags]
```

### Flags

| Flag            | Description                                                                               |
| --------------- | ----------------------------------------------------------------------------------------- |
| `--description` | human-readable description of the source IPs of this IP policy. optional, max 255 bytes.  |
| `--metadata`    | arbitrary user-defined machine-readable data of this IP policy. optional, max 4096 bytes. |
| `--api-key`     | API key to use                                                                            |
| `--config`      | path to config files; they are merged if multiple                                         |
| `--log`         | path to log file, 'stdout', 'stderr' or 'false'                                           |
| `--log-format`  | log record format: 'term', 'logfmt', 'json'                                               |
| `--log-level`   | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                   |

## ngrok api ip-policy-rules

IP Policy Rules are the IPv4 or IPv6 CIDRs entries that
make up an IP Policy.

### SubCommands

| Command                                     | Description                                      |
| ------------------------------------------- | ------------------------------------------------ |
| [create](#ngrok-api-ip-policy-rules-create) | Create a new IP policy rule attached to an IP... |
| [delete](#ngrok-api-ip-policy-rules-delete) | Delete an IP policy rule.                        |
| [get](#ngrok-api-ip-policy-rules-get)       | Get detailed information about an IP policy...   |
| [list](#ngrok-api-ip-policy-rules-list)     | List all IP policy rules on this account         |
| [update](#ngrok-api-ip-policy-rules-update) | Update attributes of an IP policy rule by ID     |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api ip-policy-rules create

Create a new IP policy rule attached to an IP Policy.

### Usage

```sh theme={null}
ngrok api ip-policy-rules create [flags]
```

### Flags

| Flag             | Description                                                                                    |
| ---------------- | ---------------------------------------------------------------------------------------------- |
| `--action`       | the action to apply to the policy rule, either allow or deny                                   |
| `--cidr`         | an IP or IP range specified in CIDR notation. IPv4 and IPv6 are both supported.                |
| `--description`  | human-readable description of the source IPs of this IP rule. optional, max 255 bytes.         |
| `--ip-policy-id` | ID of the IP policy this IP policy rule will be attached to                                    |
| `--metadata`     | arbitrary user-defined machine-readable data of this IP policy rule. optional, max 4096 bytes. |
| `--api-key`      | API key to use                                                                                 |
| `--config`       | path to config files; they are merged if multiple                                              |
| `--log`          | path to log file, 'stdout', 'stderr' or 'false'                                                |
| `--log-format`   | log record format: 'term', 'logfmt', 'json'                                                    |
| `--log-level`    | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                        |

## ngrok api ip-policy-rules delete

Delete an IP policy rule.

### Usage

```sh theme={null}
ngrok api ip-policy-rules delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api ip-policy-rules get

Get detailed information about an IP policy rule by ID.

### Usage

```sh theme={null}
ngrok api ip-policy-rules get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api ip-policy-rules list

List all IP policy rules on this account

### Usage

```sh theme={null}
ngrok api ip-policy-rules list [flags]
```

### Flags

| Flag           | Description                                                                                                                                                                                                                                                                                                                                                                               |
| -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--before-id`  | Expects a resource ID as its input. Returns earlier entries in the result set, sorted by ID.                                                                                                                                                                                                                                                                                              |
| `--filter`     | A CEL expression to filter the list results. Supports logical and comparison operators to match on fields such as id, metadata, created\_at, and more. See ngrok API Filtering for syntax and field details: [https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering) ([https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering)). |
| `--limit`      | Constrains the number of results in the dataset. See the API Overview ([https://ngrok.com/docs/api/index#pagination](https://ngrok.com/docs/api/index#pagination)) for details.                                                                                                                                                                                                           |
| `--api-key`    | API key to use                                                                                                                                                                                                                                                                                                                                                                            |
| `--config`     | path to config files; they are merged if multiple                                                                                                                                                                                                                                                                                                                                         |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                                                                                                           |
| `--log-format` | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                                                                                                               |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                                                                                                   |

## ngrok api ip-policy-rules update

Update attributes of an IP policy rule by ID

### Usage

```sh theme={null}
ngrok api ip-policy-rules update <id> [flags]
```

### Flags

| Flag            | Description                                                                                    |
| --------------- | ---------------------------------------------------------------------------------------------- |
| `--cidr`        | an IP or IP range specified in CIDR notation. IPv4 and IPv6 are both supported.                |
| `--description` | human-readable description of the source IPs of this IP rule. optional, max 255 bytes.         |
| `--metadata`    | arbitrary user-defined machine-readable data of this IP policy rule. optional, max 4096 bytes. |
| `--api-key`     | API key to use                                                                                 |
| `--config`      | path to config files; they are merged if multiple                                              |
| `--log`         | path to log file, 'stdout', 'stderr' or 'false'                                                |
| `--log-format`  | log record format: 'term', 'logfmt', 'json'                                                    |
| `--log-level`   | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                        |

## ngrok api ip-restrictions

An IP restriction is a restriction placed on the CIDRs that are allowed to
initiate traffic to a specific aspect of your ngrok account. An IP
restriction has a type which defines the ingress it applies to. IP
restrictions can be used to enforce the source IPs that can make API
requests, log in to the dashboard, start ngrok agents, and connect to your
public-facing endpoints.

### SubCommands

| Command                                     | Description                                      |
| ------------------------------------------- | ------------------------------------------------ |
| [create](#ngrok-api-ip-restrictions-create) | Create a new IP restriction                      |
| [delete](#ngrok-api-ip-restrictions-delete) | Delete an IP restriction                         |
| [get](#ngrok-api-ip-restrictions-get)       | Get detailed information about an IP restriction |
| [list](#ngrok-api-ip-restrictions-list)     | List all IP restrictions on this account         |
| [update](#ngrok-api-ip-restrictions-update) | Update attributes of an IP restriction by ID     |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api ip-restrictions create

Create a new IP restriction

### Usage

```sh theme={null}
ngrok api ip-restrictions create [flags]
```

### Flags

| Flag              | Description                                                                                                                                                                    |
| ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `--description`   | human-readable description of this IP restriction. optional, max 255 bytes.                                                                                                    |
| `--enforced`      | true if the IP restriction will be enforced. if false, only warnings will be issued                                                                                            |
| `--ip-policy-ids` | the set of IP policy identifiers that are used to enforce the restriction                                                                                                      |
| `--metadata`      | arbitrary user-defined machine-readable data of this IP restriction. optional, max 4096 bytes.                                                                                 |
| `--type`          | the type of IP restriction. this defines what traffic will be restricted with the attached policies. four values are currently supported: dashboard, api, agent, and endpoints |
| `--api-key`       | API key to use                                                                                                                                                                 |
| `--config`        | path to config files; they are merged if multiple                                                                                                                              |
| `--log`           | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                |
| `--log-format`    | log record format: 'term', 'logfmt', 'json'                                                                                                                                    |
| `--log-level`     | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                        |

## ngrok api ip-restrictions delete

Delete an IP restriction

### Usage

```sh theme={null}
ngrok api ip-restrictions delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api ip-restrictions get

Get detailed information about an IP restriction

### Usage

```sh theme={null}
ngrok api ip-restrictions get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api ip-restrictions list

List all IP restrictions on this account

### Usage

```sh theme={null}
ngrok api ip-restrictions list [flags]
```

### Flags

| Flag           | Description                                                                                                                                                                                                                                                                                                                                                                               |
| -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--before-id`  | Expects a resource ID as its input. Returns earlier entries in the result set, sorted by ID.                                                                                                                                                                                                                                                                                              |
| `--filter`     | A CEL expression to filter the list results. Supports logical and comparison operators to match on fields such as id, metadata, created\_at, and more. See ngrok API Filtering for syntax and field details: [https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering) ([https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering)). |
| `--limit`      | Constrains the number of results in the dataset. See the API Overview ([https://ngrok.com/docs/api/index#pagination](https://ngrok.com/docs/api/index#pagination)) for details.                                                                                                                                                                                                           |
| `--api-key`    | API key to use                                                                                                                                                                                                                                                                                                                                                                            |
| `--config`     | path to config files; they are merged if multiple                                                                                                                                                                                                                                                                                                                                         |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                                                                                                           |
| `--log-format` | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                                                                                                               |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                                                                                                   |

## ngrok api ip-restrictions update

Update attributes of an IP restriction by ID

### Usage

```sh theme={null}
ngrok api ip-restrictions update <id> [flags]
```

### Flags

| Flag              | Description                                                                                    |
| ----------------- | ---------------------------------------------------------------------------------------------- |
| `--description`   | human-readable description of this IP restriction. optional, max 255 bytes.                    |
| `--enforced`      | true if the IP restriction will be enforced. if false, only warnings will be issued            |
| `--ip-policy-ids` | the set of IP policy identifiers that are used to enforce the restriction                      |
| `--metadata`      | arbitrary user-defined machine-readable data of this IP restriction. optional, max 4096 bytes. |
| `--api-key`       | API key to use                                                                                 |
| `--config`        | path to config files; they are merged if multiple                                              |
| `--log`           | path to log file, 'stdout', 'stderr' or 'false'                                                |
| `--log-format`    | log record format: 'term', 'logfmt', 'json'                                                    |
| `--log-level`     | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                        |

## ngrok api kubernetes-operators

KubernetesOperators is used by the Kubernetes Operator to register and
manage its own resource, as well as for users to see active kubernetes
clusters.

### SubCommands

| Command                                                                    | Description                                    |
| -------------------------------------------------------------------------- | ---------------------------------------------- |
| [create](#ngrok-api-kubernetes-operators-create)                           | Create a new Kubernetes Operator               |
| [delete](#ngrok-api-kubernetes-operators-delete)                           | Delete a Kubernetes Operator                   |
| [get](#ngrok-api-kubernetes-operators-get)                                 | Get of a Kubernetes Operator                   |
| [get-bound-endpoints](#ngrok-api-kubernetes-operators-get-bound-endpoints) | List Endpoints bound to a Kubernetes Operator  |
| [list](#ngrok-api-kubernetes-operators-list)                               | List all Kubernetes Operators owned by this... |
| [update](#ngrok-api-kubernetes-operators-update)                           | Update an existing Kubernetes operator by ID.  |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api kubernetes-operators create

Create a new Kubernetes Operator

### Usage

```sh theme={null}
ngrok api kubernetes-operators create [flags]
```

### Flags

| Flag                           | Description                                                                                                                                                                                 |
| ------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--binding.csr`                | CSR is supplied during initial creation to enable creating a mutual TLS secured connection between ngrok and the operator. This is an internal implementation detail and subject to change. |
| `--binding.endpoint-selectors` | the list of cel expressions that filter the k8s bound endpoints for this operator                                                                                                           |
| `--binding.ingress-endpoint`   | the public ingress endpoint for this Kubernetes Operator                                                                                                                                    |
| `--deployment.cluster-name`    | user-given name for the cluster the Kubernetes Operator is deployed to                                                                                                                      |
| `--deployment.name`            | the deployment name                                                                                                                                                                         |
| `--deployment.namespace`       | the namespace this Kubernetes Operator is deployed to                                                                                                                                       |
| `--deployment.version`         | the version of this Kubernetes Operator                                                                                                                                                     |
| `--description`                | human-readable description of this Kubernetes Operator. optional, max 255 bytes.                                                                                                            |
| `--enabled-features`           | features enabled for this Kubernetes Operator. a subset of "bindings", "ingress", and "gateway"                                                                                             |
| `--metadata`                   | arbitrary user-defined machine-readable data of this Kubernetes Operator. optional, max 4096 bytes.                                                                                         |
| `--region`                     | the ngrok region in which the ingress for this operator is served. defaults to "global"                                                                                                     |
| `--api-key`                    | API key to use                                                                                                                                                                              |
| `--config`                     | path to config files; they are merged if multiple                                                                                                                                           |
| `--log`                        | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                             |
| `--log-format`                 | log record format: 'term', 'logfmt', 'json'                                                                                                                                                 |
| `--log-level`                  | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                     |

## ngrok api kubernetes-operators delete

Delete a Kubernetes Operator

### Usage

```sh theme={null}
ngrok api kubernetes-operators delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api kubernetes-operators get

Get of a Kubernetes Operator

### Usage

```sh theme={null}
ngrok api kubernetes-operators get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api kubernetes-operators get-bound-endpoints

List Endpoints bound to a Kubernetes Operator

### Usage

```sh theme={null}
ngrok api kubernetes-operators get-bound-endpoints <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--before-id`  |                                                         |
| `--limit`      |                                                         |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api kubernetes-operators list

List all Kubernetes Operators owned by this account

### Usage

```sh theme={null}
ngrok api kubernetes-operators list [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--before-id`  |                                                         |
| `--limit`      |                                                         |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api kubernetes-operators update

Update an existing Kubernetes operator by ID.

### Usage

```sh theme={null}
ngrok api kubernetes-operators update <id> [flags]
```

### Flags

| Flag                           | Description                                                                                                                                                                                 |
| ------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--binding.csr`                | CSR is supplied during initial creation to enable creating a mutual TLS secured connection between ngrok and the operator. This is an internal implementation detail and subject to change. |
| `--binding.endpoint-selectors` | the list of cel expressions that filter the k8s bound endpoints for this operator                                                                                                           |
| `--binding.ingress-endpoint`   | the public ingress endpoint for this Kubernetes Operator                                                                                                                                    |
| `--deployment.name`            | the deployment name                                                                                                                                                                         |
| `--deployment.version`         | the version of this Kubernetes Operator                                                                                                                                                     |
| `--description`                | human-readable description of this Kubernetes Operator. optional, max 255 bytes.                                                                                                            |
| `--enabled-features`           | features enabled for this Kubernetes Operator. a subset of "bindings", "ingress", and "gateway"                                                                                             |
| `--metadata`                   | arbitrary user-defined machine-readable data of this Kubernetes Operator. optional, max 4096 bytes.                                                                                         |
| `--region`                     | the ngrok region in which the ingress for this operator is served. defaults to "global"                                                                                                     |
| `--api-key`                    | API key to use                                                                                                                                                                              |
| `--config`                     | path to config files; they are merged if multiple                                                                                                                                           |
| `--log`                        | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                             |
| `--log-format`                 | log record format: 'term', 'logfmt', 'json'                                                                                                                                                 |
| `--log-level`                  | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                     |

## ngrok api personal-access-tokens

Personal Access Tokens (PATs) are bearer credentials that authenticate the
ngrok agent as the issuing principal. The token secret is only returned at
creation time; save it securely. The effective permissions of a PAT are
derived from the principal's membership in the account at authentication
time.

### SubCommands

| Command                                            | Description                                      |
| -------------------------------------------------- | ------------------------------------------------ |
| [create](#ngrok-api-personal-access-tokens-create) | Create a new Personal Access Token               |
| [delete](#ngrok-api-personal-access-tokens-delete) | Revoke a Personal Access Token by ID.            |
| [get](#ngrok-api-personal-access-tokens-get)       | Get a Personal Access Token by ID.               |
| [list](#ngrok-api-personal-access-tokens-list)     | List all Personal Access Tokens for this account |
| [update](#ngrok-api-personal-access-tokens-update) | Update attributes of a Personal Access Token...  |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api personal-access-tokens create

Create a new Personal Access Token. The token secret is only returned in this response and cannot be retrieved later. If lost, you must create a new token.

### Usage

```sh theme={null}
ngrok api personal-access-tokens create [flags]
```

### Flags

| Flag            | Description                                                                  |
| --------------- | ---------------------------------------------------------------------------- |
| `--description` | human-readable description of this token. Optional, max 255 bytes.           |
| `--expires-at`  | optional expiration time for this token. If unset the token does not expire. |
| `--api-key`     | API key to use                                                               |
| `--config`      | path to config files; they are merged if multiple                            |
| `--log`         | path to log file, 'stdout', 'stderr' or 'false'                              |
| `--log-format`  | log record format: 'term', 'logfmt', 'json'                                  |
| `--log-level`   | logging level: 'debug', 'info', 'warn', 'error', 'crit'                      |

## ngrok api personal-access-tokens delete

Revoke a Personal Access Token by ID.

### Usage

```sh theme={null}
ngrok api personal-access-tokens delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api personal-access-tokens get

Get a Personal Access Token by ID.

### Usage

```sh theme={null}
ngrok api personal-access-tokens get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api personal-access-tokens list

List all Personal Access Tokens for this account

### Usage

```sh theme={null}
ngrok api personal-access-tokens list [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--before-id`  |                                                         |
| `--limit`      |                                                         |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api personal-access-tokens update

Update attributes of a Personal Access Token by ID.

### Usage

```sh theme={null}
ngrok api personal-access-tokens update <id> [flags]
```

### Flags

| Flag            | Description                                                        |
| --------------- | ------------------------------------------------------------------ |
| `--description` | human-readable description of this token. Optional, max 255 bytes. |
| `--api-key`     | API key to use                                                     |
| `--config`      | path to config files; they are merged if multiple                  |
| `--log`         | path to log file, 'stdout', 'stderr' or 'false'                    |
| `--log-format`  | log record format: 'term', 'logfmt', 'json'                        |
| `--log-level`   | logging level: 'debug', 'info', 'warn', 'error', 'crit'            |

## ngrok api pointcfg-module

### SubCommands

| Command                                                             | Description |
| ------------------------------------------------------------------- | ----------- |
| [backend](#ngrok-api-pointcfg-module-backend)                       |             |
| [basic-auth](#ngrok-api-pointcfg-module-basic-auth)                 |             |
| [circuit-breaker](#ngrok-api-pointcfg-module-circuit-breaker)       |             |
| [compression](#ngrok-api-pointcfg-module-compression)               |             |
| [ip-policy](#ngrok-api-pointcfg-module-ip-policy)                   |             |
| [mutual-tls](#ngrok-api-pointcfg-module-mutual-tls)                 |             |
| [oauth](#ngrok-api-pointcfg-module-oauth)                           |             |
| [oidc](#ngrok-api-pointcfg-module-oidc)                             |             |
| [request-headers](#ngrok-api-pointcfg-module-request-headers)       |             |
| [response-headers](#ngrok-api-pointcfg-module-response-headers)     |             |
| [saml](#ngrok-api-pointcfg-module-saml)                             |             |
| [tls-termination](#ngrok-api-pointcfg-module-tls-termination)       |             |
| [webhook-validation](#ngrok-api-pointcfg-module-webhook-validation) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module backend

### SubCommands

| Command                                               | Description |
| ----------------------------------------------------- | ----------- |
| [delete](#ngrok-api-pointcfg-module-backend-delete)   |             |
| [get](#ngrok-api-pointcfg-module-backend-get)         |             |
| [replace](#ngrok-api-pointcfg-module-backend-replace) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module backend delete

### Usage

```sh theme={null}
ngrok api pointcfg-module backend delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module backend get

### Usage

```sh theme={null}
ngrok api pointcfg-module backend get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module backend replace

### Usage

```sh theme={null}
ngrok api pointcfg-module backend replace <id> [flags]
```

### Flags

| Flag                  | Description                                                                                  |
| --------------------- | -------------------------------------------------------------------------------------------- |
| `--module.backend-id` | backend to be used to back this endpoint                                                     |
| `--module.enabled`    | true if the module will be applied to traffic, false to disable. default true if unspecified |
| `--api-key`           | API key to use                                                                               |
| `--config`            | path to config files; they are merged if multiple                                            |
| `--log`               | path to log file, 'stdout', 'stderr' or 'false'                                              |
| `--log-format`        | log record format: 'term', 'logfmt', 'json'                                                  |
| `--log-level`         | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                      |

## ngrok api pointcfg-module basic-auth

### SubCommands

| Command                                                  | Description |
| -------------------------------------------------------- | ----------- |
| [delete](#ngrok-api-pointcfg-module-basic-auth-delete)   |             |
| [get](#ngrok-api-pointcfg-module-basic-auth-get)         |             |
| [replace](#ngrok-api-pointcfg-module-basic-auth-replace) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module basic-auth delete

### Usage

```sh theme={null}
ngrok api pointcfg-module basic-auth delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module basic-auth get

### Usage

```sh theme={null}
ngrok api pointcfg-module basic-auth get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module basic-auth replace

### Usage

```sh theme={null}
ngrok api pointcfg-module basic-auth replace <id> [flags]
```

### Flags

| Flag                        | Description                                                                                                                                                                                                                                     |
| --------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--module.allow-options`    | true or false indicating whether to allow OPTIONS requests through without authentication which is necessary for CORS. default is false                                                                                                         |
| `--module.auth-provider-id` | determines how the basic auth credentials are validated. Currently only the value agent is supported which means that credentials will be validated against the username and password specified by the ngrok agent's --basic-auth flag, if any. |
| `--module.enabled`          | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                    |
| `--module.realm`            | an arbitrary string to be specified in as the 'realm' value in the WWW-Authenticate header. default is ngrok                                                                                                                                    |
| `--api-key`                 | API key to use                                                                                                                                                                                                                                  |
| `--config`                  | path to config files; they are merged if multiple                                                                                                                                                                                               |
| `--log`                     | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                 |
| `--log-format`              | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                     |
| `--log-level`               | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                         |

## ngrok api pointcfg-module circuit-breaker

### SubCommands

| Command                                                       | Description |
| ------------------------------------------------------------- | ----------- |
| [delete](#ngrok-api-pointcfg-module-circuit-breaker-delete)   |             |
| [get](#ngrok-api-pointcfg-module-circuit-breaker-get)         |             |
| [replace](#ngrok-api-pointcfg-module-circuit-breaker-replace) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module circuit-breaker delete

### Usage

```sh theme={null}
ngrok api pointcfg-module circuit-breaker delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module circuit-breaker get

### Usage

```sh theme={null}
ngrok api pointcfg-module circuit-breaker get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module circuit-breaker replace

### Usage

```sh theme={null}
ngrok api pointcfg-module circuit-breaker replace <id> [flags]
```

### Flags

| Flag                                  | Description                                                                                                  |
| ------------------------------------- | ------------------------------------------------------------------------------------------------------------ |
| `--module.enabled`                    | true if the module will be applied to traffic, false to disable. default true if unspecified                 |
| `--module.error-threshold-percentage` | Error threshold percentage should be between 0 - 1.0, not 0-100.0                                            |
| `--module.num-buckets`                | Integer number of buckets into which metrics are retained. Max 128.                                          |
| `--module.rolling-window`             | Integer number of seconds in the statistical rolling window that metrics are retained for.                   |
| `--module.tripped-duration`           | Integer number of seconds after which the circuit is tripped to wait before re-evaluating upstream health    |
| `--module.volume-threshold`           | Integer number of requests in a rolling window that will trip the circuit. Helpful if traffic volume is low. |
| `--api-key`                           | API key to use                                                                                               |
| `--config`                            | path to config files; they are merged if multiple                                                            |
| `--log`                               | path to log file, 'stdout', 'stderr' or 'false'                                                              |
| `--log-format`                        | log record format: 'term', 'logfmt', 'json'                                                                  |
| `--log-level`                         | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                      |

## ngrok api pointcfg-module compression

### SubCommands

| Command                                                   | Description |
| --------------------------------------------------------- | ----------- |
| [delete](#ngrok-api-pointcfg-module-compression-delete)   |             |
| [get](#ngrok-api-pointcfg-module-compression-get)         |             |
| [replace](#ngrok-api-pointcfg-module-compression-replace) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module compression delete

### Usage

```sh theme={null}
ngrok api pointcfg-module compression delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module compression get

### Usage

```sh theme={null}
ngrok api pointcfg-module compression get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module compression replace

### Usage

```sh theme={null}
ngrok api pointcfg-module compression replace <id> [flags]
```

### Flags

| Flag               | Description                                                                                  |
| ------------------ | -------------------------------------------------------------------------------------------- |
| `--module.enabled` | true if the module will be applied to traffic, false to disable. default true if unspecified |
| `--api-key`        | API key to use                                                                               |
| `--config`         | path to config files; they are merged if multiple                                            |
| `--log`            | path to log file, 'stdout', 'stderr' or 'false'                                              |
| `--log-format`     | log record format: 'term', 'logfmt', 'json'                                                  |
| `--log-level`      | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                      |

## ngrok api pointcfg-module ip-policy

### SubCommands

| Command                                                 | Description |
| ------------------------------------------------------- | ----------- |
| [delete](#ngrok-api-pointcfg-module-ip-policy-delete)   |             |
| [get](#ngrok-api-pointcfg-module-ip-policy-get)         |             |
| [replace](#ngrok-api-pointcfg-module-ip-policy-replace) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module ip-policy delete

### Usage

```sh theme={null}
ngrok api pointcfg-module ip-policy delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module ip-policy get

### Usage

```sh theme={null}
ngrok api pointcfg-module ip-policy get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module ip-policy replace

### Usage

```sh theme={null}
ngrok api pointcfg-module ip-policy replace <id> [flags]
```

### Flags

| Flag                     | Description                                                                                         |
| ------------------------ | --------------------------------------------------------------------------------------------------- |
| `--module.enabled`       | true if the module will be applied to traffic, false to disable. default true if unspecified        |
| `--module.ip-policy-ids` | list of all IP policies that will be used to check if a source IP is allowed access to the endpoint |
| `--api-key`              | API key to use                                                                                      |
| `--config`               | path to config files; they are merged if multiple                                                   |
| `--log`                  | path to log file, 'stdout', 'stderr' or 'false'                                                     |
| `--log-format`           | log record format: 'term', 'logfmt', 'json'                                                         |
| `--log-level`            | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                             |

## ngrok api pointcfg-module mutual-tls

### SubCommands

| Command                                                  | Description |
| -------------------------------------------------------- | ----------- |
| [delete](#ngrok-api-pointcfg-module-mutual-tls-delete)   |             |
| [get](#ngrok-api-pointcfg-module-mutual-tls-get)         |             |
| [replace](#ngrok-api-pointcfg-module-mutual-tls-replace) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module mutual-tls delete

### Usage

```sh theme={null}
ngrok api pointcfg-module mutual-tls delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module mutual-tls get

### Usage

```sh theme={null}
ngrok api pointcfg-module mutual-tls get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module mutual-tls replace

### Usage

```sh theme={null}
ngrok api pointcfg-module mutual-tls replace <id> [flags]
```

### Flags

| Flag                                 | Description                                                                                                                               |
| ------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------- |
| `--module.certificate-authority-ids` | list of certificate authorities that will be used to validate the TLS client certificate presented by the initiator of the TLS connection |
| `--module.enabled`                   | true if the module will be applied to traffic, false to disable. default true if unspecified                                              |
| `--api-key`                          | API key to use                                                                                                                            |
| `--config`                           | path to config files; they are merged if multiple                                                                                         |
| `--log`                              | path to log file, 'stdout', 'stderr' or 'false'                                                                                           |
| `--log-format`                       | log record format: 'term', 'logfmt', 'json'                                                                                               |
| `--log-level`                        | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                   |

## ngrok api pointcfg-module oauth

### SubCommands

| Command                                             | Description |
| --------------------------------------------------- | ----------- |
| [delete](#ngrok-api-pointcfg-module-oauth-delete)   |             |
| [get](#ngrok-api-pointcfg-module-oauth-get)         |             |
| [replace](#ngrok-api-pointcfg-module-oauth-replace) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module oauth delete

### Usage

```sh theme={null}
ngrok api pointcfg-module oauth delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module oauth get

### Usage

```sh theme={null}
ngrok api pointcfg-module oauth get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module oauth replace

### Usage

```sh theme={null}
ngrok api pointcfg-module oauth replace <id> [flags]
```

### Flags

| Flag                                          | Description                                                                                                                                                                                                                                                                                                                              |
| --------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--module.auth-check-interval`                | Integer number of seconds after which ngrok guarantees it will refresh user state from the identity provider and recheck whether the user is still authorized to access the endpoint. This is the preferred tunable to use to enforce a minimum amount of time after which a revoked user will no longer be able to access the resource. |
| `--module.cookie-prefix`                      | the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'                                                                                                                                                                                                                         |
| `--module.enabled`                            | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                             |
| `--module.inactivity-timeout`                 | Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.                                                                                                                                                                    |
| `--module.maximum-duration`                   | Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.                                                                                                                                                                                                |
| `--module.options-passthrough`                | Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.                                                                                                                                                                                                                                            |
| `--module.provider.amazon.client-id`          |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.amazon.client-secret`      |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.amazon.email-addresses`    |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.amazon.email-domains`      |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.amazon.scopes`             |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.facebook.client-id`        | the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client\_secret must be present as well.          |
| `--module.provider.facebook.client-secret`    | the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client\_id.                                                                                                                                                       |
| `--module.provider.facebook.email-addresses`  | a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                             |
| `--module.provider.facebook.email-domains`    | a list of email domains of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                               |
| `--module.provider.facebook.scopes`           | a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client\_id and client\_secret to set scopes)                                                                                              |
| `--module.provider.github.client-id`          | the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client\_secret must be present as well.          |
| `--module.provider.github.client-secret`      | the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client\_id.                                                                                                                                                       |
| `--module.provider.github.email-addresses`    | a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                             |
| `--module.provider.github.email-domains`      | a list of email domains of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                               |
| `--module.provider.github.organizations`      | a list of github org identifiers. users who are members of any of the listed organizations will be allowed access. identifiers should be the organization's 'slug'                                                                                                                                                                       |
| `--module.provider.github.scopes`             | a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client\_id and client\_secret to set scopes)                                                                                              |
| `--module.provider.github.teams`              | a list of github teams identifiers. users will be allowed access to the endpoint if they are a member of any of these teams. identifiers should be in the 'slug' format qualified with the org name, e.g. org-name/team-name                                                                                                             |
| `--module.provider.gitlab.client-id`          |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.gitlab.client-secret`      |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.gitlab.email-addresses`    |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.gitlab.email-domains`      |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.gitlab.scopes`             |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.google.client-id`          | the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client\_secret must be present as well.          |
| `--module.provider.google.client-secret`      | the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client\_id.                                                                                                                                                       |
| `--module.provider.google.email-addresses`    | a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                             |
| `--module.provider.google.email-domains`      | a list of email domains of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                               |
| `--module.provider.google.scopes`             | a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client\_id and client\_secret to set scopes)                                                                                              |
| `--module.provider.linkedin.client-id`        |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.linkedin.client-secret`    |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.linkedin.email-addresses`  |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.linkedin.email-domains`    |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.linkedin.scopes`           |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.microsoft.client-id`       | the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client\_secret must be present as well.          |
| `--module.provider.microsoft.client-secret`   | the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client\_id.                                                                                                                                                       |
| `--module.provider.microsoft.email-addresses` | a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                             |
| `--module.provider.microsoft.email-domains`   | a list of email domains of users authenticated by identity provider who are allowed access to the endpoint                                                                                                                                                                                                                               |
| `--module.provider.microsoft.scopes`          | a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client\_id and client\_secret to set scopes)                                                                                              |
| `--module.provider.twitch.client-id`          |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.twitch.client-secret`      |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.twitch.email-addresses`    |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.twitch.email-domains`      |                                                                                                                                                                                                                                                                                                                                          |
| `--module.provider.twitch.scopes`             |                                                                                                                                                                                                                                                                                                                                          |
| `--api-key`                                   | API key to use                                                                                                                                                                                                                                                                                                                           |
| `--config`                                    | path to config files; they are merged if multiple                                                                                                                                                                                                                                                                                        |
| `--log`                                       | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                                                          |
| `--log-format`                                | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                                                              |
| `--log-level`                                 | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                                                  |

## ngrok api pointcfg-module oidc

### SubCommands

| Command                                            | Description |
| -------------------------------------------------- | ----------- |
| [delete](#ngrok-api-pointcfg-module-oidc-delete)   |             |
| [get](#ngrok-api-pointcfg-module-oidc-get)         |             |
| [replace](#ngrok-api-pointcfg-module-oidc-replace) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module oidc delete

### Usage

```sh theme={null}
ngrok api pointcfg-module oidc delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module oidc get

### Usage

```sh theme={null}
ngrok api pointcfg-module oidc get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module oidc replace

### Usage

```sh theme={null}
ngrok api pointcfg-module oidc replace <id> [flags]
```

### Flags

| Flag                           | Description                                                                                                                                                           |
| ------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--module.client-id`           | The OIDC app's client ID and OIDC audience.                                                                                                                           |
| `--module.client-secret`       | The OIDC app's client secret.                                                                                                                                         |
| `--module.cookie-prefix`       | the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'                                                      |
| `--module.enabled`             | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                          |
| `--module.inactivity-timeout`  | Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate. |
| `--module.issuer`              | URL of the OIDC "OpenID provider". This is the base URL used for discovery.                                                                                           |
| `--module.maximum-duration`    | Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.                             |
| `--module.options-passthrough` | Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.                                                                         |
| `--module.scopes`              | The set of scopes to request from the OIDC identity provider.                                                                                                         |
| `--api-key`                    | API key to use                                                                                                                                                        |
| `--config`                     | path to config files; they are merged if multiple                                                                                                                     |
| `--log`                        | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                       |
| `--log-format`                 | log record format: 'term', 'logfmt', 'json'                                                                                                                           |
| `--log-level`                  | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                               |

## ngrok api pointcfg-module request-headers

### SubCommands

| Command                                                       | Description |
| ------------------------------------------------------------- | ----------- |
| [delete](#ngrok-api-pointcfg-module-request-headers-delete)   |             |
| [get](#ngrok-api-pointcfg-module-request-headers-get)         |             |
| [replace](#ngrok-api-pointcfg-module-request-headers-replace) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module request-headers delete

### Usage

```sh theme={null}
ngrok api pointcfg-module request-headers delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module request-headers get

### Usage

```sh theme={null}
ngrok api pointcfg-module request-headers get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module request-headers replace

### Usage

```sh theme={null}
ngrok api pointcfg-module request-headers replace <id> [flags]
```

### Flags

| Flag               | Description                                                                                                                          |
| ------------------ | ------------------------------------------------------------------------------------------------------------------------------------ |
| `--module.add`     | a map of header key to header value that will be injected into the HTTP Request before being sent to the upstream application server |
| `--module.enabled` | true if the module will be applied to traffic, false to disable. default true if unspecified                                         |
| `--module.remove`  | a list of header names that will be removed from the HTTP Request before being sent to the upstream application server               |
| `--api-key`        | API key to use                                                                                                                       |
| `--config`         | path to config files; they are merged if multiple                                                                                    |
| `--log`            | path to log file, 'stdout', 'stderr' or 'false'                                                                                      |
| `--log-format`     | log record format: 'term', 'logfmt', 'json'                                                                                          |
| `--log-level`      | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                              |

## ngrok api pointcfg-module response-headers

### SubCommands

| Command                                                        | Description |
| -------------------------------------------------------------- | ----------- |
| [delete](#ngrok-api-pointcfg-module-response-headers-delete)   |             |
| [get](#ngrok-api-pointcfg-module-response-headers-get)         |             |
| [replace](#ngrok-api-pointcfg-module-response-headers-replace) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module response-headers delete

### Usage

```sh theme={null}
ngrok api pointcfg-module response-headers delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module response-headers get

### Usage

```sh theme={null}
ngrok api pointcfg-module response-headers get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module response-headers replace

### Usage

```sh theme={null}
ngrok api pointcfg-module response-headers replace <id> [flags]
```

### Flags

| Flag               | Description                                                                                                  |
| ------------------ | ------------------------------------------------------------------------------------------------------------ |
| `--module.add`     | a map of header key to header value that will be injected into the HTTP Response returned to the HTTP client |
| `--module.enabled` | true if the module will be applied to traffic, false to disable. default true if unspecified                 |
| `--module.remove`  | a list of header names that will be removed from the HTTP Response returned to the HTTP client               |
| `--api-key`        | API key to use                                                                                               |
| `--config`         | path to config files; they are merged if multiple                                                            |
| `--log`            | path to log file, 'stdout', 'stderr' or 'false'                                                              |
| `--log-format`     | log record format: 'term', 'logfmt', 'json'                                                                  |
| `--log-level`      | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                      |

## ngrok api pointcfg-module saml

### SubCommands

| Command                                            | Description |
| -------------------------------------------------- | ----------- |
| [delete](#ngrok-api-pointcfg-module-saml-delete)   |             |
| [get](#ngrok-api-pointcfg-module-saml-get)         |             |
| [replace](#ngrok-api-pointcfg-module-saml-replace) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module saml delete

### Usage

```sh theme={null}
ngrok api pointcfg-module saml delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module saml get

### Usage

```sh theme={null}
ngrok api pointcfg-module saml get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module saml replace

### Usage

```sh theme={null}
ngrok api pointcfg-module saml replace <id> [flags]
```

### Flags

| Flag                           | Description                                                                                                                                                                                                                                                                                              |
| ------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--module.allow-idp-initiated` | If true, the IdP may initiate a login directly (e.g. the user does not need to visit the endpoint first and then be redirected). The IdP should set the RelayState parameter to the target URL of the resource they want the user to be redirected to after the SAML login assertion has been processed. |
| `--module.authorized-groups`   | If present, only users who are a member of one of the listed groups may access the target endpoint.                                                                                                                                                                                                      |
| `--module.cookie-prefix`       | the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'                                                                                                                                                                                         |
| `--module.enabled`             | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                             |
| `--module.force-authn`         | If true, indicates that whenever we redirect a user to the IdP for authentication that the IdP must prompt the user for authentication credentials even if the user already has a valid session with the IdP.                                                                                            |
| `--module.idp-metadata`        | The full XML IdP EntityDescriptor. Your IdP may provide this to you as a a file to download or as a URL.                                                                                                                                                                                                 |
| `--module.idp-metadata-url`    | The IdP's metadata URL which returns the XML IdP EntityDescriptor. The IdP's metadata URL specifies how to connect to the IdP as well as its public key which is then used to validate the signature on incoming SAML assertions to the ACS endpoint.                                                    |
| `--module.inactivity-timeout`  | Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.                                                                                                                                    |
| `--module.maximum-duration`    | Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.                                                                                                                                                                |
| `--module.nameid-format`       | Defines the name identifier format the SP expects the IdP to use in its assertions to identify subjects. If unspecified, a default value of urn:oasis:names:tc:SAML:2.0:nameid-format:persistent will be used. A subset of the allowed values enumerated by the SAML specification are supported.        |
| `--module.options-passthrough` | Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.                                                                                                                                                                                                            |
| `--api-key`                    | API key to use                                                                                                                                                                                                                                                                                           |
| `--config`                     | path to config files; they are merged if multiple                                                                                                                                                                                                                                                        |
| `--log`                        | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                          |
| `--log-format`                 | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                              |
| `--log-level`                  | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                  |

## ngrok api pointcfg-module tls-termination

### SubCommands

| Command                                                       | Description |
| ------------------------------------------------------------- | ----------- |
| [delete](#ngrok-api-pointcfg-module-tls-termination-delete)   |             |
| [get](#ngrok-api-pointcfg-module-tls-termination-get)         |             |
| [replace](#ngrok-api-pointcfg-module-tls-termination-replace) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module tls-termination delete

### Usage

```sh theme={null}
ngrok api pointcfg-module tls-termination delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module tls-termination get

### Usage

```sh theme={null}
ngrok api pointcfg-module tls-termination get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module tls-termination replace

### Usage

```sh theme={null}
ngrok api pointcfg-module tls-termination replace <id> [flags]
```

### Flags

| Flag                    | Description                                                                                                                                                                                                                                                                                                           |
| ----------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--module.enabled`      | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                          |
| `--module.min-version`  | The minimum TLS version used for termination and advertised to the client during the TLS handshake. if unspecified, ngrok will choose an industry-safe default. This value must be null if terminate\_at is set to upstream.                                                                                          |
| `--module.terminate-at` | edge if the ngrok edge should terminate TLS traffic, upstream if TLS traffic should be passed through to the upstream ngrok agent / application server for termination. if upstream is chosen, most other modules will be disallowed because they rely on the ngrok edge being able to access the underlying traffic. |
| `--api-key`             | API key to use                                                                                                                                                                                                                                                                                                        |
| `--config`              | path to config files; they are merged if multiple                                                                                                                                                                                                                                                                     |
| `--log`                 | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                                       |
| `--log-format`          | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                                           |
| `--log-level`           | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                               |

## ngrok api pointcfg-module webhook-validation

### SubCommands

| Command                                                          | Description |
| ---------------------------------------------------------------- | ----------- |
| [delete](#ngrok-api-pointcfg-module-webhook-validation-delete)   |             |
| [get](#ngrok-api-pointcfg-module-webhook-validation-get)         |             |
| [replace](#ngrok-api-pointcfg-module-webhook-validation-replace) |             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module webhook-validation delete

### Usage

```sh theme={null}
ngrok api pointcfg-module webhook-validation delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module webhook-validation get

### Usage

```sh theme={null}
ngrok api pointcfg-module webhook-validation get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api pointcfg-module webhook-validation replace

### Usage

```sh theme={null}
ngrok api pointcfg-module webhook-validation replace <id> [flags]
```

### Flags

| Flag                | Description                                                                                                                                                                                                                                                                                                                                                                                                       |
| ------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--module.enabled`  | true if the module will be applied to traffic, false to disable. default true if unspecified                                                                                                                                                                                                                                                                                                                      |
| `--module.provider` | a string indicating which webhook provider will be sending webhooks to this endpoint. Value must be one of the supported providers defined at [https://ngrok.com/docs/cloud-edge/modules/webhook-verification](https://ngrok.com/docs/cloud-edge/modules/webhook-verification) ([https://ngrok.com/docs/cloud-edge/modules/webhook-verification](https://ngrok.com/docs/cloud-edge/modules/webhook-verification)) |
| `--module.secret`   | a string secret used to validate requests from the given provider. All providers except AWS SNS require a secret                                                                                                                                                                                                                                                                                                  |
| `--api-key`         | API key to use                                                                                                                                                                                                                                                                                                                                                                                                    |
| `--config`          | path to config files; they are merged if multiple                                                                                                                                                                                                                                                                                                                                                                 |
| `--log`             | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                                                                                                                                   |
| `--log-format`      | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                                                                                                                                       |
| `--log-level`       | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                                                                                                                           |

## ngrok api reserved-addrs

Reserved Addresses are TCP addresses that can be used to listen for traffic.
TCP address hostnames and ports are assigned by ngrok, they cannot be
chosen.

### SubCommands

| Command                                                                    | Description                                      |
| -------------------------------------------------------------------------- | ------------------------------------------------ |
| [create](#ngrok-api-reserved-addrs-create)                                 | Create a new reserved address.                   |
| [delete](#ngrok-api-reserved-addrs-delete)                                 | Delete a reserved address.                       |
| [delete-endpoint-config](#ngrok-api-reserved-addrs-delete-endpoint-config) | Detach the endpoint configuration attached to... |
| [get](#ngrok-api-reserved-addrs-get)                                       | Get the details of a reserved address.           |
| [list](#ngrok-api-reserved-addrs-list)                                     | List all reserved addresses on this account.     |
| [update](#ngrok-api-reserved-addrs-update)                                 | Update the attributes of a reserved address.     |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api reserved-addrs create

Create a new reserved address.

### Usage

```sh theme={null}
ngrok api reserved-addrs create [flags]
```

### Flags

| Flag                          | Description                                                                                                    |
| ----------------------------- | -------------------------------------------------------------------------------------------------------------- |
| `--description`               | human-readable description of what this reserved address will be used for                                      |
| `--endpoint-configuration-id` | ID of an endpoint configuration of type tcp that will be used to handle inbound traffic to this address        |
| `--metadata`                  | arbitrary user-defined machine-readable data of this reserved address. Optional, max 4096 bytes.               |
| `--region`                    | reserve the address in this geographic ngrok datacenter. Optional, default is us. (au, eu, ap, us, jp, in, sa) |
| `--api-key`                   | API key to use                                                                                                 |
| `--config`                    | path to config files; they are merged if multiple                                                              |
| `--log`                       | path to log file, 'stdout', 'stderr' or 'false'                                                                |
| `--log-format`                | log record format: 'term', 'logfmt', 'json'                                                                    |
| `--log-level`                 | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                        |

## ngrok api reserved-addrs delete

Delete a reserved address.

### Usage

```sh theme={null}
ngrok api reserved-addrs delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api reserved-addrs delete-endpoint-config

Detach the endpoint configuration attached to a reserved address.

### Usage

```sh theme={null}
ngrok api reserved-addrs delete-endpoint-config <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api reserved-addrs get

Get the details of a reserved address.

### Usage

```sh theme={null}
ngrok api reserved-addrs get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api reserved-addrs list

List all reserved addresses on this account.

### Usage

```sh theme={null}
ngrok api reserved-addrs list [flags]
```

### Flags

| Flag           | Description                                                                                                                                                                                                                                                                                                                                                                               |
| -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--before-id`  | Expects a resource ID as its input. Returns earlier entries in the result set, sorted by ID.                                                                                                                                                                                                                                                                                              |
| `--filter`     | A CEL expression to filter the list results. Supports logical and comparison operators to match on fields such as id, metadata, created\_at, and more. See ngrok API Filtering for syntax and field details: [https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering) ([https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering)). |
| `--limit`      | Constrains the number of results in the dataset. See the API Overview ([https://ngrok.com/docs/api/index#pagination](https://ngrok.com/docs/api/index#pagination)) for details.                                                                                                                                                                                                           |
| `--api-key`    | API key to use                                                                                                                                                                                                                                                                                                                                                                            |
| `--config`     | path to config files; they are merged if multiple                                                                                                                                                                                                                                                                                                                                         |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                                                                                                           |
| `--log-format` | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                                                                                                               |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                                                                                                   |

## ngrok api reserved-addrs update

Update the attributes of a reserved address.

### Usage

```sh theme={null}
ngrok api reserved-addrs update <id> [flags]
```

### Flags

| Flag                          | Description                                                                                             |
| ----------------------------- | ------------------------------------------------------------------------------------------------------- |
| `--description`               | human-readable description of what this reserved address will be used for                               |
| `--endpoint-configuration-id` | ID of an endpoint configuration of type tcp that will be used to handle inbound traffic to this address |
| `--metadata`                  | arbitrary user-defined machine-readable data of this reserved address. Optional, max 4096 bytes.        |
| `--api-key`                   | API key to use                                                                                          |
| `--config`                    | path to config files; they are merged if multiple                                                       |
| `--log`                       | path to log file, 'stdout', 'stderr' or 'false'                                                         |
| `--log-format`                | log record format: 'term', 'logfmt', 'json'                                                             |
| `--log-level`                 | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                 |

## ngrok api reserved-domains

Reserved Domains are hostnames that you can listen for traffic on. Domains
can be used to listen for http, https or tls traffic. You may use a domain
that you own by creating a CNAME record specified in the returned resource.
This CNAME record points traffic for that domain to ngrok's edge servers.

### SubCommands

| Command                                                                                                  | Description                                      |
| -------------------------------------------------------------------------------------------------------- | ------------------------------------------------ |
| [create](#ngrok-api-reserved-domains-create)                                                             | Create a new reserved domain.                    |
| [delete](#ngrok-api-reserved-domains-delete)                                                             | Delete a reserved domain.                        |
| [delete-certificate](#ngrok-api-reserved-domains-delete-certificate)                                     | Detach the certificate attached to a reserved... |
| [delete-certificate-management-policy](#ngrok-api-reserved-domains-delete-certificate-management-policy) | Detach the certificate management policy...      |
| [delete-http-endpoint-config](#ngrok-api-reserved-domains-delete-http-endpoint-config)                   | Detach the http endpoint configuration...        |
| [delete-https-endpoint-config](#ngrok-api-reserved-domains-delete-https-endpoint-config)                 | Detach the https endpoint configuration...       |
| [get](#ngrok-api-reserved-domains-get)                                                                   | Get the details of a reserved domain.            |
| [list](#ngrok-api-reserved-domains-list)                                                                 | List all reserved domains on this account.       |
| [update](#ngrok-api-reserved-domains-update)                                                             | Update the attributes of a reserved domain.      |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api reserved-domains create

Create a new reserved domain.

### Usage

```sh theme={null}
ngrok api reserved-domains create [flags]
```

### Flags

| Flag                                               | Description                                                                                                                                                                                                                                            |
| -------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `--certificate-id`                                 | ID of a user-uploaded TLS certificate to use for connections to targeting this domain. Optional, mutually exclusive with certificate\_management\_policy.                                                                                              |
| `--certificate-management-policy.authority`        | certificate authority to request certificates from. The only supported value is letsencrypt.                                                                                                                                                           |
| `--certificate-management-policy.private-key-type` | type of private key to use when requesting certificates. Defaults to ecdsa, can be either rsa or ecdsa.                                                                                                                                                |
| `--description`                                    | human-readable description of what this reserved domain will be used for                                                                                                                                                                               |
| `--domain`                                         | hostname of the reserved domain                                                                                                                                                                                                                        |
| `--http-endpoint-configuration-id`                 | ID of an endpoint configuration of type http that will be used to handle inbound http traffic to this domain                                                                                                                                           |
| `--https-endpoint-configuration-id`                | ID of an endpoint configuration of type https that will be used to handle inbound https traffic to this domain                                                                                                                                         |
| `--metadata`                                       | arbitrary user-defined machine-readable data of this reserved domain. Optional, max 4096 bytes.                                                                                                                                                        |
| `--name`                                           | the domain name to reserve. It may be a full domain name like app.example.com. If the name does not contain a '.' it will reserve that subdomain on ngrok.io.                                                                                          |
| `--region`                                         | deprecated: With the launch of the ngrok Global Network domains traffic is now handled globally. This field applied only to endpoints. Note that agents may still connect to specific regions. Optional, null by default. (au, eu, ap, us, jp, in, sa) |
| `--resolves-to`                                    | Region and IP resolution targets configured for the Domain.                                                                                                                                                                                            |
| `--api-key`                                        | API key to use                                                                                                                                                                                                                                         |
| `--config`                                         | path to config files; they are merged if multiple                                                                                                                                                                                                      |
| `--log`                                            | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                        |
| `--log-format`                                     | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                            |
| `--log-level`                                      | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                |

## ngrok api reserved-domains delete

Delete a reserved domain.

### Usage

```sh theme={null}
ngrok api reserved-domains delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api reserved-domains delete-certificate

Detach the certificate attached to a reserved domain.

### Usage

```sh theme={null}
ngrok api reserved-domains delete-certificate <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api reserved-domains delete-certificate-management-policy

Detach the certificate management policy attached to a reserved domain.

### Usage

```sh theme={null}
ngrok api reserved-domains delete-certificate-management-policy <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api reserved-domains delete-http-endpoint-config

Detach the http endpoint configuration attached to a reserved domain.

### Usage

```sh theme={null}
ngrok api reserved-domains delete-http-endpoint-config <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api reserved-domains delete-https-endpoint-config

Detach the https endpoint configuration attached to a reserved domain.

### Usage

```sh theme={null}
ngrok api reserved-domains delete-https-endpoint-config <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api reserved-domains get

Get the details of a reserved domain.

### Usage

```sh theme={null}
ngrok api reserved-domains get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api reserved-domains list

List all reserved domains on this account.

### Usage

```sh theme={null}
ngrok api reserved-domains list [flags]
```

### Flags

| Flag           | Description                                                                                                                                                                                                                                                                                                                                                                               |
| -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--before-id`  | Expects a resource ID as its input. Returns earlier entries in the result set, sorted by ID.                                                                                                                                                                                                                                                                                              |
| `--filter`     | A CEL expression to filter the list results. Supports logical and comparison operators to match on fields such as id, metadata, created\_at, and more. See ngrok API Filtering for syntax and field details: [https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering) ([https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering)). |
| `--limit`      | Constrains the number of results in the dataset. See the API Overview ([https://ngrok.com/docs/api/index#pagination](https://ngrok.com/docs/api/index#pagination)) for details.                                                                                                                                                                                                           |
| `--api-key`    | API key to use                                                                                                                                                                                                                                                                                                                                                                            |
| `--config`     | path to config files; they are merged if multiple                                                                                                                                                                                                                                                                                                                                         |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                                                                                                           |
| `--log-format` | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                                                                                                               |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                                                                                                   |

## ngrok api reserved-domains update

Update the attributes of a reserved domain.

### Usage

```sh theme={null}
ngrok api reserved-domains update <id> [flags]
```

### Flags

| Flag                                               | Description                                                                                                                                                                                                                                            |
| -------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `--certificate-id`                                 | ID of a user-uploaded TLS certificate to use for connections to targeting this domain. Optional, mutually exclusive with certificate\_management\_policy.                                                                                              |
| `--certificate-management-policy.authority`        | certificate authority to request certificates from. The only supported value is letsencrypt.                                                                                                                                                           |
| `--certificate-management-policy.private-key-type` | type of private key to use when requesting certificates. Defaults to ecdsa, can be either rsa or ecdsa.                                                                                                                                                |
| `--description`                                    | human-readable description of what this reserved domain will be used for                                                                                                                                                                               |
| `--http-endpoint-configuration-id`                 | ID of an endpoint configuration of type http that will be used to handle inbound http traffic to this domain                                                                                                                                           |
| `--https-endpoint-configuration-id`                | ID of an endpoint configuration of type https that will be used to handle inbound https traffic to this domain                                                                                                                                         |
| `--metadata`                                       | arbitrary user-defined machine-readable data of this reserved domain. Optional, max 4096 bytes.                                                                                                                                                        |
| `--region`                                         | deprecated: With the launch of the ngrok Global Network domains traffic is now handled globally. This field applied only to endpoints. Note that agents may still connect to specific regions. Optional, null by default. (au, eu, ap, us, jp, in, sa) |
| `--resolves-to`                                    | Region and IP resolution targets configured for the Domain.                                                                                                                                                                                            |
| `--api-key`                                        | API key to use                                                                                                                                                                                                                                         |
| `--config`                                         | path to config files; they are merged if multiple                                                                                                                                                                                                      |
| `--log`                                            | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                        |
| `--log-format`                                     | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                            |
| `--log-level`                                      | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                |

## ngrok api root

### SubCommands

| Command                      | Description                                 |
| ---------------------------- | ------------------------------------------- |
| [get](#ngrok-api-root-get)   |                                             |
| [self](#ngrok-api-root-self) | Get the details of the data used in this... |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api root get

### Usage

```sh theme={null}
ngrok api root get [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api root self

Get the details of the data used in this current request

### Usage

```sh theme={null}
ngrok api root self [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api secrets

Secrets is an api service for securely storing and managing sensitive data such as secrets, credentials, and tokens.

### SubCommands

| Command                             | Description                       |
| ----------------------------------- | --------------------------------- |
| [create](#ngrok-api-secrets-create) | Create a new Secret               |
| [delete](#ngrok-api-secrets-delete) | Delete a Secret                   |
| [get](#ngrok-api-secrets-get)       | Get a Secret by ID                |
| [list](#ngrok-api-secrets-list)     | List all Secrets owned by account |
| [update](#ngrok-api-secrets-update) | Update an existing Secret by ID   |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api secrets create

Create a new Secret

### Usage

```sh theme={null}
ngrok api secrets create [flags]
```

### Flags

| Flag            | Description                                             |
| --------------- | ------------------------------------------------------- |
| `--description` | description of Secret                                   |
| `--metadata`    | Arbitrary user-defined metadata for this Secret         |
| `--name`        | Name of secret                                          |
| `--value`       | Value of secret                                         |
| `--value-file`  | Value of secret (path to a file)                        |
| `--vault-id`    | unique identifier of the referenced vault               |
| `--vault-name`  | name of the referenced vault                            |
| `--api-key`     | API key to use                                          |
| `--config`      | path to config files; they are merged if multiple       |
| `--log`         | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format`  | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`   | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api secrets delete

Delete a Secret

### Usage

```sh theme={null}
ngrok api secrets delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api secrets get

Get a Secret by ID

### Usage

```sh theme={null}
ngrok api secrets get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api secrets list

List all Secrets owned by account

### Usage

```sh theme={null}
ngrok api secrets list [flags]
```

### Flags

| Flag           | Description                                                                                                                                                                                                                                                                                                                                                                               |
| -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--before-id`  | Expects a resource ID as its input. Returns earlier entries in the result set, sorted by ID.                                                                                                                                                                                                                                                                                              |
| `--filter`     | A CEL expression to filter the list results. Supports logical and comparison operators to match on fields such as id, metadata, created\_at, and more. See ngrok API Filtering for syntax and field details: [https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering) ([https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering)). |
| `--limit`      | Constrains the number of results in the dataset. See the API Overview ([https://ngrok.com/docs/api/index#pagination](https://ngrok.com/docs/api/index#pagination)) for details.                                                                                                                                                                                                           |
| `--api-key`    | API key to use                                                                                                                                                                                                                                                                                                                                                                            |
| `--config`     | path to config files; they are merged if multiple                                                                                                                                                                                                                                                                                                                                         |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                                                                                                           |
| `--log-format` | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                                                                                                               |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                                                                                                   |

## ngrok api secrets update

Update an existing Secret by ID

### Usage

```sh theme={null}
ngrok api secrets update <id> [flags]
```

### Flags

| Flag            | Description                                             |
| --------------- | ------------------------------------------------------- |
| `--description` | description of Secret                                   |
| `--metadata`    | Arbitrary user-defined metadata for this Secret         |
| `--name`        | Name of secret                                          |
| `--value`       | Value of secret                                         |
| `--value-file`  | Value of secret (path to a file)                        |
| `--api-key`     | API key to use                                          |
| `--config`      | path to config files; they are merged if multiple       |
| `--log`         | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format`  | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`   | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api service-users

### SubCommands

| Command                                   | Description                                |
| ----------------------------------------- | ------------------------------------------ |
| [create](#ngrok-api-service-users-create) | Create a new service user                  |
| [delete](#ngrok-api-service-users-delete) | Delete a service user by ID                |
| [get](#ngrok-api-service-users-get)       | Get the details of a Bot User by ID.       |
| [list](#ngrok-api-service-users-list)     | List all service users in this account.    |
| [update](#ngrok-api-service-users-update) | Update attributes of a service user by ID. |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api service-users create

Create a new service user

### Usage

```sh theme={null}
ngrok api service-users create [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--active`     | whether or not the service is active                    |
| `--name`       | human-readable name used to identify the service        |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api service-users delete

Delete a service user by ID

### Usage

```sh theme={null}
ngrok api service-users delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api service-users get

Get the details of a Bot User by ID.

### Usage

```sh theme={null}
ngrok api service-users get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api service-users list

List all service users in this account.

### Usage

```sh theme={null}
ngrok api service-users list [flags]
```

### Flags

| Flag           | Description                                                                                                                                                                                                                                                                                                                                                                               |
| -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--before-id`  | Expects a resource ID as its input. Returns earlier entries in the result set, sorted by ID.                                                                                                                                                                                                                                                                                              |
| `--filter`     | A CEL expression to filter the list results. Supports logical and comparison operators to match on fields such as id, metadata, created\_at, and more. See ngrok API Filtering for syntax and field details: [https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering) ([https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering)). |
| `--limit`      | Constrains the number of results in the dataset. See the API Overview ([https://ngrok.com/docs/api/index#pagination](https://ngrok.com/docs/api/index#pagination)) for details.                                                                                                                                                                                                           |
| `--api-key`    | API key to use                                                                                                                                                                                                                                                                                                                                                                            |
| `--config`     | path to config files; they are merged if multiple                                                                                                                                                                                                                                                                                                                                         |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                                                                                                           |
| `--log-format` | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                                                                                                               |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                                                                                                   |

## ngrok api service-users update

Update attributes of a service user by ID.

### Usage

```sh theme={null}
ngrok api service-users update <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--active`     | whether or not the service is active                    |
| `--name`       | human-readable name used to identify the service        |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api ssh-certificate-authorities

An SSH Certificate Authority is a pair of an SSH Certificate and its private
key that can be used to sign other SSH host and user certificates.

### SubCommands

| Command                                                 | Description                                     |
| ------------------------------------------------------- | ----------------------------------------------- |
| [create](#ngrok-api-ssh-certificate-authorities-create) | Create a new SSH Certificate Authority          |
| [delete](#ngrok-api-ssh-certificate-authorities-delete) | Delete an SSH Certificate Authority             |
| [get](#ngrok-api-ssh-certificate-authorities-get)       | Get detailed information about an SSH...        |
| [list](#ngrok-api-ssh-certificate-authorities-list)     | List all SSH Certificate Authorities on this... |
| [update](#ngrok-api-ssh-certificate-authorities-update) | Update an SSH Certificate Authority             |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api ssh-certificate-authorities create

Create a new SSH Certificate Authority

### Usage

```sh theme={null}
ngrok api ssh-certificate-authorities create [flags]
```

### Flags

| Flag                 | Description                                                                                               |
| -------------------- | --------------------------------------------------------------------------------------------------------- |
| `--description`      | human-readable description of this SSH Certificate Authority. optional, max 255 bytes.                    |
| `--elliptic-curve`   | the type of elliptic curve to use when creating an ECDSA key                                              |
| `--key-size`         | the key size to use when creating an RSA key. one of 2048 or 4096                                         |
| `--metadata`         | arbitrary user-defined machine-readable data of this SSH Certificate Authority. optional, max 4096 bytes. |
| `--private-key-type` | the type of private key to generate. one of rsa, ecdsa, ed25519                                           |
| `--api-key`          | API key to use                                                                                            |
| `--config`           | path to config files; they are merged if multiple                                                         |
| `--log`              | path to log file, 'stdout', 'stderr' or 'false'                                                           |
| `--log-format`       | log record format: 'term', 'logfmt', 'json'                                                               |
| `--log-level`        | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                   |

## ngrok api ssh-certificate-authorities delete

Delete an SSH Certificate Authority

### Usage

```sh theme={null}
ngrok api ssh-certificate-authorities delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api ssh-certificate-authorities get

Get detailed information about an SSH Certificate Authority

### Usage

```sh theme={null}
ngrok api ssh-certificate-authorities get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api ssh-certificate-authorities list

List all SSH Certificate Authorities on this account

### Usage

```sh theme={null}
ngrok api ssh-certificate-authorities list [flags]
```

### Flags

| Flag           | Description                                                                                                                                                                                                                                                                                                                                                                               |
| -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--before-id`  | Expects a resource ID as its input. Returns earlier entries in the result set, sorted by ID.                                                                                                                                                                                                                                                                                              |
| `--filter`     | A CEL expression to filter the list results. Supports logical and comparison operators to match on fields such as id, metadata, created\_at, and more. See ngrok API Filtering for syntax and field details: [https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering) ([https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering)). |
| `--limit`      | Constrains the number of results in the dataset. See the API Overview ([https://ngrok.com/docs/api/index#pagination](https://ngrok.com/docs/api/index#pagination)) for details.                                                                                                                                                                                                           |
| `--api-key`    | API key to use                                                                                                                                                                                                                                                                                                                                                                            |
| `--config`     | path to config files; they are merged if multiple                                                                                                                                                                                                                                                                                                                                         |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                                                                                                           |
| `--log-format` | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                                                                                                               |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                                                                                                   |

## ngrok api ssh-certificate-authorities update

Update an SSH Certificate Authority

### Usage

```sh theme={null}
ngrok api ssh-certificate-authorities update <id> [flags]
```

### Flags

| Flag            | Description                                                                                               |
| --------------- | --------------------------------------------------------------------------------------------------------- |
| `--description` | human-readable description of this SSH Certificate Authority. optional, max 255 bytes.                    |
| `--metadata`    | arbitrary user-defined machine-readable data of this SSH Certificate Authority. optional, max 4096 bytes. |
| `--api-key`     | API key to use                                                                                            |
| `--config`      | path to config files; they are merged if multiple                                                         |
| `--log`         | path to log file, 'stdout', 'stderr' or 'false'                                                           |
| `--log-format`  | log record format: 'term', 'logfmt', 'json'                                                               |
| `--log-level`   | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                   |

## ngrok api ssh-credentials

SSH Credentials are SSH public keys that can be used to start SSH tunnels
via the ngrok SSH tunnel gateway.

### SubCommands

| Command                                     | Description                                       |
| ------------------------------------------- | ------------------------------------------------- |
| [create](#ngrok-api-ssh-credentials-create) | Create a new ssh\_credential from an uploaded...  |
| [delete](#ngrok-api-ssh-credentials-delete) | Delete an ssh\_credential by ID                   |
| [get](#ngrok-api-ssh-credentials-get)       | Get detailed information about an ssh\_credential |
| [list](#ngrok-api-ssh-credentials-list)     | List all ssh credentials on this account          |
| [update](#ngrok-api-ssh-credentials-update) | Update attributes of an ssh\_credential by ID     |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api ssh-credentials create

Create a new ssh\_credential from an uploaded public SSH key. This ssh credential can be used to start new tunnels via ngrok's SSH gateway.

### Usage

```sh theme={null}
ngrok api ssh-credentials create [flags]
```

### Flags

| Flag             | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |
| ---------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--acl`          | optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the bind rule. The bind rule allows the caller to restrict what domains, addresses, and labels the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule bind:example.ngrok.io. Bind rules for domains may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of bind:*.example.com which will allow x.example.com, y.example.com, *.example.com, etc. Bind rules for labels may specify a wildcard key and/or value to match multiple labels. For example, you may specify a rule of bind:*=example which will allow x=example, y=example, etc. A rule of '*' is equivalent to no acl at all and will explicitly permit all actions. |
| `--description`  | human-readable description of who or what will use the ssh credential to authenticate. Optional, max 255 bytes.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
| `--metadata`     | arbitrary user-defined machine-readable data of this ssh credential. Optional, max 4096 bytes.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |
| `--owner-email`  | If supplied at credential creation, ownership will be assigned to the specified User. Only admins may specify an owner other than themselves. Both owner\_id and owner\_email may not be specified.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        |
| `--owner-id`     | If supplied at credential creation, ownership will be assigned to the specified User or Bot. Only admins may specify an owner other than themselves. Defaults to the authenticated User or Bot.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
| `--public-key`   | the PEM-encoded public key of the SSH keypair that will be used to authenticate                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
| `--scim-user-id` | If supplied at credential creation, ownership will be assigned to the specified SCIM User. Only admins may specify an owner other than themselves. Only one of owner\_id, owner\_email, or scim\_user\_id may be specified.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |
| `--api-key`      | API key to use                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |
| `--config`       | path to config files; they are merged if multiple                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
| `--log`          | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
| `--log-format`   | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |
| `--log-level`    | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |

## ngrok api ssh-credentials delete

Delete an ssh\_credential by ID

### Usage

```sh theme={null}
ngrok api ssh-credentials delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api ssh-credentials get

Get detailed information about an ssh\_credential

### Usage

```sh theme={null}
ngrok api ssh-credentials get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api ssh-credentials list

List all ssh credentials on this account

### Usage

```sh theme={null}
ngrok api ssh-credentials list [flags]
```

### Flags

| Flag           | Description                                                                                                                                                                                                                                                                                                                                                                               |
| -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--before-id`  | Expects a resource ID as its input. Returns earlier entries in the result set, sorted by ID.                                                                                                                                                                                                                                                                                              |
| `--filter`     | A CEL expression to filter the list results. Supports logical and comparison operators to match on fields such as id, metadata, created\_at, and more. See ngrok API Filtering for syntax and field details: [https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering) ([https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering)). |
| `--limit`      | Constrains the number of results in the dataset. See the API Overview ([https://ngrok.com/docs/api/index#pagination](https://ngrok.com/docs/api/index#pagination)) for details.                                                                                                                                                                                                           |
| `--api-key`    | API key to use                                                                                                                                                                                                                                                                                                                                                                            |
| `--config`     | path to config files; they are merged if multiple                                                                                                                                                                                                                                                                                                                                         |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                                                                                                           |
| `--log-format` | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                                                                                                               |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                                                                                                   |

## ngrok api ssh-credentials update

Update attributes of an ssh\_credential by ID

### Usage

```sh theme={null}
ngrok api ssh-credentials update <id> [flags]
```

### Flags

| Flag            | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |
| --------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--acl`         | optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the bind rule. The bind rule allows the caller to restrict what domains, addresses, and labels the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule bind:example.ngrok.io. Bind rules for domains may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of bind:*.example.com which will allow x.example.com, y.example.com, *.example.com, etc. Bind rules for labels may specify a wildcard key and/or value to match multiple labels. For example, you may specify a rule of bind:*=example which will allow x=example, y=example, etc. A rule of '*' is equivalent to no acl at all and will explicitly permit all actions. |
| `--description` | human-readable description of who or what will use the ssh credential to authenticate. Optional, max 255 bytes.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
| `--metadata`    | arbitrary user-defined machine-readable data of this ssh credential. Optional, max 4096 bytes.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |
| `--api-key`     | API key to use                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |
| `--config`      | path to config files; they are merged if multiple                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
| `--log`         | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
| `--log-format`  | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |
| `--log-level`   | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |

## ngrok api ssh-host-certificates

SSH Host Certificates along with the corresponding private key allows an SSH
server to assert its authenticity to connecting SSH clients who trust the
SSH Certificate Authority that was used to sign the certificate.

### SubCommands

| Command                                           | Description                                      |
| ------------------------------------------------- | ------------------------------------------------ |
| [create](#ngrok-api-ssh-host-certificates-create) | Create a new SSH Host Certificate                |
| [delete](#ngrok-api-ssh-host-certificates-delete) | Delete an SSH Host Certificate                   |
| [get](#ngrok-api-ssh-host-certificates-get)       | Get detailed information about an SSH Host...    |
| [list](#ngrok-api-ssh-host-certificates-list)     | List all SSH Host Certificates issued on this... |
| [update](#ngrok-api-ssh-host-certificates-update) | Update an SSH Host Certificate                   |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api ssh-host-certificates create

Create a new SSH Host Certificate

### Usage

```sh theme={null}
ngrok api ssh-host-certificates create [flags]
```

### Flags

| Flag                             | Description                                                                                                                                                                                                                                                                     |
| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--description`                  | human-readable description of this SSH Host Certificate. optional, max 255 bytes.                                                                                                                                                                                               |
| `--metadata`                     | arbitrary user-defined machine-readable data of this SSH Host Certificate. optional, max 4096 bytes.                                                                                                                                                                            |
| `--principals`                   | the list of principals included in the ssh host certificate. This is the list of hostnames and/or IP addresses that are authorized to serve SSH traffic with this certificate. Dangerously, if no principals are specified, this certificate is considered valid for all hosts. |
| `--public-key`                   | a public key in OpenSSH Authorized Keys format that this certificate signs                                                                                                                                                                                                      |
| `--ssh-certificate-authority-id` | the ssh certificate authority that is used to sign this ssh host certificate                                                                                                                                                                                                    |
| `--valid-after`                  | The time when the host certificate becomes valid, in RFC 3339 format. Defaults to the current time if unspecified.                                                                                                                                                              |
| `--valid-until`                  | The time when this host certificate becomes invalid, in RFC 3339 format. If unspecified, a default value of one year in the future will be used. The OpenSSH certificates RFC calls this valid\_before.                                                                         |
| `--api-key`                      | API key to use                                                                                                                                                                                                                                                                  |
| `--config`                       | path to config files; they are merged if multiple                                                                                                                                                                                                                               |
| `--log`                          | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                 |
| `--log-format`                   | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                     |
| `--log-level`                    | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                         |

## ngrok api ssh-host-certificates delete

Delete an SSH Host Certificate

### Usage

```sh theme={null}
ngrok api ssh-host-certificates delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api ssh-host-certificates get

Get detailed information about an SSH Host Certificate

### Usage

```sh theme={null}
ngrok api ssh-host-certificates get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api ssh-host-certificates list

List all SSH Host Certificates issued on this account

### Usage

```sh theme={null}
ngrok api ssh-host-certificates list [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--before-id`  |                                                         |
| `--limit`      |                                                         |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api ssh-host-certificates update

Update an SSH Host Certificate

### Usage

```sh theme={null}
ngrok api ssh-host-certificates update <id> [flags]
```

### Flags

| Flag            | Description                                                                                          |
| --------------- | ---------------------------------------------------------------------------------------------------- |
| `--description` | human-readable description of this SSH Host Certificate. optional, max 255 bytes.                    |
| `--metadata`    | arbitrary user-defined machine-readable data of this SSH Host Certificate. optional, max 4096 bytes. |
| `--api-key`     | API key to use                                                                                       |
| `--config`      | path to config files; they are merged if multiple                                                    |
| `--log`         | path to log file, 'stdout', 'stderr' or 'false'                                                      |
| `--log-format`  | log record format: 'term', 'logfmt', 'json'                                                          |
| `--log-level`   | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                              |

## ngrok api ssh-user-certificates

SSH User Certificates are presented by SSH clients when connecting to an SSH
server to authenticate their connection. The SSH server must trust the SSH
Certificate Authority used to sign the certificate.

### SubCommands

| Command                                           | Description                                      |
| ------------------------------------------------- | ------------------------------------------------ |
| [create](#ngrok-api-ssh-user-certificates-create) | Create a new SSH User Certificate                |
| [delete](#ngrok-api-ssh-user-certificates-delete) | Delete an SSH User Certificate                   |
| [get](#ngrok-api-ssh-user-certificates-get)       | Get detailed information about an SSH User...    |
| [list](#ngrok-api-ssh-user-certificates-list)     | List all SSH User Certificates issued on this... |
| [update](#ngrok-api-ssh-user-certificates-update) | Update an SSH User Certificate                   |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api ssh-user-certificates create

Create a new SSH User Certificate

### Usage

```sh theme={null}
ngrok api ssh-user-certificates create [flags]
```

### Flags

| Flag                             | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
| -------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--critical-options`             | A map of critical options included in the certificate. Only two critical options are currently defined by OpenSSH: force-command and source-address. See the OpenSSH certificate protocol spec ([https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys](https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys)) for additional details.                                                                                                                                                                                                                                                                                                                 |
| `--description`                  | human-readable description of this SSH User Certificate. optional, max 255 bytes.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |
| `--extensions`                   | A map of extensions included in the certificate. Extensions are additional metadata that can be interpreted by the SSH server for any purpose. These can be used to permit or deny the ability to open a terminal, do port forwarding, x11 forwarding, and more. If unspecified, the certificate will include limited permissions with the following extension map: \{"permit-pty": "", "permit-user-rc": ""} OpenSSH understands a number of predefined extensions. See the OpenSSH certificate protocol spec ([https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys](https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys)) for additional details. |
| `--metadata`                     | arbitrary user-defined machine-readable data of this SSH User Certificate. optional, max 4096 bytes.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
| `--principals`                   | the list of principals included in the ssh user certificate. This is the list of usernames that the certificate holder may sign in as on a machine authorizing the signing certificate authority. Dangerously, if no principals are specified, this certificate may be used to log in as any user.                                                                                                                                                                                                                                                                                                                                                                                              |
| `--public-key`                   | a public key in OpenSSH Authorized Keys format that this certificate signs                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |
| `--ssh-certificate-authority-id` | the ssh certificate authority that is used to sign this ssh user certificate                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |
| `--valid-after`                  | The time when the user certificate becomes valid, in RFC 3339 format. Defaults to the current time if unspecified.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |
| `--valid-until`                  | The time when this host certificate becomes invalid, in RFC 3339 format. If unspecified, a default value of 24 hours will be used. The OpenSSH certificates RFC calls this valid\_before.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
| `--api-key`                      | API key to use                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
| `--config`                       | path to config files; they are merged if multiple                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |
| `--log`                          | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |
| `--log-format`                   | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
| `--log-level`                    | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |

## ngrok api ssh-user-certificates delete

Delete an SSH User Certificate

### Usage

```sh theme={null}
ngrok api ssh-user-certificates delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api ssh-user-certificates get

Get detailed information about an SSH User Certificate

### Usage

```sh theme={null}
ngrok api ssh-user-certificates get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api ssh-user-certificates list

List all SSH User Certificates issued on this account

### Usage

```sh theme={null}
ngrok api ssh-user-certificates list [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--before-id`  |                                                         |
| `--limit`      |                                                         |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api ssh-user-certificates update

Update an SSH User Certificate

### Usage

```sh theme={null}
ngrok api ssh-user-certificates update <id> [flags]
```

### Flags

| Flag            | Description                                                                                          |
| --------------- | ---------------------------------------------------------------------------------------------------- |
| `--description` | human-readable description of this SSH User Certificate. optional, max 255 bytes.                    |
| `--metadata`    | arbitrary user-defined machine-readable data of this SSH User Certificate. optional, max 4096 bytes. |
| `--api-key`     | API key to use                                                                                       |
| `--config`      | path to config files; they are merged if multiple                                                    |
| `--log`         | path to log file, 'stdout', 'stderr' or 'false'                                                      |
| `--log-format`  | log record format: 'term', 'logfmt', 'json'                                                          |
| `--log-level`   | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                              |

## ngrok api tls-certificates

TLS Certificates are pairs of x509 certificates and their matching private
key that can be used to terminate TLS traffic. TLS certificates are unused
until they are attached to a Domain. TLS Certificates may also be
provisioned by ngrok automatically for domains on which you have enabled
automated certificate provisioning.

### SubCommands

| Command                                      | Description                                      |
| -------------------------------------------- | ------------------------------------------------ |
| [create](#ngrok-api-tls-certificates-create) | Upload a new TLS certificate                     |
| [delete](#ngrok-api-tls-certificates-delete) | Delete a TLS certificate                         |
| [get](#ngrok-api-tls-certificates-get)       | Get detailed information about a TLS certificate |
| [list](#ngrok-api-tls-certificates-list)     | List all TLS certificates on this account        |
| [update](#ngrok-api-tls-certificates-update) | Update attributes of a TLS Certificate by ID     |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api tls-certificates create

Upload a new TLS certificate

### Usage

```sh theme={null}
ngrok api tls-certificates create [flags]
```

### Flags

| Flag                | Description                                                                                                                                                                                                |
| ------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--certificate-pem` | chain of PEM-encoded certificates, leaf first. See Certificate Bundles ([https://ngrok.com/docs/cloud-edge/endpoints#certificate-chains](https://ngrok.com/docs/cloud-edge/endpoints#certificate-chains)). |
| `--description`     | human-readable description of this TLS certificate. optional, max 255 bytes.                                                                                                                               |
| `--metadata`        | arbitrary user-defined machine-readable data of this TLS certificate. optional, max 4096 bytes.                                                                                                            |
| `--private-key-pem` | private key for the TLS certificate, PEM-encoded. See Private Keys ([https://ngrok.com/docs/cloud-edge/endpoints#private-keys](https://ngrok.com/docs/cloud-edge/endpoints#private-keys)).                 |
| `--api-key`         | API key to use                                                                                                                                                                                             |
| `--config`          | path to config files; they are merged if multiple                                                                                                                                                          |
| `--log`             | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                            |
| `--log-format`      | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                |
| `--log-level`       | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                    |

## ngrok api tls-certificates delete

Delete a TLS certificate

### Usage

```sh theme={null}
ngrok api tls-certificates delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api tls-certificates get

Get detailed information about a TLS certificate

### Usage

```sh theme={null}
ngrok api tls-certificates get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api tls-certificates list

List all TLS certificates on this account

### Usage

```sh theme={null}
ngrok api tls-certificates list [flags]
```

### Flags

| Flag           | Description                                                                                                                                                                                                                                                                                                                                                                               |
| -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--before-id`  | Expects a resource ID as its input. Returns earlier entries in the result set, sorted by ID.                                                                                                                                                                                                                                                                                              |
| `--filter`     | A CEL expression to filter the list results. Supports logical and comparison operators to match on fields such as id, metadata, created\_at, and more. See ngrok API Filtering for syntax and field details: [https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering) ([https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering)). |
| `--limit`      | Constrains the number of results in the dataset. See the API Overview ([https://ngrok.com/docs/api/index#pagination](https://ngrok.com/docs/api/index#pagination)) for details.                                                                                                                                                                                                           |
| `--api-key`    | API key to use                                                                                                                                                                                                                                                                                                                                                                            |
| `--config`     | path to config files; they are merged if multiple                                                                                                                                                                                                                                                                                                                                         |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                                                                                                           |
| `--log-format` | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                                                                                                               |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                                                                                                   |

## ngrok api tls-certificates update

Update attributes of a TLS Certificate by ID

### Usage

```sh theme={null}
ngrok api tls-certificates update <id> [flags]
```

### Flags

| Flag            | Description                                                                                     |
| --------------- | ----------------------------------------------------------------------------------------------- |
| `--description` | human-readable description of this TLS certificate. optional, max 255 bytes.                    |
| `--metadata`    | arbitrary user-defined machine-readable data of this TLS certificate. optional, max 4096 bytes. |
| `--api-key`     | API key to use                                                                                  |
| `--config`      | path to config files; they are merged if multiple                                               |
| `--log`         | path to log file, 'stdout', 'stderr' or 'false'                                                 |
| `--log-format`  | log record format: 'term', 'logfmt', 'json'                                                     |
| `--log-level`   | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                         |

## ngrok api tunnel-sessions

Tunnel Sessions represent instances of ngrok agents or SSH reverse tunnel
sessions that are running and connected to the ngrok service. Each tunnel
session can include one or more Tunnels.

### SubCommands

| Command                                       | Description                                       |
| --------------------------------------------- | ------------------------------------------------- |
| [get](#ngrok-api-tunnel-sessions-get)         | Get the detailed status of a tunnel session by ID |
| [list](#ngrok-api-tunnel-sessions-list)       | List all online tunnel sessions running on...     |
| [restart](#ngrok-api-tunnel-sessions-restart) | Issues a command instructing the ngrok agent...   |
| [stop](#ngrok-api-tunnel-sessions-stop)       | Issues a command instructing the ngrok agent...   |
| [update](#ngrok-api-tunnel-sessions-update)   | Issues a command instructing the ngrok agent...   |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api tunnel-sessions get

Get the detailed status of a tunnel session by ID

### Usage

```sh theme={null}
ngrok api tunnel-sessions get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api tunnel-sessions list

List all online tunnel sessions running on this account.

### Usage

```sh theme={null}
ngrok api tunnel-sessions list [flags]
```

### Flags

| Flag           | Description                                                                                                                                                                                                                                                                                                                                                                               |
| -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--before-id`  | Expects a resource ID as its input. Returns earlier entries in the result set, sorted by ID.                                                                                                                                                                                                                                                                                              |
| `--filter`     | A CEL expression to filter the list results. Supports logical and comparison operators to match on fields such as id, metadata, created\_at, and more. See ngrok API Filtering for syntax and field details: [https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering) ([https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering)). |
| `--limit`      | Constrains the number of results in the dataset. See the API Overview ([https://ngrok.com/docs/api/index#pagination](https://ngrok.com/docs/api/index#pagination)) for details.                                                                                                                                                                                                           |
| `--api-key`    | API key to use                                                                                                                                                                                                                                                                                                                                                                            |
| `--config`     | path to config files; they are merged if multiple                                                                                                                                                                                                                                                                                                                                         |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                                                                                                           |
| `--log-format` | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                                                                                                               |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                                                                                                   |

## ngrok api tunnel-sessions restart

Issues a command instructing the ngrok agent to restart. The agent restarts itself by calling exec() on platforms that support it. This operation is notably not supported on Windows. When an agent restarts, it reconnects with a new tunnel session ID.

### Usage

```sh theme={null}
ngrok api tunnel-sessions restart <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api tunnel-sessions stop

Issues a command instructing the ngrok agent that started this tunnel session to exit.

### Usage

```sh theme={null}
ngrok api tunnel-sessions stop <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api tunnel-sessions update

Issues a command instructing the ngrok agent to update itself to the latest version. After this call completes successfully, the ngrok agent will be in the update process. A caller should wait some amount of time to allow the update to complete (at least 10 seconds) before making a call to the Restart endpoint to request that the agent restart itself to start using the new code. This call will never update an ngrok agent to a new major version which could cause breaking compatibility issues. If you wish to update to a new major version, that must be done manually. Still, please be aware that updating your ngrok agent could break your integration. This call will fail in any of the following circumstances: there is no update available the ngrok agent's configuration disabled update checks the agent is currently in process of updating the agent has already successfully updated but has not yet been restarted

### Usage

```sh theme={null}
ngrok api tunnel-sessions update <id> [flags]
```

### Flags

| Flag           | Description                                                                                          |
| -------------- | ---------------------------------------------------------------------------------------------------- |
| `--version`    | request that the ngrok agent update to this specific version instead of the latest available version |
| `--api-key`    | API key to use                                                                                       |
| `--config`     | path to config files; they are merged if multiple                                                    |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'                                                      |
| `--log-format` | log record format: 'term', 'logfmt', 'json'                                                          |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                              |

## ngrok api tunnels

Tunnels provide endpoints to access services exposed by a running ngrok
agent tunnel session or an SSH reverse tunnel session.

### SubCommands

| Command                         | Description                                     |
| ------------------------------- | ----------------------------------------------- |
| [get](#ngrok-api-tunnels-get)   | Get the status of a tunnel by ID                |
| [list](#ngrok-api-tunnels-list) | List all online tunnels currently running on... |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api tunnels get

Get the status of a tunnel by ID

### Usage

```sh theme={null}
ngrok api tunnels get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api tunnels list

List all online tunnels currently running on the account.

### Usage

```sh theme={null}
ngrok api tunnels list [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--before-id`  |                                                         |
| `--limit`      |                                                         |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api vaults

Vaults is an api service for securely storing and managing sensitive data such as secrets, credentials, and tokens.

### SubCommands

| Command                                                        | Description                      |
| -------------------------------------------------------------- | -------------------------------- |
| [create](#ngrok-api-vaults-create)                             | Create a new Vault               |
| [delete](#ngrok-api-vaults-delete)                             | Delete a Vault                   |
| [get](#ngrok-api-vaults-get)                                   | Get a Vault by ID                |
| [get-secrets-by-vault](#ngrok-api-vaults-get-secrets-by-vault) | Get Secrets by Vault ID          |
| [list](#ngrok-api-vaults-list)                                 | List all Vaults owned by account |
| [update](#ngrok-api-vaults-update)                             | Update an existing Vault by ID   |

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api vaults create

Create a new Vault

### Usage

```sh theme={null}
ngrok api vaults create [flags]
```

### Flags

| Flag            | Description                                             |
| --------------- | ------------------------------------------------------- |
| `--description` | description of Vault                                    |
| `--metadata`    | Arbitrary user-defined metadata for this Vault          |
| `--name`        | Name of vault                                           |
| `--api-key`     | API key to use                                          |
| `--config`      | path to config files; they are merged if multiple       |
| `--log`         | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format`  | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`   | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api vaults delete

Delete a Vault

### Usage

```sh theme={null}
ngrok api vaults delete <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api vaults get

Get a Vault by ID

### Usage

```sh theme={null}
ngrok api vaults get <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api vaults get-secrets-by-vault

Get Secrets by Vault ID

### Usage

```sh theme={null}
ngrok api vaults get-secrets-by-vault <id> [flags]
```

### Flags

| Flag           | Description                                             |
| -------------- | ------------------------------------------------------- |
| `--before-id`  |                                                         |
| `--limit`      |                                                         |
| `--api-key`    | API key to use                                          |
| `--config`     | path to config files; they are merged if multiple       |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format` | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit' |

## ngrok api vaults list

List all Vaults owned by account

### Usage

```sh theme={null}
ngrok api vaults list [flags]
```

### Flags

| Flag           | Description                                                                                                                                                                                                                                                                                                                                                                               |
| -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--before-id`  | Expects a resource ID as its input. Returns earlier entries in the result set, sorted by ID.                                                                                                                                                                                                                                                                                              |
| `--filter`     | A CEL expression to filter the list results. Supports logical and comparison operators to match on fields such as id, metadata, created\_at, and more. See ngrok API Filtering for syntax and field details: [https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering) ([https://ngrok.com/docs/api/api-filtering](https://ngrok.com/docs/api/api-filtering)). |
| `--limit`      | Constrains the number of results in the dataset. See the API Overview ([https://ngrok.com/docs/api/index#pagination](https://ngrok.com/docs/api/index#pagination)) for details.                                                                                                                                                                                                           |
| `--api-key`    | API key to use                                                                                                                                                                                                                                                                                                                                                                            |
| `--config`     | path to config files; they are merged if multiple                                                                                                                                                                                                                                                                                                                                         |
| `--log`        | path to log file, 'stdout', 'stderr' or 'false'                                                                                                                                                                                                                                                                                                                                           |
| `--log-format` | log record format: 'term', 'logfmt', 'json'                                                                                                                                                                                                                                                                                                                                               |
| `--log-level`  | logging level: 'debug', 'info', 'warn', 'error', 'crit'                                                                                                                                                                                                                                                                                                                                   |

## ngrok api vaults update

Update an existing Vault by ID

### Usage

```sh theme={null}
ngrok api vaults update <id> [flags]
```

### Flags

| Flag            | Description                                             |
| --------------- | ------------------------------------------------------- |
| `--description` | description of Vault                                    |
| `--metadata`    | Arbitrary user-defined metadata for this Vault          |
| `--name`        | Name of vault                                           |
| `--api-key`     | API key to use                                          |
| `--config`      | path to config files; they are merged if multiple       |
| `--log`         | path to log file, 'stdout', 'stderr' or 'false'         |
| `--log-format`  | log record format: 'term', 'logfmt', 'json'             |
| `--log-level`   | logging level: 'debug', 'info', 'warn', 'error', 'crit' |
