Hi, jmqst011@gmail.com!

We did a lot in 2025. If you use ngrok but don’t follow every update (honestly, healthy behavior), here’s the short version:

Last year, ngrok completed its transformation from "that public URLs for localhost company" into one gateway for all your traffic.

If you'll indulge me for ~90 seconds, let's recap what shipped to set the stage for what's to come.

We started the year helping you avoid footguns when exposing services on the big bad internet.

• Basic Auth for Traffic Policy — protect endpoints without building auth first
• Gateway-level circuit breakers — fail fast instead of cascading
• IP Intelligence + bot detection — block unwanted traffic without maintaining lists

Spring was an inflection point on scale and prod-readiness.

• Cloud Endpoints — always-on gateways that run on our cloud and securely route to anything behind it
• Endpoint Pools — scale services without standing up complex load balancers locked to a single cloud
• Gateway API support — manage a global API gateway with the K8s resources you already hate... I mean have
• Local projection for Kubernetes — develop locally and test against staging without VPNs

Summer made gateways programmable and even more Docker-friendly.

• Docker Desktop extension — share containers publicly without changing how you work

• Go SDK v2 — embed secure tunnels directly into Go applications

• http-request Traffic Policy action — call internal APIs to validate auth or enrich requests

Rolling into the fall, we doubled down on security.

• Built-in WAF (OWASP CRS) — block volumetric attacks before they hit upstreams

• HIPAA compliance — run regulated workloads with health information across ngrok
• Secrets for Traffic Policy — stop putting secrets in configs

Finally, we ended the year with an opinionated new product on where infrastructure is headed.

• ngrok AI Gateway — early access to one gateway for every AI model

These might not be ships, but they're worth a read.

• What is prompt caching? (This also convinced ngrok's founder Alan to tweet for the first time in 800 years.)
• From nginx to ngrok: Dogfooding our own website with Traffic Policy
• What millions of requests taught us about building a WAF
• Dozens of examples of putting all your traffic on one gateway

Finally, what did we ship over the New Year?

• We made the ngrok.ai early access experience nicer across the board, starting with a new onboarding flow that helps you bring your own provider API keys. You can still get early access!
• We have a bunch of new guides, too:
  • Using ngrok as your MCP gateway
  • Access CI/CD deploy previews on secure URLs
  • Projecting local services into remote K8s clusters
  • More ways to route by any request property
  • One place to find all the ways to add auth
• New API filtering helps you automate ngrok with fewer API calls and less integration code, all evaluated server-side.
• Finally, region pinning and dedicated IPs landed in early access.

If you want to dig deeper, hit reply and tell me what you’re building. I really do read them. I'll be back next month with all the rest that's to come as we earn the coveted spot as the one gateway for all your traffic.

Joel at ngrok

Your trust in us matters. Learn more about security at ngrok.