Ngrok
Ngrok creates secure tunnels to locally hosted applications, enabling developers to share and test webhooks or services without configuring complex network settings
Verdict
Common use cases
- Audit active tunnels during incident triage
- Rotate API keys after a contractor leaves
- Check which IPs can access your endpoints
- List HTTPS edge configs before a deploy
- Revoke compromised credentials in seconds
Integration
- Vendor
- Ngrok
- Category
- developer-tools
- Auth
- API_KEY
- Tools
- 9
- Composio slug
ngrok
Tools
- Create API Key
Creates a new api key for authenticating with the ngrok api. this tool allows programmatic creation of api keys that can be used to access ngrok's api services.
- Delete API Keydestructive
Delete an api key by its id. this action permanently removes the specified api key from your ngrok account. this is an important security feature that allows users to revoke access when an api key is compromised or no longer needed. once de
- Get IP Restriction Details
This tool retrieves detailed information about a specific ip restriction by its id. it is used to control which ip addresses can access ngrok resources, including the api, by fetching complete details of the ip restriction. this action is e
- List Active Tunnels
List all active tunnels in the ngrok account. this tool lists all active tunnels in the ngrok account, providing details such as tunnel id, public url, start time, protocol, configuration details, and metadata. it requires no input paramete
- List All Endpoints
List all active endpoints on the ngrok account. this tool will list all active endpoints on the ngrok account, providing visibility into running tunnels and endpoints. it requires no input parameters beyond authentication and serves as a fu
- List API Keys
This tool lists all api keys owned by the user. the api keys are used to authenticate api requests to ngrok's rest api. the endpoint returns a paginated list of api keys.
- List HTTPS Edges
Lists all https edges in your ngrok account. https edges are configurations that tell ngrok how to handle https traffic. the action returns a paginated list of all https edges associated with your account.
- List IP Policy Rules
This tool lists all ip policy rules associated with your ngrok account. it retrieves detailed information including rule id, creation timestamp, description, metadata, cidr, the associated ip policy, and the action (allow or deny) for each
- List IP Restrictions
This tool retrieves a list of all ip restrictions configured on the ngrok account. it allows users to audit and review all ip-based access restrictions on their ngrok account for enhanced security management. the api endpoint supports pagin
Setup
Setup guide
- 11. In Switchy, open the Space where you want to use Ngrok and click 'Add Integration' in the sidebar. 2. Search for 'Ngrok' and select it from the developer tools category. 3. You'll be prompted to paste an Ngrok API key — generate one at dashboard.ngrok.com/api/keys with at least read:tunnels, write:api_keys, and read:ip_restrictions scopes. 4. Paste the key into Switchy and click 'Connect'. 5. To test, type '@ngrok list all active tunnels' in the Space chat — you should see a response listing your current tunnels (or an empty list if none are running). 6. If you see an auth error, verify the key has the correct scopes and hasn't been revoked. 7. Once connected, any team member in that Space can @mention Ngrok to invoke its tools.
What teammates see: by default, memories from Ngrok are scoped to the Space (PROJECT visibility) - you can mark any memory PRIVATE or share it ORG-wide.
Works well with
Top models
Compatibility data appears once enough Spaces have used this MCP together with a given model.
How Switchy teams use it
Starter prompts
List Active Tunnels
@ngrok list all active tunnels in my account and show the public URL, protocol, and start time for each oneOpen in a Space →
Create API Key
@ngrok create a new api key with description 'CI pipeline key for staging environment' and return the key ID and secretOpen in a Space →
Audit IP Restrictions
@ngrok list all ip policy rules and show the CIDR ranges, descriptions, and which policies they're attached toOpen in a Space →
Check HTTPS Edges
@ngrok list all https edges and include their hostnames, backend URLs, and any attached modules or policiesOpen in a Space →
Revoke Old API Key
@ngrok delete the api key with id 'ak_2example' and confirm it has been permanently removed from my accountOpen in a Space →
Example outputs
Illustrative - representative of the model's voice and quality, not literal recordings.
@ngrok list all active tunnels and show me which ones are using HTTPS with their public URLs
Here are your 3 active ngrok tunnels: 1. **prod-api-tunnel** (HTTPS) - Public URL: https://abc123.ngrok.io - Started: 2 hours ago - Forwarding to: localhost:8080 2. **staging-webhook** (HTTPS) - Public URL: https://def456.ngrok.io - Started: 45 minutes ago - Forwarding to: localhost:3000 3. **dev-test** (HTTP) - Public URL: http://ghi789.ngrok.io - Started: 15 minutes ago - Forwarding to: localhost:5000 This is an illustrative example showing typical tunnel metadata. Your actual tunnel list will reflect your current ngrok session state.
This example demonstrates read-only monitoring of your ngrok infrastructure. Requires a valid API key with tunnel read permissions. Tunnel data is ephemeral—tunnels disappear from this list when the ngrok agent disconnects. Use this to audit which services are currently exposed and verify HTTPS configuration before sharing URLs externally.
@ngrok create a new API key named 'ci-pipeline-key' with a description for our GitHub Actions deployment workflow
Successfully created API key 'ci-pipeline-key': **Key ID:** ak_2Xm9pQr7Tn4K **Description:** GitHub Actions deployment workflow **Created:** Just now **Secret:** nk_2Xm9pQr7Tn4K8vLp3Qs1Wz6Yh5Jf9Gd (shown once) ⚠️ **Important:** Copy this secret now—it won't be displayed again. Store it securely in your GitHub repository secrets as `NGROK_API_KEY`. This illustrative example shows the one-time secret reveal pattern. Your actual key will have different identifiers and should be rotated regularly.
This write operation creates a permanent credential with full API access scope. The secret is shown only once at creation—if lost, you must delete and recreate the key. Consider this a security-sensitive action: the new key can manage all ngrok resources until explicitly revoked. Always use least-privilege scoping when ngrok adds granular permission controls.
@ngrok review my IP restriction rules and HTTPS edge configurations, then summarize any security gaps where public endpoints lack IP allowlisting
**Security Analysis of Your Ngrok Configuration:** You have 4 HTTPS edges and 2 IP policy rules configured. Here's what I found: **Potential Gaps:** - **prod-api-edge** (https://api.example.ngrok.io): No IP restrictions applied. This edge is publicly accessible from any IP address. - **staging-dashboard-edge**: Similarly unrestricted. **Properly Secured:** - **admin-panel-edge**: Protected by IP policy 'office-allowlist' (allows 203.0.113.0/24) - **internal-tools-edge**: Protected by 'vpn-only' policy This illustrative example combines data from multiple tools. Your actual configuration will show different edge names and CIDR blocks based on your account setup.
This synthesis example showcases the AI's ability to correlate IP policies with edge configurations across multiple API calls. It requires read access to both HTTPS edges and IP restriction resources. The analysis is only as current as the last API fetch—changes made outside this Space won't appear until the next query. Use this for periodic security audits, not real-time monitoring.
Use-case deep-dives
When Ngrok beats mock servers for webhook integration work
A 3-person dev team building a Stripe payment flow needs to test webhooks locally before deploying. Ngrok's List Active Tunnels and Create API Key tools let the team spin up a public URL pointing to localhost, verify the webhook payload in real time, and tear it down when the feature ships. This beats mock servers when you need the actual third-party service to hit your local machine. The trade-off: if your webhook logic depends on production secrets or database state, Ngrok only solves the routing problem—you still need to mock the data layer. Use this when the integration vendor (Stripe, Twilio, GitHub) requires a live HTTPS endpoint and your local environment is already set up to handle the request.
Ngrok for ad-hoc client previews without a deploy pipeline
A 5-person agency team needs to show a client a staging build before the sprint ends, but their CI/CD pipeline only deploys to production. Ngrok's List Endpoints and List HTTPS Edges tools let a developer expose the staging server on a temporary public URL, share it in Slack, and shut it down after the call. This works when the demo is low-stakes and the staging server is already running locally or on a private network. The boundary: if the client needs the link for more than a few hours, or if the staging environment has sensitive data, Ngrok's ephemeral tunnels and IP restriction tools won't replace a proper staging deploy. Use this for same-day demos where spinning up infrastructure is slower than sharing a tunnel.
When Ngrok helps support engineers debug customer issues live
A 2-person support team at a SaaS company gets a ticket about a broken OAuth flow that only happens in the customer's environment. The engineer uses Ngrok's Create API Key and List IP Policy Rules tools to tunnel their local instance to the customer's callback URL, reproduce the issue in real time, and capture logs without deploying a debug build. This beats screen-sharing when the bug is tied to network conditions or third-party redirects. The limit: if the customer's environment has strict IP whitelisting or the issue requires production data, Ngrok's tunnel won't bypass those constraints. Use this when the reproduction path is clear and the engineer needs to iterate on a fix faster than the deploy cycle allows.
Frequently asked
What does the Ngrok MCP do in Switchy?
It lets your AI agents manage ngrok tunnels and API access directly from Switchy. You can create and list active tunnels, manage API keys, configure HTTPS edges, and control IP restrictions without leaving the workspace. Useful when your team needs to expose local dev servers or manage ngrok infrastructure programmatically during development workflows.
Do I need an ngrok account to use this MCP?
Yes. You need an existing ngrok account and an API key with appropriate permissions. The MCP authenticates using your ngrok API key, so whoever connects it must have access to generate or retrieve one from the ngrok dashboard. Free ngrok accounts work, but some tools like HTTPS edges require a paid plan.
Can the MCP start new ngrok tunnels from Switchy?
No. It can list active tunnels and endpoints, but it can't start new tunnels. To create a tunnel, you still need to run the ngrok CLI or agent on your local machine. The MCP is for managing ngrok's API resources — keys, IP policies, edge configurations — not for launching tunnels themselves.
How is this different from just using the ngrok CLI?
The CLI starts tunnels; this MCP manages your ngrok account infrastructure. If your team needs to rotate API keys, audit active endpoints, or configure IP restrictions as part of a larger automation, the MCP lets AI agents do that without switching to the ngrok dashboard or writing custom scripts.
Who on the team should connect the Ngrok MCP?
Whoever manages your ngrok account and has an API key. Typically a DevOps lead or backend engineer. Since the MCP can delete API keys and modify IP policies, don't connect it with a key that has broader permissions than your team needs for day-to-day tunnel management.