Secure site-to-site connectivity: Implement now with ngrok’s new guides

Many organizations rely on ngrok to establish secure connectivity to third-party APIs, databases, device service API endpoints, and more running at external sites such as their customers’ networks. Connectivity to external sites unlocks a wide range of use cases, and numerous third-party providers offer APIs for interacting with their services—even those normally consumed via other means. ngrok helps you securely access third-party APIs, databases, and IoT service API endpoints running at external sites to offer unique capabilities to your customers. 

Who needs secure access to external networks?

Customers in a wide range of industries use ngrok to connect to their customers’ APIs, databases, and device service APIs in external networks. Some examples include:  

• SaaS-based vulnerability scanning applications that scan data in customer databases and access their customer’s local JIRA instance via JIRA’s API to automatically create issues needed to mitigate security concerns
• Dental office management software that integrates with multiple tools for scheduling, billing, and insurance verification to offer a comprehensive solution to its customers
• Retail stores, franchises, and remote factories manage point-of-sale (POS) devices and factory robots across the world using IoT service APIs

What could you build if you could access third-party APIs, databases, device APIs, and other resources that reside in an external network? 

Site-to-site connectivity enables one organization to consume another organization's APIs, and access their databases, device service APIs, and other resources in a secure, frictionless manner, without the need to ask customers to open inbound ports on their firewalls. 

Connecting to customer networks typically requires reconfiguring networking resources and places a significant burden on the customer’s IT team. ngrok equips you to access these customer APIs, databases, and device APIs without setting up complicated site-to-site VPNs, VPCs, PrivateLinks, or firewall configurations. Instead, you can just offload traffic management and security to ngrok’s global network. 

Meet the guides

We’ve crafted comprehensive guides offering step-by-step instructions, with code examples, to enable you to achieve:

• Site-to-site connectivity to APIs with mTLS
• Site-to-site connectivity to databases with mTLS
• Site-to-site connectivity to APIs on devices with mTLS
• Site-to-site connectivity to APIs without mTLS*
• Site-to-site connectivity to databases without mTLS*

*While we highly recommend encrypting your traffic, we’ve provided the steps to connect to APIs and databases at external sites without mTLS to get you started with implementation and proof of concept. 

This thorough approach to our guides ensures you have all the information you need in one place to perform the following steps:

1. Install the agent on the external site (i.e. your customer’s network)
2. Get an ngrok API key
3. Configure a custom agent ingress address
4. Create a customer wildcard domain
5. Create a bot user
6. Create an agent authtoken with ACL
7. Configure the ngrok agent API
8. Start tunnels in the external site with or without mTLS
9. Access APIs or databases—including instructions for using stunnel to encrypt TCP database traffic

These steps empower you to whitelist the address the ngrok agent uses to connect to the ngrok service and to connect to the agent running in the customer’s network using the agent API. 

Get started with ngrok for site-to-site connectivity today

Our new guides comprehensively explain how to perform the steps outlined above, enabling you to access APIs and databases at external sites independently. However, we want you to feel supported throughout this process. If you have questions, issues, or features to request, you can always find us on X, in the ngrok Slack community, or directly at support@ngrok.com.