How to integrate Ngrok MCP with OpenAI Agents SDK

This guide walks you through connecting Ngrok to the OpenAI Agents SDK using the Composio tool router. By the end, you'll have a working Ngrok agent that can list all active tunnels and endpoints, show https edges currently configured, list all api keys for your account through natural language commands. This guide will help you understand how to give your OpenAI Agents SDK agent real control over a Ngrok account through Composio's Ngrok MCP server. Before we dive in, let's take a quick look at the key ideas and tools involved.

Get started for free Get a demo

Ngrok

Api Key

Ngrok is a tunneling service that exposes your local applications to the internet securely. It lets developers share, test, and receive webhooks without dealing with complex network configuration.

102 Tools

Managed auth

Connect Ngrok without auth hassles

We manage OAuth, API keys, token refresh, and scopes — you just build.

Try for free

Introduction

This guide will help you understand how to give your OpenAI Agents SDK agent real control over a Ngrok account through Composio's Ngrok MCP server.

Before we dive in, let's take a quick look at the key ideas and tools involved.

Also integrate Ngrok with

Claude Agent SDK Claude Code Claude Cowork Codex OpenClaw Hermes CLI Google ADK LangChain Vercel AI SDK Mastra AI LlamaIndex CrewAI

TL;DR

Here's what you'll learn:

Get and set up your OpenAI and Composio API keys
Install the necessary dependencies
Initialize Composio and create a Tool Router session for Ngrok
Configure an AI agent that can use Ngrok as a tool
Run a live chat session where you can ask the agent to perform Ngrok operations

What is OpenAI Agents SDK?

The OpenAI Agents SDK is a lightweight framework for building AI agents that can use tools and maintain conversation state. It provides a simple interface for creating agents with hosted MCP tool support.

Key features include:

Hosted MCP Tools: Connect to external services through hosted MCP endpoints
SQLite Sessions: Persist conversation history across interactions
Simple API: Clean interface with Agent, Runner, and tool configuration
Streaming Support: Real-time response streaming for interactive applications

What is the Ngrok MCP server, and what's possible with it?

The Ngrok MCP server is an implementation of the Model Context Protocol that connects your AI agent and assistants like Claude, Cursor, etc directly to your Ngrok account. It provides structured and secure access to your Ngrok tunnels and API keys, so your agent can perform actions like managing endpoints, listing tunnels, handling API keys, and auditing IP restrictions on your behalf.

Active tunnel and endpoint monitoring: Instantly list all active tunnels and endpoints in your Ngrok account, making it simple to track running services and public URLs.
API key management: Programmatically create, list, and delete API keys to securely manage who and what can access your Ngrok resources.
HTTPS edge configuration visibility: Retrieve a comprehensive list of all HTTPS edges to review and manage how Ngrok handles encrypted traffic.
IP restriction and policy auditing: List and inspect all IP restrictions and policy rules, helping you enforce access control and security best practices.
Detailed access audit trails: Fetch details about specific IP restrictions for security audits and compliance, ensuring you always know who can access your tunnels and APIs.

What is the Composio tool router, and how does it fit here?

What is Composio SDK?

Composio's Composio SDK helps agents find the right tools for a task at runtime. You can plug in multiple toolkits (like Gmail, HubSpot, and GitHub), and the agent will identify the relevant app and action to complete multi-step workflows. This can reduce token usage and improve the reliability of tool calls. Read more here: Getting started with Composio SDK

The tool router generates a secure MCP URL that your agents can access to perform actions.

How the Composio SDK works

The Composio SDK follows a three-phase workflow:

Discovery: Searches for tools matching your task and returns relevant toolkits with their details.
Authentication: Checks for active connections. If missing, creates an auth config and returns a connection URL via Auth Link.
Execution: Executes the action using the authenticated connection.

Step-by-step Guide

Step by step09 STEPS

Prerequisites

Before starting, make sure you have:

Composio API Key and OpenAI API Key
Primary know-how of OpenAI Agents SDK
A live Ngrok project
Some knowledge of Python or Typescript

Getting API Keys for OpenAI and Composio

OpenAI API Key

Go to the OpenAI dashboard and create an API key. You'll need credits to use the models, or you can connect to another model provider.
Keep the API key safe.

Composio API Key

Log in to the Composio dashboard.
Go to Settings and copy your API key.

Install dependencies

npm install @composio/openai-agents @openai/agents dotenv

Install the Composio SDK and the OpenAI Agents SDK.

Set up environment variables

bash

OPENAI_API_KEY=sk-...your-api-key
COMPOSIO_API_KEY=your-api-key
USER_ID=composio_user@gmail.com

Create a .env file and add your OpenAI and Composio API keys.

Import dependencies

import 'dotenv/config';
import { Composio } from '@composio/core';
import { OpenAIAgentsProvider } from '@composio/openai-agents';
import { Agent, hostedMcpTool, run, OpenAIConversationsSession } from '@openai/agents';
import * as readline from 'readline';

What's happening:

You're importing all necessary libraries.
The Composio and OpenAIAgentsProvider classes are imported to connect your OpenAI agent to Composio tools like Ngrok.

Set up the Composio instance

dotenv.config();

const composioApiKey = process.env.COMPOSIO_API_KEY;
const userId = process.env.USER_ID;

if (!composioApiKey) {
  throw new Error('COMPOSIO_API_KEY is not set. Create a .env file with COMPOSIO_API_KEY=your_key');
}
if (!userId) {
  throw new Error('USER_ID is not set');
}

// Initialize Composio
const composio = new Composio({
  apiKey: composioApiKey,
  provider: new OpenAIAgentsProvider(),
});

What's happening:

dotenv.config() loads your .env file so COMPOSIO_API_KEY and USER_ID are available as environment variables.
Creating a Composio instance using the API Key and OpenAIAgentsProvider class.

Create a Tool Router session

// Create Tool Router session for Ngrok
const session = await composio.create(userId as string, {
  toolkits: ['ngrok'],
});
const mcpUrl = session.mcp.url;

What is happening:

You give the Tool Router the user id and the toolkits you want available. Here, it is only ngrok.
The router checks the user's Ngrok connection and prepares the MCP endpoint.
The returned session.mcp.url is the MCP URL that your agent will use to access Ngrok.
This approach keeps things lightweight and lets the agent request Ngrok tools only when needed during the conversation.

Configure the agent

// Configure agent with MCP tool
const agent = new Agent({
  name: 'Assistant',
  model: 'gpt-5',
  instructions:
    'You are a helpful assistant that can access Ngrok. Help users perform Ngrok operations through natural language.',
  tools: [
    hostedMcpTool({
      serverLabel: 'tool_router',
      serverUrl: mcpUrl,
      headers: { 'x-api-key': composioApiKey },
      requireApproval: 'never',
    }),
  ],
});

What's happening:

We're creating an Agent instance with a name, model (gpt-5), and clear instructions about its purpose.
The agent's instructions tell it that it can access Ngrok and help with queries, inserts, updates, authentication, and fetching database information.
The tools array includes a hostedMcpTool that connects to the MCP server URL we created earlier.
The headers object includes the Composio API key for secure authentication with the MCP server.
requireApproval: 'never' means the agent can execute Ngrok operations without asking for permission each time, making interactions smoother.

Start chat loop and handle conversation

// Keep conversation state across turns
const conversationSession = new OpenAIConversationsSession();

// Simple CLI
const rl = readline.createInterface({
  input: process.stdin,
  output: process.stdout,
  prompt: 'You: ',
});

console.log('\nComposio Tool Router session created.');
console.log('\nChat started. Type your requests below.');
console.log("Commands: 'exit', 'quit', or 'q' to end\n");

try {
  const first = await run(agent, 'What can you help me with?', { session: conversationSession });
  console.log(`Assistant: ${first.finalOutput}\n`);
} catch (e) {
  console.error('Error:', e instanceof Error ? e.message : e, '\n');
}

rl.prompt();

rl.on('line', async (userInput) => {
  const text = userInput.trim();

  if (['exit', 'quit', 'q'].includes(text.toLowerCase())) {
    console.log('Goodbye!');
    rl.close();
    process.exit(0);
  }

  if (!text) {
    rl.prompt();
    return;
  }

  try {
    const result = await run(agent, text, { session: conversationSession });
    console.log(`\nAssistant: ${result.finalOutput}\n`);
  } catch (e) {
    console.error('Error:', e instanceof Error ? e.message : e, '\n');
  }

  rl.prompt();
});

rl.on('close', () => {
  console.log('\n👋 Session ended.');
  process.exit(0);
});

What's happening:

The program prints a session URL that you visit to authorize Ngrok.
After authorization, the chat begins.
Each message you type is processed by the agent using run().
The responses are printed to the console.
Typing exit, quit, or q cleanly ends the chat.

Complete Code

Here's the complete code to get you started with Ngrok and OpenAI Agents SDK:

import 'dotenv/config';
import { Composio } from '@composio/core';
import { OpenAIAgentsProvider } from '@composio/openai-agents';
import { Agent, hostedMcpTool, run, OpenAIConversationsSession } from '@openai/agents';
import * as readline from 'readline';

const composioApiKey = process.env.COMPOSIO_API_KEY;
const userId = process.env.USER_ID;

if (!composioApiKey) {
  throw new Error('COMPOSIO_API_KEY is not set. Create a .env file with COMPOSIO_API_KEY=your_key');
}
if (!userId) {
  throw new Error('USER_ID is not set');
}

// Initialize Composio
const composio = new Composio({
  apiKey: composioApiKey,
  provider: new OpenAIAgentsProvider(),
});

async function main() {
  // Create Tool Router session
  const session = await composio.create(userId as string, {
    toolkits: ['ngrok'],
  });
  const mcpUrl = session.mcp.url;

  // Configure agent with MCP tool
  const agent = new Agent({
    name: 'Assistant',
    model: 'gpt-5',
    instructions:
      'You are a helpful assistant that can access Ngrok. Help users perform Ngrok operations through natural language.',
    tools: [
      hostedMcpTool({
        serverLabel: 'tool_router',
        serverUrl: mcpUrl,
        headers: { 'x-api-key': composioApiKey },
        requireApproval: 'never',
      }),
    ],
  });

  // Keep conversation state across turns
  const conversationSession = new OpenAIConversationsSession();

  // Simple CLI
  const rl = readline.createInterface({
    input: process.stdin,
    output: process.stdout,
    prompt: 'You: ',
  });

  console.log('\nComposio Tool Router session created.');
  console.log('\nChat started. Type your requests below.');
  console.log("Commands: 'exit', 'quit', or 'q' to end\n");

  try {
    const first = await run(agent, 'What can you help me with?', { session: conversationSession });
    console.log(`Assistant: ${first.finalOutput}\n`);
  } catch (e) {
    console.error('Error:', e instanceof Error ? e.message : e, '\n');
  }

  rl.prompt();

  rl.on('line', async (userInput) => {
    const text = userInput.trim();

    if (['exit', 'quit', 'q'].includes(text.toLowerCase())) {
      console.log('Goodbye!');
      rl.close();
      process.exit(0);
    }

    if (!text) {
      rl.prompt();
      return;
    }

    try {
      const result = await run(agent, text, { session: conversationSession });
      console.log(`\nAssistant: ${result.finalOutput}\n`);
    } catch (e) {
      console.error('Error:', e instanceof Error ? e.message : e, '\n');
    }

    rl.prompt();
  });

  rl.on('close', () => {
    console.log('\nSession ended.');
    process.exit(0);
  });
}

main().catch((err) => {
  console.error('Fatal error:', err);
  process.exit(1);
});

Conclusion

This was a starter code for integrating Ngrok MCP with OpenAI Agents SDK to build a functional AI agent that can interact with Ngrok.

Key features:

Hosted MCP tool integration through Composio's Tool Router
SQLite session persistence for conversation history
Simple async chat loop for interactive testing

You can extend this by adding more toolkits, implementing custom business logic, or building a web interface around the agent.

TOOLS

Supported Tools

Every Ngrok action and event your agent gets out of the box.

Create API Key

Creates a new API key for authenticating with the ngrok API.

Create Tunnel Credential

Creates a new tunnel authtoken credential for authenticating ngrok agents.

Create Endpoint

Create a cloud endpoint on the ngrok account.

Create Event Source

Add a new event source to an event subscription.

Create Event Subscription

Creates a new event subscription in ngrok.

Create HTTPS Edge

Creates a new HTTPS edge in your ngrok account.

Create HTTPS Edge Route

Creates a new route on an HTTPS edge in ngrok.

Create SSH Credential

Creates a new SSH credential from an uploaded public SSH key.

Create Vault

Creates a new vault in your ngrok account.

Create Vault Secret

Tool to create a new secret in an ngrok vault for secure storage of sensitive data like API keys, passwords, or tokens.

Delete API Key

Delete an API key by its ID.

Delete Credentials

Delete a tunnel authtoken credential by ID.

Delete HTTPS Edge Route Circuit Breaker Module

Delete the Circuit Breaker module from an HTTPS Edge Route.

Delete Edge Route Compression Module

Delete the compression module from an HTTPS edge route.

Delete Edge Route Request Headers Module

Delete the request headers module from an HTTPS edge route.

Delete Edge Route Response Headers Module

Delete the response headers module from an HTTPS edge route.

Delete Edge Route SAML Module

Delete the SAML module configuration from an HTTPS edge route.

Delete Edge Route User Agent Filter Module

Delete the user agent filter module from an HTTPS edge route.

Delete Edge Route Webhook Verification Module

Delete the webhook verification module from an HTTPS edge route.

Delete Edge Route WebSocket TCP Converter Module

Delete the WebSocket TCP converter module from an HTTPS edge route.

Delete Endpoint

Delete an endpoint by ID.

Delete Event Source

Delete an event source from an event subscription.

Delete Event Subscription

Delete an event subscription by ID.

Delete HTTPS Edge

Delete an HTTPS edge by ID.

Delete HTTPS Edge Route

Delete an HTTPS edge route by ID.

Delete Reserved Domain Certificate

Detach the certificate attached to a reserved domain.

Delete Reserved Domain Certificate Management Policy

Detach the certificate management policy from a reserved domain.

Delete Secret

Delete a vault secret by ID.

Delete SSH Credentials

Delete an SSH credential by ID.

Delete Vault

Delete a vault by ID.

Get API Key

Get the details of an API key by ID.

Get Credentials

Tool to retrieve detailed information about a tunnel authtoken credential by ID.

Get Edge Route Backend Module

Retrieves the backend module configuration for an HTTPS edge route.

Get Edge Route Circuit Breaker Module

Tool to retrieve the circuit breaker module configuration for a specific HTTPS edge route.

Get Edge Route Compression Module

Retrieves the compression module configuration for a specific HTTPS edge route.

Get Edge Route IP Restriction Module

Retrieves the IP restriction module configuration for a specific HTTPS edge route.

Get Edge Route OIDC Module

Retrieves the OIDC (OpenID Connect) module configuration for a specific HTTPS edge route.

Get Edge Route Request Headers Module

Retrieves the request headers module configuration for a specific HTTPS edge route.

Get Edge Route Response Headers Module

Get the response headers module configuration for an HTTPS edge route.

Get Edge Route SAML Module

Retrieves the SAML authentication module configuration for a specific HTTPS edge route.

Get Edge Route Traffic Policy

Retrieves the Traffic Policy module configuration for a specific HTTPS edge route.

Get Edge Route User Agent Filter Module

Retrieves the user agent filter module configuration for a specific HTTPS edge route.

Get Edge Route Webhook Verification Module

Retrieves the webhook verification module configuration for an HTTPS edge route.

Get Edge Route WebSocket TCP Converter Module

Retrieves the WebSocket TCP Converter module configuration for a specific HTTPS edge route.

Get Endpoint

Get the status of an endpoint by ID.

Get Event Source

Get an event source by type for a specific event subscription.

Get HTTPS Edge

Get the details of an HTTPS edge by ID.

Get HTTPS Edge Mutual TLS Module

Retrieves the mutual TLS module configuration for an HTTPS edge.

Get HTTPS Edge Route

Retrieves detailed information about a specific HTTPS edge route by its ID.

Get IP Restriction Details

Retrieves detailed information about a specific IP restriction by its ID.

Get Reserved Domain

Get the details of a reserved domain by ID.

Get Secret

Tool to retrieve detailed information about a vault secret by ID.

Get Secrets by Vault

Tool to get all secrets in a vault by vault ID.

Get SSH Credentials

Tool to retrieve detailed information about an SSH credential by ID.

Get Vault

Get the details of a vault by ID.

List Agent Ingresses

List all Agent Ingresses owned by this account.

List API Keys

This tool lists all API keys owned by the user.

List Bot Users

Tool to list all bot users on this ngrok account.

List Certificate Authorities

List all certificate authorities on this account.

List Tunnel Credentials

List all tunnel authtoken credentials on the ngrok account.

List All Endpoints

List all active endpoints on the ngrok account.

List Event Destinations

List all Event Destinations on the ngrok account.

List Event Subscriptions

List all event subscriptions on the ngrok account.

List Event Subscription Sources

Tool to list the types for which this event subscription will trigger.

List Failover Backends

List all failover backends on this account.

List HTTP Response Backends

List all HTTP response backends on the account.

List HTTPS Edges

Lists all HTTPS Edges in your ngrok account.

List IP Policies

List all IP policies on this account.

List IP Policy Rules

This tool lists all IP policy rules associated with your ngrok account.

List IP Restrictions

Lists all IP restrictions configured on the ngrok account.

List Reserved Addresses

List all reserved addresses on this account.

List Reserved Domains

List all reserved domains on this account.

List Service Users

Tool to list all service users on this ngrok account.

List SSH Certificate Authorities

List all SSH Certificate Authorities on this account.

List SSH Credentials

List all SSH credentials on the ngrok account.

List SSH Host Certificates

List all SSH Host Certificates issued on this account.

List SSH User Certificates

List all SSH user certificates on the ngrok account.

List Static Backends

List all static backends on the account.

List TCP Edges

Lists all TCP Edges in your ngrok account.

List TLS Certificates

List all TLS certificates on the ngrok account.

List TLS Edges

Lists all TLS Edges in your ngrok account.

List Active Tunnels

List all active tunnels in the ngrok account.

List Tunnel Sessions

List all online tunnel sessions running on this account.

List Vaults

List all vaults owned by the ngrok account.

List Vault Secrets

List all vault secrets owned by the ngrok account.

List Weighted Backends

List all weighted backends on the ngrok account.

Replace Edge Route Circuit Breaker Module

Replaces the circuit breaker module configuration on an HTTPS edge route.

Replace Edge Route Compression Module

Replaces the compression module configuration for an HTTPS edge route.

Replace Edge Route Request Headers Module

Replaces the request headers module configuration for an HTTPS edge route.

Replace Edge Route Response Headers Module

Replaces the response headers module configuration for an HTTPS edge route.

Replace Edge Route Traffic Policy

Replaces the traffic policy module on an HTTPS edge route.

Replace Edge Route User Agent Filter Module

Replaces the user agent filter module configuration for an HTTPS edge route.

Replace Edge Route Webhook Verification Module

Replaces the webhook verification module configuration for an HTTPS edge route.

Update API Key

Updates attributes of an API key by ID.

Update Credentials

Tool to update attributes of a tunnel authtoken credential by ID.

Update Endpoint

Tool to update an Endpoint by ID, currently available only for cloud endpoints.

Update Event Subscription

Tool to update attributes of an event subscription by ID.

Update HTTPS Edge Route

Tool to update an HTTPS edge route by ID.

Update Reserved Domain

Tool to update the attributes of a reserved domain by ID.

Update Secret

Tool to update a vault secret by ID.

Update SSH Credential

Tool to update attributes of an SSH credential by ID.

Update Vault

Tool to update attributes of a vault by ID.

FRAMEWORKS

How to build Ngrok MCP Agent with another framework

Claude Agent SDK

Use Ngrok MCP with Claude Agent SDK

Claude Code

Use Ngrok MCP with Claude Code

Claude Cowork

Use Ngrok MCP with Claude Cowork

Codex

Use Ngrok MCP with Codex

OpenClaw

Use Ngrok MCP with OpenClaw

Hermes

Use Ngrok MCP with Hermes

CLI

Use Ngrok MCP with CLI

Google ADK

Use Ngrok MCP with Google ADK

LangChain

Use Ngrok MCP with LangChain

Vercel AI SDK

Use Ngrok MCP with Vercel AI SDK

Mastra AI

Use Ngrok MCP with Mastra AI

LlamaIndex

Use Ngrok MCP with LlamaIndex

CrewAI

Use Ngrok MCP with CrewAI

MORE TOOLKITS

Explore Other Toolkits

Toolkit marketplace

Supabase

Oauth2Api Key

Supabase is an open-source backend platform offering scalable Postgres databases, authentication, storage, and real-time APIs. It lets developers build modern apps without managing infrastructure.

Codeinterpreter

No Auth

Codeinterpreter is a Python-based coding environment with built-in data analysis and visualization. It lets you instantly run scripts, plot results, and prototype solutions inside supported platforms.

GitHub

Oauth2

GitHub is a code hosting platform for version control and collaborative software development. It streamlines project management, code review, and team workflows in one place.

Ably

Api Key

Ably is a real-time messaging platform for live chat and data sync in modern apps. It offers global scale and rock-solid reliability for seamless, instant experiences.

FAQ

Frequently asked questions

With a standalone Ngrok MCP server, the agents and LLMs can only access a fixed set of Ngrok tools tied to that server. However, with the Composio Tool Router, agents can dynamically load tools from Ngrok and many other apps based on the task at hand, all through a single MCP endpoint.

Yes, you can. OpenAI Agents SDK fully supports MCP integration. You get structured tool calling, message history handling, and model orchestration while Tool Router takes care of discovering and serving the right Ngrok tools.

Yes, absolutely. You can configure which Ngrok scopes and actions are allowed when connecting your account to Composio. You can also bring your own OAuth credentials or API configuration so you keep full control over what the agent can do.

All sensitive data such as tokens, keys, and configuration is fully encrypted at rest and in transit. Composio is SOC 2 Type 2 compliant and follows strict security practices so your Ngrok data and credentials are handled as safely as possible.

Start with Ngrok.It takes 30 seconds.

Managed auth, hosted MCP servers, and every Ngrok tool your agent needs.Free to start.

Start building

Customer stories

Teams ship real agents on Composio

GET STARTED FOR FREE BOOK A DEMO

Karan skipped his own birthday party to fix our critical issue. It was 10pm and he diverted his Waymo to help us instead. This really sets the bar — it shows the commitment you need when users rely on your software.

Harsha Gaddipati

Co-founder, Slashy

A lot of students tell us that the moment their connected tools start talking to each other inside Opennote feels almost magical. The agent just knows them, and it's immensely helped keep new users on the platform.

Abhi Arya

Co-founder, Opennote

We chose Composio over Pipedream because it delivered depth where it mattered — niche tools and tricky edge cases other platforms simply ignored. That gave us confidence to scale without compromising.

Nirman Dave

CEO, Zams

As a solo builder, shipping fast is life or death. The only way I can outcompete incumbents is by outmanoeuvring them. Getting bogged down managing agent auth would have been a death sentence.

Ryan Yu

Founder, Extra Thursday

Before Composio, adding tool integrations was slow and resource-intensive. Each one could take weeks of engineering time, and maintaining them meant constantly keeping up with API changes.

Tomisin Jenrola

Founder & CEO, SwarmZero

With hands-on help from their founder, we integrated Gmail and Google Drive in just 30 minutes. This level of personal support and commitment is exactly what startups should strive for.

Jerome Leclanche

Co-Founder, Ingram Technologies

How to integrate Ngrok MCP with OpenAI Agents SDK

Connect Ngrok without auth hassles

Introduction

Also integrate Ngrok with

TL;DR

What is OpenAI Agents SDK?

What is the Ngrok MCP server, and what's possible with it?

What is the Composio tool router, and how does it fit here?

What is Composio SDK?

How the Composio SDK works

Step-by-step Guide

Prerequisites

Getting API Keys for OpenAI and Composio

Install dependencies

Set up environment variables

Import dependencies

Set up the Composio instance

Create a Tool Router session

Configure the agent

Start chat loop and handle conversation

Complete Code

Conclusion

Supported Tools

How to build Ngrok MCP Agent with another framework

Claude Agent SDK

Claude Code

Claude Cowork

Codex

OpenClaw

Hermes

CLI

Google ADK

LangChain

Vercel AI SDK

Mastra AI

LlamaIndex

CrewAI

Explore Other Toolkits

Supabase

Codeinterpreter

GitHub

Ably

Frequently asked questions

What are the differences in Tool Router MCP and Ngrok MCP?+

Can I use Tool Router MCP with OpenAI Agents SDK?+

Can I manage the permissions and scopes for Ngrok while using Tool Router?+

How safe is my data with Composio Tool Router?+

Start with Ngrok.It takes 30 seconds.

Teams ship real agents on Composio