{
"type": "object",
"properties": {
"PCID": {
"type": "string",
"description": "Pink Connect ID for the authenticated connection"
},
"edge_id": {
"type": "string",
"description": "unique identifier of this edge"
},
"id": {
"type": "string",
"description": "unique identifier of this edge route"
},
"backend": {
"type": "object",
"description": "The backend value",
"properties": {
"enabled": {
"type": "boolean",
"description": "`true` if the module will be applied to traffic, `false` to disable. default `true` if unspecified"
},
"backend_id": {
"type": "string",
"description": "backend to be used to back this endpoint"
}
}
},
"circuit_breaker": {
"type": "object",
"description": "Circuit Breaker",
"properties": {
"enabled": {
"type": "boolean",
"description": "`true` if the module will be applied to traffic, `false` to disable. default `true` if unspecified"
},
"tripped_duration": {
"type": "integer",
"description": "Integer number of seconds after which the circuit is tripped to wait before re-evaluating upstream health"
},
"rolling_window": {
"type": "integer",
"description": "Integer number of seconds in the statistical rolling window that metrics are retained for."
},
"num_buckets": {
"type": "integer",
"description": "Integer number of buckets into which metrics are retained. Max 128."
},
"volume_threshold": {
"type": "integer",
"description": "Integer number of requests in a rolling window that will trip the circuit. Helpful if traffic volume is low."
},
"error_threshold_percentage": {
"type": "number",
"description": "Error threshold percentage should be between 0 - 1.0, not 0-100.0"
}
}
},
"compression": {
"type": "object",
"description": "The compression value",
"properties": {
"enabled": {
"type": "boolean",
"description": "`true` if the module will be applied to traffic, `false` to disable. default `true` if unspecified"
}
}
},
"description": {
"type": "string",
"description": "human-readable description of what this edge will be used for; optional, max 255 bytes."
},
"ip_restriction": {
"type": "object",
"description": "Ip Restriction",
"properties": {
"enabled": {
"type": "boolean",
"description": "`true` if the module will be applied to traffic, `false` to disable. default `true` if unspecified"
},
"ip_policy_ids": {
"type": "array",
"description": "list of all IP policies that will be used to check if a source IP is allowed access to the endpoint"
}
}
},
"match": {
"type": "string",
"description": "Route selector: \"/blog\" or \"example.com\" or \"example.com/blog\""
},
"match_type": {
"type": "string",
"description": "Type of match to use for this route. Valid values are \"exact_path\" and \"path_prefix\"."
},
"metadata": {
"type": "string",
"description": "arbitrary user-defined machine-readable data of this edge. Optional, max 4096 bytes."
},
"oauth": {
"type": "object",
"description": "The oauth value",
"properties": {
"enabled": {
"type": "boolean",
"description": "`true` if the module will be applied to traffic, `false` to disable. default `true` if unspecified"
},
"provider": {
"type": "object",
"description": "The provider value"
},
"options_passthrough": {
"type": "boolean",
"description": "Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS."
},
"cookie_prefix": {
"type": "string",
"description": "the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'"
},
"inactivity_timeout": {
"type": "integer",
"description": "Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate."
},
"maximum_duration": {
"type": "integer",
"description": "Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate."
},
"auth_check_interval": {
"type": "integer",
"description": "Integer number of seconds after which ngrok guarantees it will refresh user state from the identity provider and recheck whether the user is still authorized to access the endpoint. This is the preferred tunable to use to enforce a minimum amount of time after which a revoked user will no longer be able to access the resource."
}
}
},
"oidc": {
"type": "object",
"description": "The oidc value",
"properties": {
"enabled": {
"type": "boolean",
"description": "`true` if the module will be applied to traffic, `false` to disable. default `true` if unspecified"
},
"options_passthrough": {
"type": "boolean",
"description": "Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS."
},
"cookie_prefix": {
"type": "string",
"description": "the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'"
},
"inactivity_timeout": {
"type": "integer",
"description": "Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate."
},
"maximum_duration": {
"type": "integer",
"description": "Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate."
},
"issuer": {
"type": "string",
"description": "URL of the OIDC \"OpenID provider\". This is the base URL used for discovery."
},
"client_id": {
"type": "string",
"description": "The OIDC app's client ID and OIDC audience."
},
"client_secret": {
"type": "string",
"description": "The OIDC app's client secret."
},
"scopes": {
"type": "array",
"description": "The set of scopes to request from the OIDC identity provider."
}
}
},
"request_headers": {
"type": "object",
"description": "Request Headers",
"properties": {
"enabled": {
"type": "boolean",
"description": "`true` if the module will be applied to traffic, `false` to disable. default `true` if unspecified"
},
"add": {
"type": "object",
"description": "a map of header key to header value that will be injected into the HTTP Request before being sent to the upstream application server"
},
"remove": {
"type": "array",
"description": "a list of header names that will be removed from the HTTP Request before being sent to the upstream application server"
}
}
},
"response_headers": {
"type": "object",
"description": "Response Headers",
"properties": {
"enabled": {
"type": "boolean",
"description": "`true` if the module will be applied to traffic, `false` to disable. default `true` if unspecified"
},
"add": {
"type": "object",
"description": "a map of header key to header value that will be injected into the HTTP Response returned to the HTTP client"
},
"remove": {
"type": "array",
"description": "a list of header names that will be removed from the HTTP Response returned to the HTTP client"
}
}
},
"saml": {
"type": "object",
"description": "The saml value",
"properties": {
"enabled": {
"type": "boolean",
"description": "`true` if the module will be applied to traffic, `false` to disable. default `true` if unspecified"
},
"options_passthrough": {
"type": "boolean",
"description": "Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS."
},
"cookie_prefix": {
"type": "string",
"description": "the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'"
},
"inactivity_timeout": {
"type": "integer",
"description": "Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate."
},
"maximum_duration": {
"type": "integer",
"description": "Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate."
},
"idp_metadata": {
"type": "string",
"description": "The full XML IdP EntityDescriptor. Your IdP may provide this to you as a a file to download or as a URL."
},
"force_authn": {
"type": "boolean",
"description": "If true, indicates that whenever we redirect a user to the IdP for authentication that the IdP must prompt the user for authentication credentials even if the user already has a valid session with the IdP."
},
"allow_idp_initiated": {
"type": "boolean",
"description": "If true, the IdP may initiate a login directly (e.g. the user does not need to visit the endpoint first and then be redirected). The IdP should set the `RelayState` parameter to the target URL of the resource they want the user to be redirected to after the SAML login assertion has been processed."
},
"authorized_groups": {
"type": "array",
"description": "If present, only users who are a member of one of the listed groups may access the target endpoint."
},
"nameid_format": {
"type": "string",
"description": "Defines the name identifier format the SP expects the IdP to use in its assertions to identify subjects. If unspecified, a default value of `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent` will be used. A subset of the allowed values enumerated by the SAML specification are supported."
}
}
},
"traffic_policy": {
"type": "object",
"description": "Traffic Policy",
"properties": {
"enabled": {
"type": "boolean",
"description": "`true` if the module will be applied to traffic, `false` to disable. default `true` if unspecified"
},
"value": {
"type": "string",
"description": "the traffic policy that should be applied to the traffic on your endpoint."
}
}
},
"user_agent_filter": {
"type": "object",
"description": "User Agent Filter",
"properties": {
"enabled": {
"type": "boolean",
"description": "n/a"
},
"allow": {
"type": "array",
"description": "n/a"
},
"deny": {
"type": "array",
"description": "n/a"
}
}
},
"webhook_verification": {
"type": "object",
"description": "Webhook Verification",
"properties": {
"enabled": {
"type": "boolean",
"description": "`true` if the module will be applied to traffic, `false` to disable. default `true` if unspecified"
},
"provider": {
"type": "string",
"description": "a string indicating which webhook provider will be sending webhooks to this endpoint. Value must be one of the supported providers defined at https://ngrok.com/docs/cloud-edge/modules/webhook-verification"
},
"secret": {
"type": "string",
"description": "a string secret used to validate requests from the given provider. All providers except AWS SNS require a secret"
}
}
},
"websocket_tcp_converter": {
"type": "object",
"description": "Websocket Tcp Converter",
"properties": {
"enabled": {
"type": "boolean",
"description": "`true` if the module will be applied to traffic, `false` to disable. default `true` if unspecified"
}
}
}
},
"required": [
"PCID",
"edge_id",
"id"
]
}
