How to implement mutual TLS (mTLS) with ngrok’s API gateway

To implement mutual TLS (mTLS) with ngrok's API gateway, you need to generate public and private keys for a certificate authority (CA), create a self-signed CA certificate, and then generate certificates for your client. You configure the ngrok agent to terminate TLS on the server and reject all requests missing a certificate signed by your CA. To verify mTLS is configured correctly, send a request without passing the client's certificate and check for a TLS error response. With mTLS enabled, you can access your API with a certificate and private key, establishing non-repudiation in how API consumers interact with your service. ngrok provides a free account to help meet security best practices, saving you from configuring web servers or deploying custom DNS, and enabling you to get to production quickly without complex reverse proxies or wrestling with your ops team. Once mTLS is enabled, you can extend your API gateway goodness with additional policies and a developer-first configuration workflow.