Implement the 'Front Door' Pattern
The Front Door pattern is a common API gateway design where a single public endpoint serves as the centralized entrance to your upstream services.
Why use this pattern? It creates a clear boundary between your public-facing gateway and your internal services and creates a consistent interface for exposing them to the public internet. This simplifies how you manage , helps you route traffic to multiple services, and gives you a unified place to apply gateway-wide policies like authentication, rate limiting, and more.
With this pattern, you can:
- Host any number of services under a single hostname (e.g.
your-company.com) by routing via path, subdomain, headers, or any other Traffic Policy variable. - Apply certain policies like authentication at your gateway, then layer in other policies for specific services.
- Prevent your services or their host systems from being exposed to the public internet.
- Give infrastructure and platform teams control over creating consistent global policy while also allowing developers to manage how traffic reaches their services.
1. Create an endpoint for your service
Start an internal Agent Endpoint, replacing $PORT based on where your service listens.
You can also use one of our SDKs or the Kubernetes Operator.
Loading…
2. Reserve a domain
Navigate to the Domains section of the ngrok dashboard and click New + to reserve a free static domain like https://your-service.ngrok.app or a custom domain you already own.
3. Create a Cloud Endpoint
Navigate to the Endpoints section of the ngrok dashboard, then click New + and Cloud Endpoint.
In the URL field, enter the domain you just reserved to finish creating your Cloud Endpoint.
4. Add routing to your service with Traffic Policy
While still viewing your new cloud endpoint in the dashboard, copy and paste the policy below into the Traffic Policy editor.
Loading…
What's happening here? The traffic policy engine forwards all HTTP requests to the internal agent endpoint you created at https://service.internal.
5. Try out your endpoint
Visit the domain you reserved either in the browser or in the terminal using a tool like curl.
You should see the app or service at the port connected to your internal Agent Endpoint.
Optional: Add a second service and routing
If you have another service to host under the front door pattern, start another agent.
Loading…
Next, update your policy to route traffic based on the path.
Copy and paste the policy below into the ngrok dashboard, replacing /one and /two with the paths you'd like to use for routing traffic to each service.
Loading…
What's happening here? The traffic policy engine forwards all HTTP requests to the /one path to the internal agent endpoint at https://service.internal and requests to the /two path to https://service-two.internal.
What's next?
- Traffic Policy enables you to do many more things worth your endpoints.
For example, try adding authentication to your endpoint with the
oauthaction orbasic-authaction actions. - View your traffic in Traffic Inspector to find potential issues or observe patterns of traffic you may way to block using additional policies on your Cloud Endpoint.