@ngrok/ngrok-api 0.1.0 → 0.7.0

package/src/{types.ts → datatypes.ts}

@@ -6,13 +6,13 @@ export interface Item {
 }
 
 export interface Paging {
-  before_id?: string;
+  beforeId?: string;
   limit?: string;
 }
 
 export interface Error {
-  error_code: string;
-  status_code: number;
+  errorCode: string;
+  statusCode: number;
   msg: string;
   details: Map<string, string>;
 }
@@ -30,12 +30,12 @@ export interface AbuseReport {
   /** URI of the abuse report API resource */
   uri: string;
   /** timestamp that the abuse report record was created in RFC 3339 format */
-  created_at: string;
+  createdAt: string;
   /** a list of URLs containing suspected abusive content */
   urls: Array<string>;
   /** arbitrary user-defined data about this abuse report. Optional, max 4096 bytes. */
   metadata: string;
-  /** Indicates whether ngrok has processed the abuse report. one of PENDING, PROCESSED, or PARTIALLY_PROCESSED */
+  /** Indicates whether ngrok has processed the abuse report. one of `PENDING`, `PROCESSED`, or `PARTIALLY_PROCESSED` */
   status: string;
   /** an array of hostname statuses related to the report */
   hostnames: Array<AbuseReportHostname>;
@@ -44,7 +44,7 @@ export interface AbuseReport {
 export interface AbuseReportHostname {
   /** the hostname ngrok has parsed out of one of the reported URLs in this abuse report */
   hostname: string;
-  /** indicates what action ngrok has taken against the hostname. one of PENDING, BANNED, UNBANNED, or IGNORE */
+  /** indicates what action ngrok has taken against the hostname. one of `PENDING`, `BANNED`, `UNBANNED`, or `IGNORE` */
   status: string;
 }
 
@@ -55,6 +55,51 @@ export interface AbuseReportCreate {
   metadata: string;
 }
 
+export interface AgentIngressCreate {
+  /** human-readable description of the use of this Agent Ingress. optional, max 255 bytes. */
+  description: string;
+  /** arbitrary user-defined machine-readable data of this Agent Ingress. optional, max 4096 bytes */
+  metadata: string;
+  /** the domain that you own to be used as the base domain name to generate regional agent ingress domains. */
+  domain: string;
+}
+
+export interface AgentIngressUpdate {
+  id: string;
+  /** human-readable description of the use of this Agent Ingress. optional, max 255 bytes. */
+  description?: string;
+  /** arbitrary user-defined machine-readable data of this Agent Ingress. optional, max 4096 bytes */
+  metadata?: string;
+}
+
+export interface AgentIngress {
+  /** unique Agent Ingress resource identifier */
+  id: string;
+  /** URI to the API resource of this Agent ingress */
+  uri: string;
+  /** human-readable description of the use of this Agent Ingress. optional, max 255 bytes. */
+  description: string;
+  /** arbitrary user-defined machine-readable data of this Agent Ingress. optional, max 4096 bytes */
+  metadata: string;
+  /** the domain that you own to be used as the base domain name to generate regional agent ingress domains. */
+  domain: string;
+  /** a list of target values to use as the values of NS records for the domain property these values will delegate control over the domain to ngrok */
+  nsTargets: Array<string>;
+  /** a list of regional agent ingress domains that are subdomains of the value of domain this value may increase over time as ngrok adds more regions */
+  regionDomains: Array<string>;
+  /** timestamp when the Agent Ingress was created, RFC 3339 format */
+  createdAt: string;
+}
+
+export interface AgentIngressList {
+  /** the list of Agent Ingresses owned by this account */
+  ingresses: Array<AgentIngress>;
+  /** URI of the Agent Ingress list API resource */
+  uri: string;
+  /** URI of the next page, or null if there is no next page */
+  nextPageUri?: string;
+}
+
 export interface APIKeyCreate {
   /** human-readable description of what uses the API key to authenticate. optional, max 255 bytes. */
   description: string;
@@ -80,8 +125,8 @@ export interface APIKey {
   /** arbitrary user-defined data of this API key. optional, max 4096 bytes */
   metadata: string;
   /** timestamp when the api key was created, RFC 3339 format */
-  created_at: string;
-  /** the bearer token that can be placed into the Authorization header to authenticate request to the ngrok API. This value is only available one time, on the API response from key creation. Otherwise it is null. */
+  createdAt: string;
+  /** the bearer token that can be placed into the Authorization header to authenticate request to the ngrok API. **This value is only available one time, on the API response from key creation. Otherwise it is null.** */
   token?: string;
 }
 
@@ -91,14 +136,16 @@ export interface APIKeyList {
   /** URI of the API keys list API resource */
   uri: string;
   /** URI of the next page, or null if there is no next page */
-  next_page_uri?: string;
+  nextPageUri?: string;
 }
 
-export interface PriorityBackend {
-  /** unique identifier for this Priority backend */
+export interface FailoverBackend {
+  /** unique identifier for this Failover backend */
   id: string;
+  /** URI of the FailoverBackend API resource */
+  uri: string;
   /** timestamp when the backend was created, RFC 3339 format */
-  created_at: string;
+  createdAt: string;
   /** human-readable description of this backend. Optional */
   description: string;
   /** arbitrary user-defined machine-readable data of this backend. Optional */
@@ -107,7 +154,7 @@ export interface PriorityBackend {
   backends: Array<string>;
 }
 
-export interface PriorityBackendCreate {
+export interface FailoverBackendCreate {
   /** human-readable description of this backend. Optional */
   description: string;
   /** arbitrary user-defined machine-readable data of this backend. Optional */
@@ -116,7 +163,7 @@ export interface PriorityBackendCreate {
   backends: Array<string>;
 }
 
-export interface PriorityBackendUpdate {
+export interface FailoverBackendUpdate {
   id: string;
   /** human-readable description of this backend. Optional */
   description?: string;
@@ -126,78 +173,81 @@ export interface PriorityBackendUpdate {
   backends: Array<string>;
 }
 
-export interface PriorityBackendList {
-  /** the list of all Priority backends on this account */
-  backends: Array<PriorityBackend>;
-  /** URI of the Priority backends list API resource */
+export interface FailoverBackendList {
+  /** the list of all Failover backends on this account */
+  backends: Array<FailoverBackend>;
+  /** URI of the Failover backends list API resource */
   uri: string;
   /** URI of the next page, or null if there is no next page */
-  next_page_uri?: string;
+  nextPageUri?: string;
 }
 
-export interface StaticBackend {
-  /** unique identifier for this static backend */
+export interface HTTPResponseBackend {
   id: string;
+  /** URI of the HTTPResponseBackend API resource */
+  uri: string;
   /** timestamp when the backend was created, RFC 3339 format */
-  created_at: string;
+  createdAt: string;
   /** human-readable description of this backend. Optional */
   description: string;
   /** arbitrary user-defined machine-readable data of this backend. Optional */
   metadata: string;
-  /** the address to forward to */
-  address: string;
-  /** tls configuration to use */
-  tls: StaticBackendTLS;
-}
-
-export interface StaticBackendTLS {
-  /** if tls is checked */
-  enabled: boolean;
+  /** body to return as fixed content */
+  body: string;
+  /** headers to return */
+  headers: Map<string, string>;
+  /** status code to return */
+  statusCode: number;
 }
 
-export interface StaticBackendCreate {
+export interface HTTPResponseBackendCreate {
   /** human-readable description of this backend. Optional */
   description: string;
   /** arbitrary user-defined machine-readable data of this backend. Optional */
   metadata: string;
-  /** the address to forward to */
-  address: string;
-  /** tls configuration to use */
-  tls: StaticBackendTLS;
+  /** body to return as fixed content */
+  body: string;
+  /** headers to return */
+  headers: Map<string, string>;
+  /** status code to return */
+  statusCode?: number;
 }
 
-export interface StaticBackendUpdate {
+export interface HTTPResponseBackendUpdate {
   id: string;
   /** human-readable description of this backend. Optional */
   description?: string;
   /** arbitrary user-defined machine-readable data of this backend. Optional */
   metadata?: string;
-  /** the address to forward to */
-  address: string;
-  /** tls configuration to use */
-  tls: StaticBackendTLS;
+  /** body to return as fixed content */
+  body?: string;
+  /** headers to return */
+  headers?: Map<string, string>;
+  /** status code to return */
+  statusCode?: number;
 }
 
-export interface StaticBackendList {
-  /** the list of all static backends on this account */
-  backends: Array<StaticBackend>;
-  /** URI of the static backends list API resource */
+export interface HTTPResponseBackendList {
+  backends: Array<HTTPResponseBackend>;
   uri: string;
-  /** URI of the next page, or null if there is no next page */
-  next_page_uri?: string;
+  nextPageUri?: string;
 }
 
 export interface TunnelGroupBackend {
   /** unique identifier for this TunnelGroup backend */
   id: string;
+  /** URI of the TunnelGroupBackend API resource */
+  uri: string;
   /** timestamp when the backend was created, RFC 3339 format */
-  created_at: string;
+  createdAt: string;
   /** human-readable description of this backend. Optional */
   description: string;
   /** arbitrary user-defined machine-readable data of this backend. Optional */
   metadata: string;
   /** labels to watch for tunnels on, e.g. app->foo, dc->bar */
   labels: Map<string, string>;
+  /** tunnels matching this backend */
+  tunnels: Array<Ref>;
 }
 
 export interface TunnelGroupBackendCreate {
@@ -225,14 +275,16 @@ export interface TunnelGroupBackendList {
   /** URI of the TunnelGroup backends list API resource */
   uri: string;
   /** URI of the next page, or null if there is no next page */
-  next_page_uri?: string;
+  nextPageUri?: string;
 }
 
 export interface WeightedBackend {
   /** unique identifier for this Weighted backend */
   id: string;
+  /** URI of the WeightedBackend API resource */
+  uri: string;
   /** timestamp when the backend was created, RFC 3339 format */
-  created_at: string;
+  createdAt: string;
   /** human-readable description of this backend. Optional */
   description: string;
   /** arbitrary user-defined machine-readable data of this backend. Optional */
@@ -266,7 +318,7 @@ export interface WeightedBackendList {
   /** URI of the Weighted backends list API resource */
   uri: string;
   /** URI of the next page, or null if there is no next page */
-  next_page_uri?: string;
+  nextPageUri?: string;
 }
 
 export interface CertificateAuthorityCreate {
@@ -275,7 +327,7 @@ export interface CertificateAuthorityCreate {
   /** arbitrary user-defined machine-readable data of this Certificate Authority. optional, max 4096 bytes. */
   metadata: string;
   /** raw PEM of the Certificate Authority */
-  ca_pem: string;
+  caPem: string;
 }
 
 export interface CertificateAuthorityUpdate {
@@ -292,32 +344,32 @@ export interface CertificateAuthority {
   /** URI of the Certificate Authority API resource */
   uri: string;
   /** timestamp when the Certificate Authority was created, RFC 3339 format */
-  created_at: string;
+  createdAt: string;
   /** human-readable description of this Certificate Authority. optional, max 255 bytes. */
   description: string;
   /** arbitrary user-defined machine-readable data of this Certificate Authority. optional, max 4096 bytes. */
   metadata: string;
   /** raw PEM of the Certificate Authority */
-  ca_pem: string;
+  caPem: string;
   /** subject common name of the Certificate Authority */
-  subject_common_name: string;
+  subjectCommonName: string;
   /** timestamp when this Certificate Authority becomes valid, RFC 3339 format */
-  not_before: string;
+  notBefore: string;
   /** timestamp when this Certificate Authority becomes invalid, RFC 3339 format */
-  not_after: string;
+  notAfter: string;
   /** set of actions the private key of this Certificate Authority can be used for */
-  key_usages: Array<string>;
+  keyUsages: Array<string>;
   /** extended set of actions the private key of this Certificate Authority can be used for */
-  extended_key_usages: Array<string>;
+  extendedKeyUsages: Array<string>;
 }
 
 export interface CertificateAuthorityList {
   /** the list of all certificate authorities on this account */
-  certificate_authorities: Array<CertificateAuthority>;
+  certificateAuthorities: Array<CertificateAuthority>;
   /** URI of the certificates authorities list API resource */
   uri: string;
   /** URI of the next page, or null if there is no next page */
-  next_page_uri?: string;
+  nextPageUri?: string;
 }
 
 export interface CredentialCreate {
@@ -325,7 +377,7 @@ export interface CredentialCreate {
   description: string;
   /** arbitrary user-defined machine-readable data of this credential. Optional, max 4096 bytes. */
   metadata: string;
-  /** optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the bind rule. The bind rule allows the caller to restrict what domains and addresses the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule bind:example.ngrok.io. Bind rules may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of bind:*.example.com which will allow x.example.com, y.example.com, *.example.com, etc. A rule of '*' is equivalent to no acl at all and will explicitly permit all actions. */
+  /** optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the `bind` rule. The `bind` rule allows the caller to restrict what domains and addresses the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule `bind:example.ngrok.io`. Bind rules may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of `bind:*.example.com` which will allow `x.example.com`, `y.example.com`, `*.example.com`, etc. A rule of `'*'` is equivalent to no acl at all and will explicitly permit all actions. */
   acl: Array<string>;
 }
 
@@ -335,7 +387,7 @@ export interface CredentialUpdate {
   description?: string;
   /** arbitrary user-defined machine-readable data of this credential. Optional, max 4096 bytes. */
   metadata?: string;
-  /** optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the bind rule. The bind rule allows the caller to restrict what domains and addresses the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule bind:example.ngrok.io. Bind rules may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of bind:*.example.com which will allow x.example.com, y.example.com, *.example.com, etc. A rule of '*' is equivalent to no acl at all and will explicitly permit all actions. */
+  /** optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the `bind` rule. The `bind` rule allows the caller to restrict what domains and addresses the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule `bind:example.ngrok.io`. Bind rules may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of `bind:*.example.com` which will allow `x.example.com`, `y.example.com`, `*.example.com`, etc. A rule of `'*'` is equivalent to no acl at all and will explicitly permit all actions. */
   acl?: Array<string>;
 }
 
@@ -345,14 +397,14 @@ export interface Credential {
   /** URI of the tunnel credential API resource */
   uri: string;
   /** timestamp when the tunnel credential was created, RFC 3339 format */
-  created_at: string;
+  createdAt: string;
   /** human-readable description of who or what will use the credential to authenticate. Optional, max 255 bytes. */
   description: string;
   /** arbitrary user-defined machine-readable data of this credential. Optional, max 4096 bytes. */
   metadata: string;
-  /** the credential's authtoken that can be used to authenticate an ngrok client. This value is only available one time, on the API response from credential creation, otherwise it is null. */
+  /** the credential's authtoken that can be used to authenticate an ngrok client. **This value is only available one time, on the API response from credential creation, otherwise it is null.** */
   token?: string;
-  /** optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the bind rule. The bind rule allows the caller to restrict what domains and addresses the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule bind:example.ngrok.io. Bind rules may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of bind:*.example.com which will allow x.example.com, y.example.com, *.example.com, etc. A rule of '*' is equivalent to no acl at all and will explicitly permit all actions. */
+  /** optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the `bind` rule. The `bind` rule allows the caller to restrict what domains and addresses the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule `bind:example.ngrok.io`. Bind rules may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of `bind:*.example.com` which will allow `x.example.com`, `y.example.com`, `*.example.com`, etc. A rule of `'*'` is equivalent to no acl at all and will explicitly permit all actions. */
   acl: Array<string>;
 }
 
@@ -362,178 +414,55 @@ export interface CredentialList {
   /** URI of the tunnel credential list API resource */
   uri: string;
   /** URI of the next page, or null if there is no next page */
-  next_page_uri?: string;
-}
-
-export interface EndpointConfiguration {
-  /** unique identifier of this endpoint configuration */
-  id: string;
-  /** they type of traffic this endpoint configuration can be applied to. one of: http, https, tcp */
-  type: string;
-  /** human-readable description of what this endpoint configuration will be do when applied or what traffic it will be applied to. Optional, max 255 bytes */
-  description: string;
-  /** arbitrary user-defined machine-readable data of this endpoint configuration. Optional, max 4096 bytes. */
-  metadata: string;
-  /** timestamp when the endpoint configuration was created, RFC 3339 format */
-  created_at: string;
-  /** URI of the endpoint configuration API resource */
-  uri: string;
-  /** circuit breaker module configuration or null */
-  circuit_breaker?: EndpointCircuitBreaker;
-  /** compression module configuration or null */
-  compression?: EndpointCompression;
-  /** request headers module configuration or null */
-  request_headers?: EndpointRequestHeaders;
-  /** response headers module configuration or null */
-  response_headers?: EndpointResponseHeaders;
-  /** ip policy module configuration or null */
-  ip_policy?: EndpointIPPolicy;
-  /** mutual TLS module configuration or null */
-  mutual_tls?: EndpointMutualTLS;
-  /** TLS termination module configuration or null */
-  tls_termination?: EndpointTLSTermination;
-  /** webhook validation module configuration or null */
-  webhook_validation?: EndpointWebhookValidation;
-  /** oauth module configuration or null */
-  oauth?: EndpointOAuth;
-  /** logging module configuration or null */
-  logging?: EndpointLogging;
-  /** saml module configuration or null */
-  saml?: EndpointSAML;
-  /** oidc module configuration or null */
-  oidc?: EndpointOIDC;
-}
-
-export interface EndpointConfigurationList {
-  /** the list of all endpoint configurations on this account */
-  endpoint_configurations: Array<EndpointConfiguration>;
-  /** URI of the endpoint configurations list API resource */
-  uri: string;
-  /** URI of the next page, or null if there is no next page */
-  next_page_uri?: string;
-}
-
-export interface EndpointConfigurationUpdate {
-  /** unique identifier of this endpoint configuration */
-  id: string;
-  /** human-readable description of what this endpoint configuration will be do when applied or what traffic it will be applied to. Optional, max 255 bytes */
-  description?: string;
-  /** arbitrary user-defined machine-readable data of this endpoint configuration. Optional, max 4096 bytes. */
-  metadata?: string;
-  /** circuit breaker module configuration or null */
-  circuit_breaker?: EndpointCircuitBreaker;
-  /** compression module configuration or null */
-  compression?: EndpointCompression;
-  /** request headers module configuration or null */
-  request_headers?: EndpointRequestHeaders;
-  /** response headers module configuration or null */
-  response_headers?: EndpointResponseHeaders;
-  /** ip policy module configuration or null */
-  ip_policy?: EndpointIPPolicyMutate;
-  /** mutual TLS module configuration or null */
-  mutual_tls?: EndpointMutualTLSMutate;
-  /** TLS termination module configuration or null */
-  tls_termination?: EndpointTLSTermination;
-  /** webhook validation module configuration or null */
-  webhook_validation?: EndpointWebhookValidation;
-  /** oauth module configuration or null */
-  oauth?: EndpointOAuth;
-  /** logging module configuration or null */
-  logging?: EndpointLoggingMutate;
-  /** saml module configuration or null */
-  saml?: EndpointSAMLMutate;
-  /** oidc module configuration or null */
-  oidc?: EndpointOIDC;
-}
-
-export interface EndpointConfigurationCreate {
-  /** they type of traffic this endpoint configuration can be applied to. one of: http, https, tcp */
-  type: string;
-  /** human-readable description of what this endpoint configuration will be do when applied or what traffic it will be applied to. Optional, max 255 bytes */
-  description: string;
-  /** arbitrary user-defined machine-readable data of this endpoint configuration. Optional, max 4096 bytes. */
-  metadata: string;
-  /** circuit breaker module configuration or null */
-  circuit_breaker?: EndpointCircuitBreaker;
-  /** compression module configuration or null */
-  compression?: EndpointCompression;
-  /** request headers module configuration or null */
-  request_headers?: EndpointRequestHeaders;
-  /** response headers module configuration or null */
-  response_headers?: EndpointResponseHeaders;
-  /** ip policy module configuration or null */
-  ip_policy?: EndpointIPPolicyMutate;
-  /** mutual TLS module configuration or null */
-  mutual_tls?: EndpointMutualTLSMutate;
-  /** TLS termination module configuration or null */
-  tls_termination?: EndpointTLSTermination;
-  /** webhook validation module configuration or null */
-  webhook_validation?: EndpointWebhookValidation;
-  /** oauth module configuration or null */
-  oauth?: EndpointOAuth;
-  /** logging module configuration or null */
-  logging?: EndpointLoggingMutate;
-  /** saml module configuration or null */
-  saml?: EndpointSAMLMutate;
-  /** oidc module configuration or null */
-  oidc?: EndpointOIDC;
+  nextPageUri?: string;
 }
 
 export interface EndpointWebhookValidation {
-  /** true if the module will be applied to traffic, false to disable. default true if unspecified */
+  /** `true` if the module will be applied to traffic, `false` to disable. default `true` if unspecified */
   enabled?: boolean;
-  /** a string indicating which webhook provider will be sending webhooks to this endpoint. Value must be one of the supported providers: SLACK, SNS, STRIPE, GITHUB, TWILIO, SHOPIFY, GITLAB, INTERCOM. */
+  /** a string indicating which webhook provider will be sending webhooks to this endpoint. Value must be one of the supported providers: `SLACK`, `SNS`, `STRIPE`, `GITHUB`, `TWILIO`, `SHOPIFY`, `GITLAB`, `INTERCOM`, `SENDGRID`, `XERO`, `PAGERDUTY`. */
   provider: string;
   /** a string secret used to validate requests from the given provider. All providers except AWS SNS require a secret */
   secret: string;
 }
 
 export interface EndpointCompression {
-  /** true if the module will be applied to traffic, false to disable. default true if unspecified */
+  /** `true` if the module will be applied to traffic, `false` to disable. default `true` if unspecified */
   enabled?: boolean;
 }
 
 export interface EndpointMutualTLS {
-  /** true if the module will be applied to traffic, false to disable. default true if unspecified */
+  /** `true` if the module will be applied to traffic, `false` to disable. default `true` if unspecified */
   enabled?: boolean;
   /** PEM-encoded CA certificates that will be used to validate. Multiple CAs may be provided by concatenating them together. */
-  certificate_authorities: Array<Ref>;
+  certificateAuthorities: Array<Ref>;
 }
 
 export interface EndpointMutualTLSMutate {
-  /** true if the module will be applied to traffic, false to disable. default true if unspecified */
+  /** `true` if the module will be applied to traffic, `false` to disable. default `true` if unspecified */
   enabled?: boolean;
   /** list of certificate authorities that will be used to validate the TLS client certificate presnted by the initiatiator of the TLS connection */
-  certificate_authority_ids: Array<string>;
+  certificateAuthorityIds: Array<string>;
 }
 
 export interface EndpointTLSTermination {
-  /** true if the module will be applied to traffic, false to disable. default true if unspecified */
+  /** `true` if the module will be applied to traffic, `false` to disable. default `true` if unspecified */
   enabled?: boolean;
-  /** edge if the ngrok edge should terminate TLS traffic, upstream if TLS traffic should be passed through to the upstream ngrok agent / application server for termination. if upstream is chosen, most other modules will be disallowed because they rely on the ngrok edge being able to access the underlying traffic. */
-  terminate_at: string;
-  /** The minimum TLS version used for termination and advertised to the client during the TLS handshake. if unspecified, ngrok will choose an industry-safe default. This value must be null if terminate_at is set to upstream. */
-  min_version?: string;
+  /** `edge` if the ngrok edge should terminate TLS traffic, `upstream` if TLS traffic should be passed through to the upstream ngrok agent / application server for termination. if `upstream` is chosen, most other modules will be disallowed because they rely on the ngrok edge being able to access the underlying traffic. */
+  terminateAt: string;
+  /** The minimum TLS version used for termination and advertised to the client during the TLS handshake. if unspecified, ngrok will choose an industry-safe default. This value must be null if `terminate_at` is set to `upstream`. */
+  minVersion?: string;
 }
 
-export interface EndpointBasicAuth {}
-
-export interface EndpointLogging {
-  /** true if the module will be applied to traffic, false to disable. default true if unspecified */
+export interface EndpointTLSTerminationAtEdge {
+  /** `true` if the module will be applied to traffic, `false` to disable. default `true` if unspecified */
   enabled?: boolean;
-  /** list of all EventStreams that will be used to configure and export this endpoint's logs */
-  event_streams: Array<Ref>;
-}
-
-export interface EndpointLoggingMutate {
-  /** true if the module will be applied to traffic, false to disable. default true if unspecified */
-  enabled?: boolean;
-  /** list of all EventStreams that will be used to configure and export this endpoint's logs */
-  event_stream_ids: Array<string>;
+  /** The minimum TLS version used for termination and advertised to the client during the TLS handshake. if unspecified, ngrok will choose an industry-safe default. This value must be null if `terminate_at` is set to `upstream`. */
+  minVersion?: string;
 }
 
 export interface EndpointRequestHeaders {
-  /** true if the module will be applied to traffic, false to disable. default true if unspecified */
+  /** `true` if the module will be applied to traffic, `false` to disable. default `true` if unspecified */
   enabled?: boolean;
   /** a map of header key to header value that will be injected into the HTTP Request before being sent to the upstream application server */
   add: Map<string, string>;
@@ -542,7 +471,7 @@ export interface EndpointRequestHeaders {
 }
 
 export interface EndpointResponseHeaders {
-  /** true if the module will be applied to traffic, false to disable. default true if unspecified */
+  /** `true` if the module will be applied to traffic, `false` to disable. default `true` if unspecified */
   enabled?: boolean;
   /** a map of header key to header value that will be injected into the HTTP Response returned to the HTTP client */
   add: Map<string, string>;
@@ -551,48 +480,48 @@ export interface EndpointResponseHeaders {
 }
 
 export interface EndpointIPPolicy {
-  /** true if the module will be applied to traffic, false to disable. default true if unspecified */
+  /** `true` if the module will be applied to traffic, `false` to disable. default `true` if unspecified */
   enabled?: boolean;
-  ip_policies: Array<Ref>;
+  ipPolicies: Array<Ref>;
 }
 
 export interface EndpointIPPolicyMutate {
-  /** true if the module will be applied to traffic, false to disable. default true if unspecified */
+  /** `true` if the module will be applied to traffic, `false` to disable. default `true` if unspecified */
   enabled?: boolean;
   /** list of all IP policies that will be used to check if a source IP is allowed access to the endpoint */
-  ip_policy_ids: Array<string>;
+  ipPolicyIds: Array<string>;
 }
 
 export interface EndpointCircuitBreaker {
-  /** true if the module will be applied to traffic, false to disable. default true if unspecified */
+  /** `true` if the module will be applied to traffic, `false` to disable. default `true` if unspecified */
   enabled?: boolean;
   /** Integer number of seconds after which the circuit is tripped to wait before re-evaluating upstream health */
-  tripped_duration: number;
+  trippedDuration: number;
   /** Integer number of seconds in the statistical rolling window that metrics are retained for. */
-  rolling_window: number;
+  rollingWindow: number;
   /** Integer number of buckets into which metrics are retained. Max 128. */
-  num_buckets: number;
+  numBuckets: number;
   /** Integer number of requests in a rolling window that will trip the circuit. Helpful if traffic volume is low. */
-  volume_threshold: number;
+  volumeThreshold: number;
   /** Error threshold percentage should be between 0 - 1.0, not 0-100.0 */
-  error_threshold_percentage: number;
+  errorThresholdPercentage: number;
 }
 
 export interface EndpointOAuth {
-  /** true if the module will be applied to traffic, false to disable. default true if unspecified */
+  /** `true` if the module will be applied to traffic, `false` to disable. default `true` if unspecified */
   enabled?: boolean;
   /** an object which defines the identity provider to use for authentication and configuration for who may access the endpoint */
   provider: EndpointOAuthProvider;
   /** Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS. */
-  options_passthrough: boolean;
+  optionsPassthrough: boolean;
   /** the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.' */
-  cookie_prefix: string;
+  cookiePrefix: string;
   /** Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate. */
-  inactivity_timeout: number;
+  inactivityTimeout: number;
   /** Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate. */
-  maximum_duration: number;
+  maximumDuration: number;
   /** Integer number of seconds after which ngrok guarantees it will refresh user state from the identity provider and recheck whether the user is still authorized to access the endpoint. This is the preferred tunable to use to enforce a minimum amount of time after which a revoked user will no longer be able to access the resource. */
-  auth_check_interval: number;
+  authCheckInterval: number;
 }
 
 export interface EndpointOAuthProvider {
@@ -608,16 +537,16 @@ export interface EndpointOAuthProvider {
 
 export interface EndpointOAuthGitHub {
   /** the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well. */
-  client_id?: string;
-  /** the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id. */
-  client_secret?: string;
-  /** a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes) */
+  clientId?: string;
+  /** the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for `client_id`. */
+  clientSecret?: string;
+  /** a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both `client_id` and `client_secret` to set scopes) */
   scopes: Array<string>;
   /** a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint */
-  email_addresses: Array<string>;
+  emailAddresses: Array<string>;
   /** a list of email domains of users authenticated by identity provider who are allowed access to the endpoint */
-  email_domains: Array<string>;
-  /** a list of github teams identifiers. users will be allowed access to the endpoint if they are a member of any of these teams. identifiers should be in the 'slug' format qualified with the org name, e.g. org-name/team-name */
+  emailDomains: Array<string>;
+  /** a list of github teams identifiers. users will be allowed access to the endpoint if they are a member of any of these teams. identifiers should be in the 'slug' format qualified with the org name, e.g. `org-name/team-name` */
   teams: Array<string>;
   /** a list of github org identifiers. users who are members of any of the listed organizations will be allowed access. identifiers should be the organization's 'slug' */
   organizations: Array<string>;
@@ -625,257 +554,553 @@ export interface EndpointOAuthGitHub {
 
 export interface EndpointOAuthFacebook {
   /** the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well. */
-  client_id?: string;
-  /** the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id. */
-  client_secret?: string;
-  /** a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes) */
+  clientId?: string;
+  /** the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for `client_id`. */
+  clientSecret?: string;
+  /** a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both `client_id` and `client_secret` to set scopes) */
   scopes: Array<string>;
   /** a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint */
-  email_addresses: Array<string>;
+  emailAddresses: Array<string>;
   /** a list of email domains of users authenticated by identity provider who are allowed access to the endpoint */
-  email_domains: Array<string>;
+  emailDomains: Array<string>;
 }
 
 export interface EndpointOAuthMicrosoft {
   /** the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well. */
-  client_id?: string;
-  /** the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id. */
-  client_secret?: string;
-  /** a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes) */
+  clientId?: string;
+  /** the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for `client_id`. */
+  clientSecret?: string;
+  /** a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both `client_id` and `client_secret` to set scopes) */
   scopes: Array<string>;
   /** a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint */
-  email_addresses: Array<string>;
+  emailAddresses: Array<string>;
   /** a list of email domains of users authenticated by identity provider who are allowed access to the endpoint */
-  email_domains: Array<string>;
+  emailDomains: Array<string>;
 }
 
 export interface EndpointOAuthGoogle {
   /** the OAuth app client ID. retrieve it from the identity provider's dashboard where you created your own OAuth app. optional. if unspecified, ngrok will use its own managed oauth application which has additional restrictions. see the OAuth module docs for more details. if present, client_secret must be present as well. */
-  client_id?: string;
-  /** the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for client_id. */
-  client_secret?: string;
-  /** a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both client_id and client_secret to set scopes) */
+  clientId?: string;
+  /** the OAuth app client secret. retrieve if from the identity provider's dashboard where you created your own OAuth app. optional, see all of the caveats in the docs for `client_id`. */
+  clientSecret?: string;
+  /** a list of provider-specific OAuth scopes with the permissions your OAuth app would like to ask for. these may not be set if you are using the ngrok-managed oauth app (i.e. you must pass both `client_id` and `client_secret` to set scopes) */
   scopes: Array<string>;
   /** a list of email addresses of users authenticated by identity provider who are allowed access to the endpoint */
-  email_addresses: Array<string>;
+  emailAddresses: Array<string>;
   /** a list of email domains of users authenticated by identity provider who are allowed access to the endpoint */
-  email_domains: Array<string>;
+  emailDomains: Array<string>;
 }
 
 export interface EndpointSAML {
-  /** true if the module will be applied to traffic, false to disable. default true if unspecified */
+  /** `true` if the module will be applied to traffic, `false` to disable. default `true` if unspecified */
   enabled?: boolean;
   /** Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS. */
-  options_passthrough: boolean;
+  optionsPassthrough: boolean;
   /** the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.' */
-  cookie_prefix: string;
+  cookiePrefix: string;
   /** Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate. */
-  inactivity_timeout: number;
+  inactivityTimeout: number;
   /** Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate. */
-  maximum_duration: number;
+  maximumDuration: number;
   /** The full XML IdP EntityDescriptor. Your IdP may provide this to you as a a file to download or as a URL. */
-  idp_metadata: string;
+  idpMetadata: string;
   /** If true, indicates that whenever we redirect a user to the IdP for authentication that the IdP must prompt the user for authentication credentials even if the user already has a valid session with the IdP. */
-  force_authn: boolean;
-  /** If true, the IdP may initiate a login directly (e.g. the user does not need to visit the endpoint first and then be redirected). The IdP should set the RelayState parameter to the target URL of the resource they want the user to be redirected to after the SAML login assertion has been processed. */
-  allow_idp_initiated?: boolean;
+  forceAuthn: boolean;
+  /** If true, the IdP may initiate a login directly (e.g. the user does not need to visit the endpoint first and then be redirected). The IdP should set the `RelayState` parameter to the target URL of the resource they want the user to be redirected to after the SAML login assertion has been processed. */
+  allowIdpInitiated?: boolean;
   /** If present, only users who are a member of one of the listed groups may access the target endpoint. */
-  authorized_groups: Array<string>;
+  authorizedGroups: Array<string>;
   /** The SP Entity's unique ID. This always takes the form of a URL. In ngrok's implementation, this URL is the same as the metadata URL. This will need to be specified to the IdP as configuration. */
-  entity_id: string;
+  entityId: string;
   /** The public URL of the SP's Assertion Consumer Service. This is where the IdP will redirect to during an authentication flow. This will need to be specified to the IdP as configuration. */
-  assertion_consumer_service_url: string;
+  assertionConsumerServiceUrl: string;
   /** The public URL of the SP's Single Logout Service. This is where the IdP will redirect to during a single logout flow. This will optionally need to be specified to the IdP as configuration. */
-  single_logout_url: string;
+  singleLogoutUrl: string;
   /** PEM-encoded x.509 certificate of the key pair that is used to sign all SAML requests that the ngrok SP makes to the IdP. Many IdPs do not support request signing verification, but we highly recommend specifying this in the IdP's configuration if it is supported. */
-  request_signing_certificate_pem: string;
+  requestSigningCertificatePem: string;
   /** A public URL where the SP's metadata is hosted. If an IdP supports dynamic configuration, this is the URL it can use to retrieve the SP metadata. */
-  metadata_url: string;
+  metadataUrl: string;
+  /** Defines the name identifier format the SP expects the IdP to use in its assertions to identify subjects. If unspecified, a default value of `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent` will be used. A subset of the allowed values enumerated by the SAML specification are supported. */
+  nameidFormat: string;
 }
 
 export interface EndpointSAMLMutate {
-  /** true if the module will be applied to traffic, false to disable. default true if unspecified */
+  /** `true` if the module will be applied to traffic, `false` to disable. default `true` if unspecified */
   enabled?: boolean;
   /** Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS. */
-  options_passthrough: boolean;
+  optionsPassthrough: boolean;
   /** the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.' */
-  cookie_prefix: string;
+  cookiePrefix: string;
   /** Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate. */
-  inactivity_timeout: number;
+  inactivityTimeout: number;
   /** Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate. */
-  maximum_duration: number;
+  maximumDuration: number;
   /** The full XML IdP EntityDescriptor. Your IdP may provide this to you as a a file to download or as a URL. */
-  idp_metadata: string;
+  idpMetadata: string;
   /** If true, indicates that whenever we redirect a user to the IdP for authentication that the IdP must prompt the user for authentication credentials even if the user already has a valid session with the IdP. */
-  force_authn: boolean;
-  /** If true, the IdP may initiate a login directly (e.g. the user does not need to visit the endpoint first and then be redirected). The IdP should set the RelayState parameter to the target URL of the resource they want the user to be redirected to after the SAML login assertion has been processed. */
-  allow_idp_initiated?: boolean;
+  forceAuthn: boolean;
+  /** If true, the IdP may initiate a login directly (e.g. the user does not need to visit the endpoint first and then be redirected). The IdP should set the `RelayState` parameter to the target URL of the resource they want the user to be redirected to after the SAML login assertion has been processed. */
+  allowIdpInitiated?: boolean;
   /** If present, only users who are a member of one of the listed groups may access the target endpoint. */
-  authorized_groups: Array<string>;
+  authorizedGroups: Array<string>;
+  /** Defines the name identifier format the SP expects the IdP to use in its assertions to identify subjects. If unspecified, a default value of `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent` will be used. A subset of the allowed values enumerated by the SAML specification are supported. */
+  nameidFormat: string;
 }
 
 export interface EndpointOIDC {
-  /** true if the module will be applied to traffic, false to disable. default true if unspecified */
+  /** `true` if the module will be applied to traffic, `false` to disable. default `true` if unspecified */
   enabled?: boolean;
   /** Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS. */
-  options_passthrough: boolean;
+  optionsPassthrough: boolean;
   /** the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.' */
-  cookie_prefix: string;
+  cookiePrefix: string;
   /** Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate. */
-  inactivity_timeout: number;
+  inactivityTimeout: number;
   /** Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate. */
-  maximum_duration: number;
+  maximumDuration: number;
   /** URL of the OIDC "OpenID provider". This is the base URL used for discovery. */
   issuer: string;
   /** The OIDC app's client ID and OIDC audience. */
-  client_id: string;
+  clientId: string;
   /** The OIDC app's client secret. */
-  client_secret: string;
+  clientSecret: string;
   /** The set of scopes to request from the OIDC identity provider. */
   scopes: Array<string>;
 }
 
 export interface EndpointBackend {
-  /** true if the module will be applied to traffic, false to disable. default true if unspecified */
+  /** `true` if the module will be applied to traffic, `false` to disable. default `true` if unspecified */
   enabled?: boolean;
   /** backend to be used to back this endpoint */
   backend: Ref;
 }
 
-export interface EndpointBackendMutate {}
+export interface EndpointBackendMutate {
+  /** `true` if the module will be applied to traffic, `false` to disable. default `true` if unspecified */
+  enabled?: boolean;
+  /** backend to be used to back this endpoint */
+  backendId: string;
+}
+
+export interface EndpointWebsocketTCPConverter {
+  /** `true` if the module will be applied to traffic, `false` to disable. default `true` if unspecified */
+  enabled?: boolean;
+}
+
+export interface EdgeRouteItem {
+  /** unique identifier of this edge */
+  edgeId: string;
+  /** unique identifier of this edge route */
+  id: string;
+}
+
+export interface HTTPSEdgeRouteCreate {
+  /** unique identifier of this edge */
+  edgeId: string;
+  /** Type of match to use for this route. Valid values are "exact_path" and "path_prefix". */
+  matchType: string;
+  /** Route selector: "/blog" or "example.com" or "example.com/blog" */
+  match: string;
+  /** human-readable description of what this edge will be used for; optional, max 255 bytes. */
+  description: string;
+  /** arbitrary user-defined machine-readable data of this edge. Optional, max 4096 bytes. */
+  metadata: string;
+  /** backend module configuration or `null` */
+  backend?: EndpointBackendMutate;
+  /** ip restriction module configuration or `null` */
+  ipRestriction?: EndpointIPPolicyMutate;
+  /** circuit breaker module configuration or `null` */
+  circuitBreaker?: EndpointCircuitBreaker;
+  /** compression module configuration or `null` */
+  compression?: EndpointCompression;
+  /** request headers module configuration or `null` */
+  requestHeaders?: EndpointRequestHeaders;
+  /** response headers module configuration or `null` */
+  responseHeaders?: EndpointResponseHeaders;
+  /** webhook verification module configuration or `null` */
+  webhookVerification?: EndpointWebhookValidation;
+  /** oauth module configuration or `null` */
+  oauth?: EndpointOAuth;
+  /** saml module configuration or `null` */
+  saml?: EndpointSAMLMutate;
+  /** oidc module configuration or `null` */
+  oidc?: EndpointOIDC;
+  /** websocket to tcp adapter configuration or `null` */
+  websocketTcpConverter?: EndpointWebsocketTCPConverter;
+}
+
+export interface HTTPSEdgeRouteUpdate {
+  /** unique identifier of this edge */
+  edgeId: string;
+  /** unique identifier of this edge route */
+  id: string;
+  /** Type of match to use for this route. Valid values are "exact_path" and "path_prefix". */
+  matchType: string;
+  /** Route selector: "/blog" or "example.com" or "example.com/blog" */
+  match: string;
+  /** human-readable description of what this edge will be used for; optional, max 255 bytes. */
+  description: string;
+  /** arbitrary user-defined machine-readable data of this edge. Optional, max 4096 bytes. */
+  metadata: string;
+  /** backend module configuration or `null` */
+  backend?: EndpointBackendMutate;
+  /** ip restriction module configuration or `null` */
+  ipRestriction?: EndpointIPPolicyMutate;
+  /** circuit breaker module configuration or `null` */
+  circuitBreaker?: EndpointCircuitBreaker;
+  /** compression module configuration or `null` */
+  compression?: EndpointCompression;
+  /** request headers module configuration or `null` */
+  requestHeaders?: EndpointRequestHeaders;
+  /** response headers module configuration or `null` */
+  responseHeaders?: EndpointResponseHeaders;
+  /** webhook verification module configuration or `null` */
+  webhookVerification?: EndpointWebhookValidation;
+  /** oauth module configuration or `null` */
+  oauth?: EndpointOAuth;
+  /** saml module configuration or `null` */
+  saml?: EndpointSAMLMutate;
+  /** oidc module configuration or `null` */
+  oidc?: EndpointOIDC;
+  /** websocket to tcp adapter configuration or `null` */
+  websocketTcpConverter?: EndpointWebsocketTCPConverter;
+}
+
+export interface HTTPSEdgeRoute {
+  /** unique identifier of this edge */
+  edgeId: string;
+  /** unique identifier of this edge route */
+  id: string;
+  /** timestamp when the edge configuration was created, RFC 3339 format */
+  createdAt: string;
+  /** Type of match to use for this route. Valid values are "exact_path" and "path_prefix". */
+  matchType: string;
+  /** Route selector: "/blog" or "example.com" or "example.com/blog" */
+  match: string;
+  /** URI of the edge API resource */
+  uri: string;
+  /** human-readable description of what this edge will be used for; optional, max 255 bytes. */
+  description: string;
+  /** arbitrary user-defined machine-readable data of this edge. Optional, max 4096 bytes. */
+  metadata: string;
+  /** backend module configuration or `null` */
+  backend?: EndpointBackend;
+  /** ip restriction module configuration or `null` */
+  ipRestriction?: EndpointIPPolicy;
+  /** circuit breaker module configuration or `null` */
+  circuitBreaker?: EndpointCircuitBreaker;
+  /** compression module configuration or `null` */
+  compression?: EndpointCompression;
+  /** request headers module configuration or `null` */
+  requestHeaders?: EndpointRequestHeaders;
+  /** response headers module configuration or `null` */
+  responseHeaders?: EndpointResponseHeaders;
+  /** webhook verification module configuration or `null` */
+  webhookVerification?: EndpointWebhookValidation;
+  /** oauth module configuration or `null` */
+  oauth?: EndpointOAuth;
+  /** saml module configuration or `null` */
+  saml?: EndpointSAML;
+  /** oidc module configuration or `null` */
+  oidc?: EndpointOIDC;
+  /** websocket to tcp adapter configuration or `null` */
+  websocketTcpConverter?: EndpointWebsocketTCPConverter;
+}
+
+export interface HTTPSEdgeList {
+  /** the list of all HTTPS Edges on this account */
+  httpsEdges: Array<HTTPSEdge>;
+  /** URI of the HTTPS Edge list API resource */
+  uri: string;
+  /** URI of the next page, or null if there is no next page */
+  nextPageUri?: string;
+}
+
+export interface HTTPSEdgeCreate {
+  /** human-readable description of what this edge will be used for; optional, max 255 bytes. */
+  description: string;
+  /** arbitrary user-defined machine-readable data of this edge; optional, max 4096 bytes. */
+  metadata: string;
+  /** hostports served by this edge */
+  hostports?: Array<string>;
+  /** edge modules */
+  mutualTls?: EndpointMutualTLSMutate;
+  tlsTermination?: EndpointTLSTerminationAtEdge;
+}
+
+export interface HTTPSEdgeUpdate {
+  /** unique identifier of this edge */
+  id: string;
+  /** human-readable description of what this edge will be used for; optional, max 255 bytes. */
+  description?: string;
+  /** arbitrary user-defined machine-readable data of this edge; optional, max 4096 bytes. */
+  metadata?: string;
+  /** hostports served by this edge */
+  hostports?: Array<string>;
+  /** edge modules */
+  mutualTls?: EndpointMutualTLSMutate;
+  tlsTermination?: EndpointTLSTerminationAtEdge;
+}
+
+export interface HTTPSEdge {
+  /** unique identifier of this edge */
+  id: string;
+  /** human-readable description of what this edge will be used for; optional, max 255 bytes. */
+  description: string;
+  /** arbitrary user-defined machine-readable data of this edge; optional, max 4096 bytes. */
+  metadata: string;
+  /** timestamp when the edge configuration was created, RFC 3339 format */
+  createdAt: string;
+  /** URI of the edge API resource */
+  uri: string;
+  /** hostports served by this edge */
+  hostports?: Array<string>;
+  /** edge modules */
+  mutualTls?: EndpointMutualTLS;
+  tlsTermination?: EndpointTLSTermination;
+  /** routes */
+  routes: Array<HTTPSEdgeRoute>;
+}
+
+export interface EdgeBackendReplace {
+  id: string;
+  module: EndpointBackendMutate;
+}
+
+export interface EdgeIPRestrictionReplace {
+  id: string;
+  module: EndpointIPPolicyMutate;
+}
+
+export interface EdgeMutualTLSReplace {
+  id: string;
+  module: EndpointMutualTLSMutate;
+}
+
+export interface EdgeTLSTerminationReplace {
+  id: string;
+  module: EndpointTLSTermination;
+}
+
+export interface EdgeTLSTerminationAtEdgeReplace {
+  id: string;
+  module: EndpointTLSTerminationAtEdge;
+}
+
+export interface EdgeRouteBackendReplace {
+  edgeId: string;
+  id: string;
+  module: EndpointBackendMutate;
+}
+
+export interface EdgeRouteIPRestrictionReplace {
+  edgeId: string;
+  id: string;
+  module: EndpointIPPolicyMutate;
+}
+
+export interface EdgeRouteRequestHeadersReplace {
+  edgeId: string;
+  id: string;
+  module: EndpointRequestHeaders;
+}
+
+export interface EdgeRouteResponseHeadersReplace {
+  edgeId: string;
+  id: string;
+  module: EndpointResponseHeaders;
+}
+
+export interface EdgeRouteCompressionReplace {
+  edgeId: string;
+  id: string;
+  module: EndpointCompression;
+}
+
+export interface EdgeRouteCircuitBreakerReplace {
+  edgeId: string;
+  id: string;
+  module: EndpointCircuitBreaker;
+}
+
+export interface EdgeRouteWebhookVerificationReplace {
+  edgeId: string;
+  id: string;
+  module: EndpointWebhookValidation;
+}
+
+export interface EdgeRouteOAuthReplace {
+  edgeId: string;
+  id: string;
+  module: EndpointOAuth;
+}
+
+export interface EdgeRouteSAMLReplace {
+  edgeId: string;
+  id: string;
+  module: EndpointSAMLMutate;
+}
+
+export interface EdgeRouteOIDCReplace {
+  edgeId: string;
+  id: string;
+  module: EndpointOIDC;
+}
+
+export interface EdgeRouteWebsocketTCPConverterReplace {
+  edgeId: string;
+  id: string;
+  module: EndpointWebsocketTCPConverter;
+}
+
+export interface TCPEdgeList {
+  /** the list of all TCP Edges on this account */
+  tcpEdges: Array<TCPEdge>;
+  /** URI of the TCP Edge list API resource */
+  uri: string;
+  /** URI of the next page, or null if there is no next page */
+  nextPageUri?: string;
+}
 
 export interface TCPEdgeCreate {
-  /** human-readable description of what this edge will be do when applied or what traffic it will be applied to. Optional, max 255 bytes */
+  /** human-readable description of what this edge will be used for; optional, max 255 bytes. */
   description: string;
   /** arbitrary user-defined machine-readable data of this edge. Optional, max 4096 bytes. */
   metadata: string;
-  ip_restriction?: EndpointIPPolicyMutate;
+  /** hostports served by this edge */
+  hostports?: Array<string>;
+  /** edge modules */
+  backend?: EndpointBackendMutate;
+  ipRestriction?: EndpointIPPolicyMutate;
 }
 
 export interface TCPEdgeUpdate {
   /** unique identifier of this edge */
   id: string;
-  /** human-readable description of what this edge will be do when applied or what traffic it will be applied to. Optional, max 255 bytes */
+  /** human-readable description of what this edge will be used for; optional, max 255 bytes. */
   description?: string;
   /** arbitrary user-defined machine-readable data of this edge. Optional, max 4096 bytes. */
   metadata?: string;
-  ip_restriction?: EndpointIPPolicyMutate;
+  /** hostports served by this edge */
+  hostports?: Array<string>;
+  /** edge modules */
+  backend?: EndpointBackendMutate;
+  ipRestriction?: EndpointIPPolicyMutate;
 }
 
 export interface TCPEdge {
   /** unique identifier of this edge */
   id: string;
-  /** human-readable description of what this edge will be do when applied or what traffic it will be applied to. Optional, max 255 bytes */
+  /** human-readable description of what this edge will be used for; optional, max 255 bytes. */
   description: string;
   /** arbitrary user-defined machine-readable data of this edge. Optional, max 4096 bytes. */
   metadata: string;
   /** timestamp when the edge was created, RFC 3339 format */
-  created_at: string;
+  createdAt: string;
   /** URI of the edge API resource */
   uri: string;
+  /** hostports served by this edge */
+  hostports?: Array<string>;
   /** edge modules */
   backend?: EndpointBackend;
-  ip_restriction?: EndpointIPPolicy;
+  ipRestriction?: EndpointIPPolicy;
+}
+
+export interface TLSEdgeList {
+  /** the list of all TLS Edges on this account */
+  tlsEdges: Array<TLSEdge>;
+  /** URI of the TLS Edge list API resource */
+  uri: string;
+  /** URI of the next page, or null if there is no next page */
+  nextPageUri?: string;
 }
 
 export interface TLSEdgeCreate {
-  /** human-readable description of what this edge will be do when applied or what traffic it will be applied to. Optional, max 255 bytes */
+  /** human-readable description of what this edge will be used for; optional, max 255 bytes. */
   description: string;
   /** arbitrary user-defined machine-readable data of this edge. Optional, max 4096 bytes. */
   metadata: string;
-  ip_restriction?: EndpointIPPolicyMutate;
-  mutual_tls?: EndpointMutualTLSMutate;
-  tls_termination?: EndpointTLSTermination;
+  /** hostports served by this edge */
+  hostports?: Array<string>;
+  /** edge modules */
+  backend?: EndpointBackendMutate;
+  ipRestriction?: EndpointIPPolicyMutate;
+  mutualTls?: EndpointMutualTLSMutate;
+  tlsTermination?: EndpointTLSTermination;
 }
 
 export interface TLSEdgeUpdate {
   /** unique identifier of this edge */
   id: string;
-  /** human-readable description of what this edge will be do when applied or what traffic it will be applied to. Optional, max 255 bytes */
+  /** human-readable description of what this edge will be used for; optional, max 255 bytes. */
   description?: string;
   /** arbitrary user-defined machine-readable data of this edge. Optional, max 4096 bytes. */
   metadata?: string;
-  ip_restriction?: EndpointIPPolicyMutate;
-  mutual_tls?: EndpointMutualTLSMutate;
-  tls_termination?: EndpointTLSTermination;
+  /** hostports served by this edge */
+  hostports?: Array<string>;
+  /** edge modules */
+  backend?: EndpointBackendMutate;
+  ipRestriction?: EndpointIPPolicyMutate;
+  mutualTls?: EndpointMutualTLSMutate;
+  tlsTermination?: EndpointTLSTermination;
 }
 
 export interface TLSEdge {
   /** unique identifier of this edge */
   id: string;
-  /** human-readable description of what this edge will be do when applied or what traffic it will be applied to. Optional, max 255 bytes */
+  /** human-readable description of what this edge will be used for; optional, max 255 bytes. */
   description: string;
   /** arbitrary user-defined machine-readable data of this edge. Optional, max 4096 bytes. */
   metadata: string;
   /** timestamp when the edge configuration was created, RFC 3339 format */
-  created_at: string;
+  createdAt: string;
   /** URI of the edge API resource */
   uri: string;
+  /** hostports served by this edge */
+  hostports?: Array<string>;
   /** edge modules */
   backend?: EndpointBackend;
-  ip_restriction?: EndpointIPPolicy;
-  mutual_tls?: EndpointMutualTLS;
-  tls_termination?: EndpointTLSTermination;
-}
-
-export interface EventStreamCreate {
-  /** Arbitrary user-defined machine-readable data of this Event Stream. Optional, max 4096 bytes. */
-  metadata: string;
-  /** Human-readable description of the Event Stream. Optional, max 255 bytes. */
-  description: string;
-  /** A list of protocol-specific fields you want to collect on each event. */
-  fields: Array<string>;
-  /** The protocol that determines which events will be collected. Supported values are tcp_connection_closed and http_request_complete. */
-  event_type: string;
-  /** A list of Event Destination IDs which should be used for this Event Stream. Event Streams are required to have at least one Event Destination. */
-  destination_ids: Array<string>;
-  /** The percentage of all events you would like to capture. Valid values range from 0.01, representing 1% of all events to 1.00, representing 100% of all events. */
-  sampling_rate: number;
+  ipRestriction?: EndpointIPPolicy;
+  mutualTls?: EndpointMutualTLS;
+  tlsTermination?: EndpointTLSTermination;
 }
 
-export interface EventStreamUpdate {
-  /** Unique identifier for this Event Stream. */
+export interface Endpoint {
+  /** unique endpoint resource identifier */
   id: string;
-  /** Arbitrary user-defined machine-readable data of this Event Stream. Optional, max 4096 bytes. */
-  metadata?: string;
-  /** Human-readable description of the Event Stream. Optional, max 255 bytes. */
-  description?: string;
-  /** A list of protocol-specific fields you want to collect on each event. */
-  fields?: Array<string>;
-  /** A list of Event Destination IDs which should be used for this Event Stream. Event Streams are required to have at least one Event Destination. */
-  destination_ids?: Array<string>;
-  /** The percentage of all events you would like to capture. Valid values range from 0.01, representing 1% of all events to 1.00, representing 100% of all events. */
-  sampling_rate?: number;
-}
-
-export interface EventStreamList {
-  /** The list of all Event Streams on this account. */
-  event_streams: Array<EventStream>;
-  /** URI of the Event Stream list API resource. */
-  uri: string;
-  /** URI of the next page, or null if there is no next page. */
-  next_page_uri?: string;
-}
-
-export interface EventStream {
-  /** Unique identifier for this Event Stream. */
-  id: string;
-  /** URI of the Event Stream API resource. */
-  uri: string;
-  /** Timestamp when the Event Stream was created, RFC 3339 format. */
-  created_at: string;
-  /** Arbitrary user-defined machine-readable data of this Event Stream. Optional, max 4096 bytes. */
+  /** identifier of the region this endpoint belongs to */
+  region: string;
+  /** timestamp when the endpoint was created in RFC 3339 format */
+  createdAt: string;
+  /** timestamp when the endpoint was updated in RFC 3339 format */
+  updatedAt: string;
+  /** URL of the hostport served by this endpoint */
+  publicUrl: string;
+  /** protocol served by this endpoint. one of `http`, `https`, `tcp`, or `tls` */
+  proto: string;
+  /** hostport served by this endpoint (hostname:port) */
+  hostport: string;
+  /** whether the endpoint is `ephemeral` (served directly by an agent-initiated tunnel) or `edge` (served by an edge) */
+  type: string;
+  /** user-supplied metadata of the associated tunnel or edge object */
   metadata: string;
-  /** Human-readable description of the Event Stream. Optional, max 255 bytes. */
-  description: string;
-  /** A list of protocol-specific fields you want to collect on each event. */
-  fields: Array<string>;
-  /** The protocol that determines which events will be collected. Supported values are tcp_connection_closed and http_request_complete. */
-  event_type: string;
-  /** A list of Event Destination IDs which should be used for this Event Stream. Event Streams are required to have at least one Event Destination. */
-  destination_ids: Array<string>;
-  /** The percentage of all events you would like to capture. Valid values range from 0.01, representing 1% of all events to 1.00, representing 100% of all events. */
-  sampling_rate: number;
+  /** the domain reserved for this endpoint */
+  domain?: Ref;
+  /** the address reserved for this endpoint */
+  tcpAddr?: Ref;
+  /** the tunnel serving requests to this endpoint, if this is an ephemeral endpoint */
+  tunnel?: Ref;
+  /** the edge serving requests to this endpoint, if this is an edge endpoint */
+  edge?: Ref;
+}
+
+export interface EndpointList {
+  /** the list of all active endpoints on this account */
+  endpoints: Array<Endpoint>;
+  /** URI of the endpoints list API resource */
+  uri: string;
+  /** URI of the next page, or null if there is no next page */
+  nextPageUri?: string;
 }
 
 export interface EventDestinationCreate {
@@ -883,9 +1108,9 @@ export interface EventDestinationCreate {
   metadata: string;
   /** Human-readable description of the Event Destination. Optional, max 255 bytes. */
   description: string;
-  /** The output format you would like to serialize events into when sending to their target. Currently the only accepted value is JSON. */
+  /** The output format you would like to serialize events into when sending to their target. Currently the only accepted value is `JSON`. */
   format: string;
-  /** An object that encapsulates where and how to send your events. An event destination must contain exactly one of the following objects, leaving the rest null: kinesis, firehose, cloudwatch_logs, or s3. */
+  /** An object that encapsulates where and how to send your events. An event destination must contain exactly one of the following objects, leaving the rest null: `kinesis`, `firehose`, `cloudwatch_logs`, or `s3`. */
   target: EventTarget;
 }
 
@@ -896,9 +1121,9 @@ export interface EventDestinationUpdate {
   metadata?: string;
   /** Human-readable description of the Event Destination. Optional, max 255 bytes. */
   description?: string;
-  /** The output format you would like to serialize events into when sending to their target. Currently the only accepted value is JSON. */
+  /** The output format you would like to serialize events into when sending to their target. Currently the only accepted value is `JSON`. */
   format?: string;
-  /** An object that encapsulates where and how to send your events. An event destination must contain exactly one of the following objects, leaving the rest null: kinesis, firehose, cloudwatch_logs, or s3. */
+  /** An object that encapsulates where and how to send your events. An event destination must contain exactly one of the following objects, leaving the rest null: `kinesis`, `firehose`, `cloudwatch_logs`, or `s3`. */
   target?: EventTarget;
 }
 
@@ -908,12 +1133,12 @@ export interface EventDestination {
   /** Arbitrary user-defined machine-readable data of this Event Destination. Optional, max 4096 bytes. */
   metadata: string;
   /** Timestamp when the Event Destination was created, RFC 3339 format. */
-  created_at: string;
+  createdAt: string;
   /** Human-readable description of the Event Destination. Optional, max 255 bytes. */
   description: string;
-  /** The output format you would like to serialize events into when sending to their target. Currently the only accepted value is JSON. */
+  /** The output format you would like to serialize events into when sending to their target. Currently the only accepted value is `JSON`. */
   format: string;
-  /** An object that encapsulates where and how to send your events. An event destination must contain exactly one of the following objects, leaving the rest null: kinesis, firehose, cloudwatch_logs, or s3. */
+  /** An object that encapsulates where and how to send your events. An event destination must contain exactly one of the following objects, leaving the rest null: `kinesis`, `firehose`, `cloudwatch_logs`, or `s3`. */
   target: EventTarget;
   /** URI of the Event Destination API resource. */
   uri: string;
@@ -921,11 +1146,11 @@ export interface EventDestination {
 
 export interface EventDestinationList {
   /** The list of all Event Destinations on this account. */
-  event_destinations: Array<EventDestination>;
+  eventDestinations: Array<EventDestination>;
   /** URI of the Event Destinations list API resource. */
   uri: string;
   /** URI of the next page, or null if there is no next page. */
-  next_page_uri?: string;
+  nextPageUri?: string;
 }
 
 export interface EventTarget {
@@ -934,47 +1159,30 @@ export interface EventTarget {
   /** Configuration used to send events to Amazon Kinesis. */
   kinesis?: EventTargetKinesis;
   /** Configuration used to send events to Amazon CloudWatch Logs. */
-  cloudwatch_logs?: EventTargetCloudwatchLogs;
+  cloudwatchLogs?: EventTargetCloudwatchLogs;
 }
 
 export interface EventTargetFirehose {
-  /** Configuration for how to authenticate into your AWS account. Exactly one of role or creds should be configured. */
+  /** Configuration for how to authenticate into your AWS account. Exactly one of `role` or `creds` should be configured. */
   auth: AWSAuth;
   /** An Amazon Resource Name specifying the Firehose delivery stream to deposit events into. */
-  delivery_stream_arn: string;
+  deliveryStreamArn: string;
 }
 
 export interface EventTargetKinesis {
-  /** Configuration for how to authenticate into your AWS account. Exactly one of role or creds should be configured. */
+  /** Configuration for how to authenticate into your AWS account. Exactly one of `role` or `creds` should be configured. */
   auth: AWSAuth;
   /** An Amazon Resource Name specifying the Kinesis stream to deposit events into. */
-  stream_arn: string;
+  streamArn: string;
 }
 
 export interface EventTargetCloudwatchLogs {
-  /** Configuration for how to authenticate into your AWS account. Exactly one of role or creds should be configured. */
+  /** Configuration for how to authenticate into your AWS account. Exactly one of `role` or `creds` should be configured. */
   auth: AWSAuth;
   /** An Amazon Resource Name specifying the CloudWatch Logs group to deposit events into. */
-  log_group_arn: string;
+  logGroupArn: string;
 }
 
-export interface EventTargetS3 {
-  /** Configuration for how to authenticate into your AWS account. Exactly one of role or creds should be configured. */
-  auth: AWSAuth;
-  /** An Amazon Resource Name specifying the S3 bucket to deposit events into. */
-  bucket_arn: string;
-  /** An optional prefix to prepend to S3 object keys. */
-  object_prefix: string;
-  /** Whether or not to compress files with gzip. */
-  compression: boolean;
-  /** How many bytes we should accumulate into a single file before sending to S3. */
-  max_file_size: number;
-  /** How many seconds we should batch up events before sending them to S3. */
-  max_file_age: number;
-}
-
-export interface EventTargetDebug {}
-
 export interface AWSAuth {
   /** A role for ngrok to assume on your behalf to deposit events into your AWS account. */
   role?: AWSRole;
@@ -984,18 +1192,14 @@ export interface AWSAuth {
 
 export interface AWSRole {
   /** An ARN that specifies the role that ngrok should use to deliver to the configured target. */
-  role_arn: string;
+  roleArn: string;
 }
 
 export interface AWSCredentials {
   /** The ID portion of an AWS access key. */
-  aws_access_key_id: string;
+  awsAccessKeyId: string;
   /** The secret portion of an AWS access key. */
-  aws_secret_access_key?: string;
-}
-
-export interface SentEvent {
-  event_id: string;
+  awsSecretAccessKey?: string;
 }
 
 export interface EventSubscriptionCreate {
@@ -1005,8 +1209,8 @@ export interface EventSubscriptionCreate {
   description: string;
   /** Sources containing the types for which this event subscription will trigger */
   sources: Array<EventSourceReplace>;
-  /** A list of Event Destination IDs which should be used for this Event Stream. Event Streams are required to have at least one Event Destination. */
-  destination_ids: Array<string>;
+  /** A list of Event Destination IDs which should be used for this Event Subscription. */
+  destinationIds: Array<string>;
 }
 
 export interface EventSubscriptionUpdate {
@@ -1018,17 +1222,17 @@ export interface EventSubscriptionUpdate {
   description?: string;
   /** Sources containing the types for which this event subscription will trigger */
   sources?: Array<EventSourceReplace>;
-  /** A list of Event Destination IDs which should be used for this Event Stream. Event Streams are required to have at least one Event Destination. */
-  destination_ids?: Array<string>;
+  /** A list of Event Destination IDs which should be used for this Event Subscription. */
+  destinationIds?: Array<string>;
 }
 
 export interface EventSubscriptionList {
   /** The list of all Event Subscriptions on this account. */
-  event_subscriptions: Array<EventSubscription>;
+  eventSubscriptions: Array<EventSubscription>;
   /** URI of the Event Subscriptions list API resource. */
   uri: string;
   /** URI of next page, or null if there is no next page. */
-  next_page_uri?: string;
+  nextPageUri?: string;
 }
 
 export interface EventSubscription {
@@ -1037,7 +1241,7 @@ export interface EventSubscription {
   /** URI of the Event Subscription API resource. */
   uri: string;
   /** When the Event Subscription was created (RFC 3339 format). */
-  created_at: string;
+  createdAt: string;
   /** Arbitrary customer supplied information intended to be machine readable. Optional, max 4096 chars. */
   metadata: string;
   /** Arbitrary customer supplied information intended to be human readable. Optional, max 255 chars. */
@@ -1069,14 +1273,14 @@ export interface EventSourceList {
 
 export interface EventSourceCreate {
   /** The unique identifier for the Event Subscription that this Event Source is attached to. */
-  subscription_id: string;
+  subscriptionId: string;
   /** Type of event for which an event subscription will trigger */
   type: string;
 }
 
 export interface EventSourceUpdate {
   /** The unique identifier for the Event Subscription that this Event Source is attached to. */
-  subscription_id: string;
+  subscriptionId: string;
   /** Type of event for which an event subscription will trigger */
   type: string;
 }
@@ -1084,7 +1288,7 @@ export interface EventSourceUpdate {
 /** This is needed instead of Item because the parameters are different. */
 export interface EventSourceItem {
   /** The unique identifier for the Event Subscription that this Event Source is attached to. */
-  subscription_id: string;
+  subscriptionId: string;
   /** Type of event for which an event subscription will trigger */
   type: string;
 }
@@ -1092,7 +1296,7 @@ export interface EventSourceItem {
 /** This is needed instead of Paging because the parameters are different. We also don't need the typical pagination params because pagination of this isn't necessary or supported. */
 export interface EventSourcePaging {
   /** The unique identifier for the Event Subscription that this Event Source is attached to. */
-  subscription_id: string;
+  subscriptionId: string;
 }
 
 export interface IPPolicyCreate {
@@ -1100,8 +1304,6 @@ export interface IPPolicyCreate {
   description: string;
   /** arbitrary user-defined machine-readable data of this IP policy. optional, max 4096 bytes. */
   metadata: string;
-  /** the IP policy action. Supported values are allow or deny */
-  action: string;
 }
 
 export interface IPPolicyUpdate {
@@ -1118,22 +1320,20 @@ export interface IPPolicy {
   /** URI of the IP Policy API resource */
   uri: string;
   /** timestamp when the IP policy was created, RFC 3339 format */
-  created_at: string;
+  createdAt: string;
   /** human-readable description of the source IPs of this IP policy. optional, max 255 bytes. */
   description: string;
   /** arbitrary user-defined machine-readable data of this IP policy. optional, max 4096 bytes. */
   metadata: string;
-  /** the IP policy action. Supported values are allow or deny */
-  action: string;
 }
 
 export interface IPPolicyList {
   /** the list of all IP policies on this account */
-  ip_policies: Array<IPPolicy>;
+  ipPolicies: Array<IPPolicy>;
   /** URI of the IP policy list API resource */
   uri: string;
   /** URI of the next page, or null if there is no next page */
-  next_page_uri?: string;
+  nextPageUri?: string;
 }
 
 export interface IPPolicyRuleCreate {
@@ -1144,7 +1344,9 @@ export interface IPPolicyRuleCreate {
   /** an IP or IP range specified in CIDR notation. IPv4 and IPv6 are both supported. */
   cidr: string;
   /** ID of the IP policy this IP policy rule will be attached to */
-  ip_policy_id: string;
+  ipPolicyId: string;
+  /** the action to apply to the policy rule, either `allow` or `deny` */
+  action?: string;
 }
 
 export interface IPPolicyRuleUpdate {
@@ -1163,7 +1365,7 @@ export interface IPPolicyRule {
   /** URI of the IP policy rule API resource */
   uri: string;
   /** timestamp when the IP policy rule was created, RFC 3339 format */
-  created_at: string;
+  createdAt: string;
   /** human-readable description of the source IPs of this IP rule. optional, max 255 bytes. */
   description: string;
   /** arbitrary user-defined machine-readable data of this IP policy rule. optional, max 4096 bytes. */
@@ -1171,16 +1373,18 @@ export interface IPPolicyRule {
   /** an IP or IP range specified in CIDR notation. IPv4 and IPv6 are both supported. */
   cidr: string;
   /** object describing the IP policy this IP Policy Rule belongs to */
-  ip_policy: Ref;
+  ipPolicy: Ref;
+  /** the action to apply to the policy rule, either `allow` or `deny` */
+  action: string;
 }
 
 export interface IPPolicyRuleList {
   /** the list of all IP policy rules on this account */
-  ip_policy_rules: Array<IPPolicyRule>;
+  ipPolicyRules: Array<IPPolicyRule>;
   /** URI of the IP policy rule list API resource */
   uri: string;
   /** URI of the next page, or null if there is no next page */
-  next_page_uri?: string;
+  nextPageUri?: string;
 }
 
 export interface IPRestrictionCreate {
@@ -1190,10 +1394,10 @@ export interface IPRestrictionCreate {
   metadata: string;
   /** true if the IP restriction will be enforced. if false, only warnings will be issued */
   enforced: boolean;
-  /** the type of IP restriction. this defines what traffic will be restricted with the attached policies. four values are currently supported: dashboard, api, agent, and endpoints */
+  /** the type of IP restriction. this defines what traffic will be restricted with the attached policies. four values are currently supported: `dashboard`, `api`, `agent`, and `endpoints` */
   type: string;
   /** the set of IP policy identifiers that are used to enforce the restriction */
-  ip_policy_ids: Array<string>;
+  ipPolicyIds: Array<string>;
 }
 
 export interface IPRestrictionUpdate {
@@ -1205,7 +1409,7 @@ export interface IPRestrictionUpdate {
   /** true if the IP restriction will be enforced. if false, only warnings will be issued */
   enforced?: boolean;
   /** the set of IP policy identifiers that are used to enforce the restriction */
-  ip_policy_ids: Array<string>;
+  ipPolicyIds: Array<string>;
 }
 
 export interface IPRestriction {
@@ -1214,137 +1418,26 @@ export interface IPRestriction {
   /** URI of the IP restriction API resource */
   uri: string;
   /** timestamp when the IP restriction was created, RFC 3339 format */
-  created_at: string;
+  createdAt: string;
   /** human-readable description of this IP restriction. optional, max 255 bytes. */
   description: string;
   /** arbitrary user-defined machine-readable data of this IP restriction. optional, max 4096 bytes. */
   metadata: string;
   /** true if the IP restriction will be enforced. if false, only warnings will be issued */
   enforced: boolean;
-  /** the type of IP restriction. this defines what traffic will be restricted with the attached policies. four values are currently supported: dashboard, api, agent, and endpoints */
+  /** the type of IP restriction. this defines what traffic will be restricted with the attached policies. four values are currently supported: `dashboard`, `api`, `agent`, and `endpoints` */
   type: string;
   /** the set of IP policies that are used to enforce the restriction */
-  ip_policies: Array<Ref>;
+  ipPolicies: Array<Ref>;
 }
 
 export interface IPRestrictionList {
   /** the list of all IP restrictions on this account */
-  ip_restrictions: Array<IPRestriction>;
+  ipRestrictions: Array<IPRestriction>;
   /** URI of the IP resrtrictions list API resource */
   uri: string;
   /** URI of the next page, or null if there is no next page */
-  next_page_uri?: string;
-}
-
-export interface IPWhitelistEntryCreate {
-  /** human-readable description of the source IPs for this IP whitelist entry. optional, max 255 bytes. */
-  description: string;
-  /** arbitrary user-defined machine-readable data of this IP whitelist entry. optional, max 4096 bytes. */
-  metadata: string;
-  /** an IP address or IP network range in CIDR notation (e.g. 10.1.1.1 or 10.1.0.0/16) of addresses that will be whitelisted to communicate with your tunnel endpoints */
-  ip_net: string;
-}
-
-export interface IPWhitelistEntryUpdate {
-  id: string;
-  /** human-readable description of the source IPs for this IP whitelist entry. optional, max 255 bytes. */
-  description?: string;
-  /** arbitrary user-defined machine-readable data of this IP whitelist entry. optional, max 4096 bytes. */
-  metadata?: string;
-}
-
-export interface IPWhitelistEntry {
-  /** unique identifier for this IP whitelist entry */
-  id: string;
-  /** URI of the IP whitelist entry API resource */
-  uri: string;
-  /** timestamp when the IP whitelist entry was created, RFC 3339 format */
-  created_at: string;
-  /** human-readable description of the source IPs for this IP whitelist entry. optional, max 255 bytes. */
-  description: string;
-  /** arbitrary user-defined machine-readable data of this IP whitelist entry. optional, max 4096 bytes. */
-  metadata: string;
-  /** an IP address or IP network range in CIDR notation (e.g. 10.1.1.1 or 10.1.0.0/16) of addresses that will be whitelisted to communicate with your tunnel endpoints */
-  ip_net: string;
-}
-
-export interface IPWhitelistEntryList {
-  /** the list of all IP whitelist entries on this account */
-  whitelist: Array<IPWhitelistEntry>;
-  /** URI of the IP whitelist API resource */
-  uri: string;
-  /** URI of the next page, or null if there is no next page */
-  next_page_uri?: string;
-}
-
-export interface EndpointLoggingReplace {
-  id: string;
-  module: EndpointLoggingMutate;
-}
-
-export interface EndpointBasicAuthReplace {
-  id: string;
-  module: EndpointBasicAuth;
-}
-
-export interface EndpointCircuitBreakerReplace {
-  id: string;
-  module: EndpointCircuitBreaker;
-}
-
-export interface EndpointCompressionReplace {
-  id: string;
-  module: EndpointCompression;
-}
-
-export interface EndpointTLSTerminationReplace {
-  id: string;
-  module: EndpointTLSTermination;
-}
-
-export interface EndpointIPPolicyReplace {
-  id: string;
-  module: EndpointIPPolicyMutate;
-}
-
-export interface EndpointMutualTLSReplace {
-  id: string;
-  module: EndpointMutualTLSMutate;
-}
-
-export interface EndpointRequestHeadersReplace {
-  id: string;
-  module: EndpointRequestHeaders;
-}
-
-export interface EndpointResponseHeadersReplace {
-  id: string;
-  module: EndpointResponseHeaders;
-}
-
-export interface EndpointOAuthReplace {
-  id: string;
-  module: EndpointOAuth;
-}
-
-export interface EndpointWebhookValidationReplace {
-  id: string;
-  module: EndpointWebhookValidation;
-}
-
-export interface EndpointSAMLReplace {
-  id: string;
-  module: EndpointSAMLMutate;
-}
-
-export interface EndpointOIDCReplace {
-  id: string;
-  module: EndpointOIDC;
-}
-
-export interface EndpointBackendReplace {
-  id: string;
-  module: EndpointBackendMutate;
+  nextPageUri?: string;
 }
 
 export interface ReservedAddrCreate {
@@ -1354,8 +1447,6 @@ export interface ReservedAddrCreate {
   metadata: string;
   /** reserve the address in this geographic ngrok datacenter. Optional, default is us. (au, eu, ap, us, jp, in, sa) */
   region: string;
-  /** ID of an endpoint configuration of type tcp that will be used to handle inbound traffic to this address */
-  endpoint_configuration_id: string;
 }
 
 export interface ReservedAddrUpdate {
@@ -1364,8 +1455,6 @@ export interface ReservedAddrUpdate {
   description?: string;
   /** arbitrary user-defined machine-readable data of this reserved address. Optional, max 4096 bytes. */
   metadata?: string;
-  /** ID of an endpoint configuration of type tcp that will be used to handle inbound traffic to this address */
-  endpoint_configuration_id?: string;
 }
 
 export interface ReservedAddr {
@@ -1374,7 +1463,7 @@ export interface ReservedAddr {
   /** URI of the reserved address API resource */
   uri: string;
   /** timestamp when the reserved address was created, RFC 3339 format */
-  created_at: string;
+  createdAt: string;
   /** human-readable description of what this reserved address will be used for */
   description: string;
   /** arbitrary user-defined machine-readable data of this reserved address. Optional, max 4096 bytes. */
@@ -1383,17 +1472,15 @@ export interface ReservedAddr {
   addr: string;
   /** reserve the address in this geographic ngrok datacenter. Optional, default is us. (au, eu, ap, us, jp, in, sa) */
   region: string;
-  /** object reference to the endpoint configuration that will be applied to traffic to this address */
-  endpoint_configuration?: Ref;
 }
 
 export interface ReservedAddrList {
   /** the list of all reserved addresses on this account */
-  reserved_addrs: Array<ReservedAddr>;
+  reservedAddrs: Array<ReservedAddr>;
   /** URI of the reserved address list API resource */
   uri: string;
   /** URI of the next page, or null if there is no next page */
-  next_page_uri?: string;
+  nextPageUri?: string;
 }
 
 export interface ReservedDomainCreate {
@@ -1405,14 +1492,10 @@ export interface ReservedDomainCreate {
   description: string;
   /** arbitrary user-defined machine-readable data of this reserved domain. Optional, max 4096 bytes. */
   metadata: string;
-  /** ID of an endpoint configuration of type http that will be used to handle inbound http traffic to this domain */
-  http_endpoint_configuration_id?: string;
-  /** ID of an endpoint configuration of type https that will be used to handle inbound https traffic to this domain */
-  https_endpoint_configuration_id?: string;
-  /** ID of a user-uploaded TLS certificate to use for connections to targeting this domain. Optional, mutually exclusive with certificate_management_policy. */
-  certificate_id?: string;
-  /** configuration for automatic management of TLS certificates for this domain, or null if automatic management is disabled. Optional, mutually exclusive with certificate_id. */
-  certificate_management_policy?: ReservedDomainCertPolicy;
+  /** ID of a user-uploaded TLS certificate to use for connections to targeting this domain. Optional, mutually exclusive with `certificate_management_policy`. */
+  certificateId?: string;
+  /** configuration for automatic management of TLS certificates for this domain, or null if automatic management is disabled. Optional, mutually exclusive with `certificate_id`. */
+  certificateManagementPolicy?: ReservedDomainCertPolicy;
 }
 
 export interface ReservedDomainUpdate {
@@ -1421,14 +1504,10 @@ export interface ReservedDomainUpdate {
   description?: string;
   /** arbitrary user-defined machine-readable data of this reserved domain. Optional, max 4096 bytes. */
   metadata?: string;
-  /** ID of an endpoint configuration of type http that will be used to handle inbound http traffic to this domain */
-  http_endpoint_configuration_id?: string;
-  /** ID of an endpoint configuration of type https that will be used to handle inbound https traffic to this domain */
-  https_endpoint_configuration_id?: string;
-  /** ID of a user-uploaded TLS certificate to use for connections to targeting this domain. Optional, mutually exclusive with certificate_management_policy. */
-  certificate_id?: string;
-  /** configuration for automatic management of TLS certificates for this domain, or null if automatic management is disabled. Optional, mutually exclusive with certificate_id. */
-  certificate_management_policy?: ReservedDomainCertPolicy;
+  /** ID of a user-uploaded TLS certificate to use for connections to targeting this domain. Optional, mutually exclusive with `certificate_management_policy`. */
+  certificateId?: string;
+  /** configuration for automatic management of TLS certificates for this domain, or null if automatic management is disabled. Optional, mutually exclusive with `certificate_id`. */
+  certificateManagementPolicy?: ReservedDomainCertPolicy;
 }
 
 export interface ReservedDomain {
@@ -1437,7 +1516,7 @@ export interface ReservedDomain {
   /** URI of the reserved domain API resource */
   uri: string;
   /** timestamp when the reserved domain was created, RFC 3339 format */
-  created_at: string;
+  createdAt: string;
   /** human-readable description of what this reserved domain will be used for */
   description: string;
   /** arbitrary user-defined machine-readable data of this reserved domain. Optional, max 4096 bytes. */
@@ -1447,65 +1526,49 @@ export interface ReservedDomain {
   /** reserve the domain in this geographic ngrok datacenter. Optional, default is us. (au, eu, ap, us, jp, in, sa) */
   region: string;
   /** DNS CNAME target for a custom hostname, or null if the reserved domain is a subdomain of *.ngrok.io */
-  cname_target?: string;
-  /** object referencing the endpoint configuration applied to http traffic on this domain */
-  http_endpoint_configuration?: Ref;
-  /** object referencing the endpoint configuration applied to https traffic on this domain */
-  https_endpoint_configuration?: Ref;
+  cnameTarget?: string;
   /** object referencing the TLS certificate used for connections to this domain. This can be either a user-uploaded certificate, the most recently issued automatic one, or null otherwise. */
   certificate?: Ref;
   /** configuration for automatic management of TLS certificates for this domain, or null if automatic management is disabled */
-  certificate_management_policy?: ReservedDomainCertPolicy;
+  certificateManagementPolicy?: ReservedDomainCertPolicy;
   /** status of the automatic certificate management for this domain, or null if automatic management is disabled */
-  certificate_management_status?: ReservedDomainCertStatus;
+  certificateManagementStatus?: ReservedDomainCertStatus;
+  /** DNS CNAME target for the host _acme-challenge.example.com, where example.com is your reserved domain name. This is required to issue certificates for wildcard, non-ngrok reserved domains. Must be null for non-wildcard domains and ngrok subdomains. */
+  acmeChallengeCnameTarget?: string;
 }
 
 export interface ReservedDomainList {
   /** the list of all reserved domains on this account */
-  reserved_domains: Array<ReservedDomain>;
+  reservedDomains: Array<ReservedDomain>;
   /** URI of the reserved domain list API resource */
   uri: string;
   /** URI of the next page, or null if there is no next page */
-  next_page_uri?: string;
+  nextPageUri?: string;
 }
 
 export interface ReservedDomainCertPolicy {
   /** certificate authority to request certificates from. The only supported value is letsencrypt. */
   authority: string;
   /** type of private key to use when requesting certificates. Defaults to rsa, can be either rsa or ecdsa. */
-  private_key_type: string;
+  privateKeyType: string;
 }
 
 export interface ReservedDomainCertStatus {
   /** timestamp when the next renewal will be requested, RFC 3339 format */
-  renews_at?: string;
+  renewsAt?: string;
   /** status of the certificate provisioning job, or null if the certificiate isn't being provisioned or renewed */
-  provisioning_job?: ReservedDomainCertJob;
-}
-
-export interface ReservedDomainCertNSTarget {
-  /** the zone that the nameservers need to be applied to */
-  zone: string;
-  /** the nameservers the user must add */
-  nameservers: Array<string>;
+  provisioningJob?: ReservedDomainCertJob;
 }
 
 export interface ReservedDomainCertJob {
   /** if present, an error code indicating why provisioning is failing. It may be either a temporary condition (INTERNAL_ERROR), or a permanent one the user must correct (DNS_ERROR). */
-  error_code?: string;
+  errorCode?: string;
   /** a message describing the current status or error */
   msg: string;
   /** timestamp when the provisioning job started, RFC 3339 format */
-  started_at: string;
+  startedAt: string;
   /** timestamp when the provisioning job will be retried */
-  retries_at?: string;
-  /** if present, indicates the dns nameservers that the user must configure to complete the provisioning process of a wildcard certificate */
-  ns_targets: Array<ReservedDomainCertNSTarget>;
-}
-
-export interface RootResponse {
-  uri: string;
-  subresource_uris: Map<string, string>;
+  retriesAt?: string;
 }
 
 export interface SSHCertificateAuthorityCreate {
@@ -1513,12 +1576,12 @@ export interface SSHCertificateAuthorityCreate {
   description: string;
   /** arbitrary user-defined machine-readable data of this SSH Certificate Authority. optional, max 4096 bytes. */
   metadata: string;
-  /** the type of private key to generate. one of rsa, ecdsa, ed25519 */
-  private_key_type: string;
+  /** the type of private key to generate. one of `rsa`, `ecdsa`, `ed25519` */
+  privateKeyType: string;
   /** the type of elliptic curve to use when creating an ECDSA key */
-  elliptic_curve: string;
-  /** the key size to use when creating an RSA key. one of 2048 or 4096 */
-  key_size: number;
+  ellipticCurve: string;
+  /** the key size to use when creating an RSA key. one of `2048` or `4096` */
+  keySize: number;
 }
 
 export interface SSHCertificateAuthorityUpdate {
@@ -1535,24 +1598,24 @@ export interface SSHCertificateAuthority {
   /** URI of the SSH Certificate Authority API resource */
   uri: string;
   /** timestamp when the SSH Certificate Authority API resource was created, RFC 3339 format */
-  created_at: string;
+  createdAt: string;
   /** human-readable description of this SSH Certificate Authority. optional, max 255 bytes. */
   description: string;
   /** arbitrary user-defined machine-readable data of this SSH Certificate Authority. optional, max 4096 bytes. */
   metadata: string;
   /** raw public key for this SSH Certificate Authority */
-  public_key: string;
+  publicKey: string;
   /** the type of private key for this SSH Certificate Authority */
-  key_type: string;
+  keyType: string;
 }
 
 export interface SSHCertificateAuthorityList {
   /** the list of all certificate authorities on this account */
-  ssh_certificate_authorities: Array<SSHCertificateAuthority>;
+  sshCertificateAuthorities: Array<SSHCertificateAuthority>;
   /** URI of the certificates authorities list API resource */
   uri: string;
   /** URI of the next page, or null if there is no next page */
-  next_page_uri?: string;
+  nextPageUri?: string;
 }
 
 export interface SSHCredentialCreate {
@@ -1560,10 +1623,10 @@ export interface SSHCredentialCreate {
   description: string;
   /** arbitrary user-defined machine-readable data of this ssh credential. Optional, max 4096 bytes. */
   metadata: string;
-  /** optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the bind rule. The bind rule allows the caller to restrict what domains and addresses the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule bind:example.ngrok.io. Bind rules may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of bind:*.example.com which will allow x.example.com, y.example.com, *.example.com, etc. A rule of '*' is equivalent to no acl at all and will explicitly permit all actions. */
+  /** optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the `bind` rule. The `bind` rule allows the caller to restrict what domains and addresses the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule `bind:example.ngrok.io`. Bind rules may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of `bind:*.example.com` which will allow `x.example.com`, `y.example.com`, `*.example.com`, etc. A rule of `'*'` is equivalent to no acl at all and will explicitly permit all actions. */
   acl: Array<string>;
   /** the PEM-encoded public key of the SSH keypair that will be used to authenticate */
-  public_key: string;
+  publicKey: string;
 }
 
 export interface SSHCredentialUpdate {
@@ -1572,7 +1635,7 @@ export interface SSHCredentialUpdate {
   description?: string;
   /** arbitrary user-defined machine-readable data of this ssh credential. Optional, max 4096 bytes. */
   metadata?: string;
-  /** optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the bind rule. The bind rule allows the caller to restrict what domains and addresses the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule bind:example.ngrok.io. Bind rules may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of bind:*.example.com which will allow x.example.com, y.example.com, *.example.com, etc. A rule of '*' is equivalent to no acl at all and will explicitly permit all actions. */
+  /** optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the `bind` rule. The `bind` rule allows the caller to restrict what domains and addresses the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule `bind:example.ngrok.io`. Bind rules may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of `bind:*.example.com` which will allow `x.example.com`, `y.example.com`, `*.example.com`, etc. A rule of `'*'` is equivalent to no acl at all and will explicitly permit all actions. */
   acl?: Array<string>;
 }
 
@@ -1582,37 +1645,37 @@ export interface SSHCredential {
   /** URI of the ssh credential API resource */
   uri: string;
   /** timestamp when the ssh credential was created, RFC 3339 format */
-  created_at: string;
+  createdAt: string;
   /** human-readable description of who or what will use the ssh credential to authenticate. Optional, max 255 bytes. */
   description: string;
   /** arbitrary user-defined machine-readable data of this ssh credential. Optional, max 4096 bytes. */
   metadata: string;
   /** the PEM-encoded public key of the SSH keypair that will be used to authenticate */
-  public_key: string;
-  /** optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the bind rule. The bind rule allows the caller to restrict what domains and addresses the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule bind:example.ngrok.io. Bind rules may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of bind:*.example.com which will allow x.example.com, y.example.com, *.example.com, etc. A rule of '*' is equivalent to no acl at all and will explicitly permit all actions. */
+  publicKey: string;
+  /** optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the `bind` rule. The `bind` rule allows the caller to restrict what domains and addresses the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule `bind:example.ngrok.io`. Bind rules may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of `bind:*.example.com` which will allow `x.example.com`, `y.example.com`, `*.example.com`, etc. A rule of `'*'` is equivalent to no acl at all and will explicitly permit all actions. */
   acl: Array<string>;
 }
 
 export interface SSHCredentialList {
   /** the list of all ssh credentials on this account */
-  ssh_credentials: Array<SSHCredential>;
+  sshCredentials: Array<SSHCredential>;
   /** URI of the ssh credential list API resource */
   uri: string;
   /** URI of the next page, or null if there is no next page */
-  next_page_uri?: string;
+  nextPageUri?: string;
 }
 
 export interface SSHHostCertificateCreate {
   /** the ssh certificate authority that is used to sign this ssh host certificate */
-  ssh_certificate_authority_id: string;
+  sshCertificateAuthorityId: string;
   /** a public key in OpenSSH Authorized Keys format that this certificate signs */
-  public_key: string;
+  publicKey: string;
   /** the list of principals included in the ssh host certificate. This is the list of hostnames and/or IP addresses that are authorized to serve SSH traffic with this certificate. Dangerously, if no principals are specified, this certificate is considered valid for all hosts. */
   principals: Array<string>;
   /** The time when the host certificate becomes valid, in RFC 3339 format. Defaults to the current time if unspecified. */
-  valid_after: string;
-  /** The time when this host certificate becomes invalid, in RFC 3339 format. If unspecified, a default value of one year in the future will be used. The OpenSSH certificates RFC calls this valid_before. */
-  valid_until: string;
+  validAfter: string;
+  /** The time when this host certificate becomes invalid, in RFC 3339 format. If unspecified, a default value of one year in the future will be used. The OpenSSH certificates RFC calls this `valid_before`. */
+  validUntil: string;
   /** human-readable description of this SSH Host Certificate. optional, max 255 bytes. */
   description: string;
   /** arbitrary user-defined machine-readable data of this SSH Host Certificate. optional, max 4096 bytes. */
@@ -1633,51 +1696,51 @@ export interface SSHHostCertificate {
   /** URI of the SSH Host Certificate API resource */
   uri: string;
   /** timestamp when the SSH Host Certificate API resource was created, RFC 3339 format */
-  created_at: string;
+  createdAt: string;
   /** human-readable description of this SSH Host Certificate. optional, max 255 bytes. */
   description: string;
   /** arbitrary user-defined machine-readable data of this SSH Host Certificate. optional, max 4096 bytes. */
   metadata: string;
   /** a public key in OpenSSH Authorized Keys format that this certificate signs */
-  public_key: string;
-  /** the key type of the public_key, one of rsa, ecdsa or ed25519 */
-  key_type: string;
+  publicKey: string;
+  /** the key type of the `public_key`, one of `rsa`, `ecdsa` or `ed25519` */
+  keyType: string;
   /** the ssh certificate authority that is used to sign this ssh host certificate */
-  ssh_certificate_authority_id: string;
+  sshCertificateAuthorityId: string;
   /** the list of principals included in the ssh host certificate. This is the list of hostnames and/or IP addresses that are authorized to serve SSH traffic with this certificate. Dangerously, if no principals are specified, this certificate is considered valid for all hosts. */
   principals: Array<string>;
   /** the time when the ssh host certificate becomes valid, in RFC 3339 format. */
-  valid_after: string;
-  /** the time after which the ssh host certificate becomes invalid, in RFC 3339 format. the OpenSSH certificates RFC calls this valid_before. */
-  valid_until: string;
-  /** the signed SSH certificate in OpenSSH Authorized Keys format. this value should be placed in a -cert.pub certificate file on disk that should be referenced in your sshd_config configuration file with a HostCertificate directive */
+  validAfter: string;
+  /** the time after which the ssh host certificate becomes invalid, in RFC 3339 format. the OpenSSH certificates RFC calls this `valid_before`. */
+  validUntil: string;
+  /** the signed SSH certificate in OpenSSH Authorized Keys format. this value should be placed in a `-cert.pub` certificate file on disk that should be referenced in your `sshd_config` configuration file with a `HostCertificate` directive */
   certificate: string;
 }
 
 export interface SSHHostCertificateList {
   /** the list of all ssh host certificates on this account */
-  ssh_host_certificates: Array<SSHHostCertificate>;
+  sshHostCertificates: Array<SSHHostCertificate>;
   /** URI of the ssh host certificates list API resource */
   uri: string;
   /** URI of the next page, or null if there is no next page */
-  next_page_uri?: string;
+  nextPageUri?: string;
 }
 
 export interface SSHUserCertificateCreate {
   /** the ssh certificate authority that is used to sign this ssh user certificate */
-  ssh_certificate_authority_id: string;
+  sshCertificateAuthorityId: string;
   /** a public key in OpenSSH Authorized Keys format that this certificate signs */
-  public_key: string;
+  publicKey: string;
   /** the list of principals included in the ssh user certificate. This is the list of usernames that the certificate holder may sign in as on a machine authorizinig the signing certificate authority. Dangerously, if no principals are specified, this certificate may be used to log in as any user. */
   principals: Array<string>;
-  /** A map of critical options included in the certificate. Only two critical options are currently defined by OpenSSH: force-command and source-address. See  (https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys)the OpenSSH certificate protocol spec for additional details. */
-  critical_options: Map<string, string>;
-  /** A map of extensions included in the certificate. Extensions are additional metadata that can be interpreted by the SSH server for any purpose. These can be used to permit or deny the ability to open a terminal, do port forwarding, x11 forwarding, and more. If unspecified, the certificate will include limited permissions with the following extension map: {"permit-pty": "", "permit-user-rc": ""} OpenSSH understands a number of predefined extensions. See  (https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys)the OpenSSH certificate protocol spec for additional details. */
+  /** A map of critical options included in the certificate. Only two critical options are currently defined by OpenSSH: `force-command` and `source-address`. See [the OpenSSH certificate protocol spec](https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys) for additional details. */
+  criticalOptions: Map<string, string>;
+  /** A map of extensions included in the certificate. Extensions are additional metadata that can be interpreted by the SSH server for any purpose. These can be used to permit or deny the ability to open a terminal, do port forwarding, x11 forwarding, and more. If unspecified, the certificate will include limited permissions with the following extension map: `{"permit-pty": "", "permit-user-rc": ""}` OpenSSH understands a number of predefined extensions. See [the OpenSSH certificate protocol spec](https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys) for additional details. */
   extensions: Map<string, string>;
   /** The time when the user certificate becomes valid, in RFC 3339 format. Defaults to the current time if unspecified. */
-  valid_after: string;
-  /** The time when this host certificate becomes invalid, in RFC 3339 format. If unspecified, a default value of 24 hours will be used. The OpenSSH certificates RFC calls this valid_before. */
-  valid_until: string;
+  validAfter: string;
+  /** The time when this host certificate becomes invalid, in RFC 3339 format. If unspecified, a default value of 24 hours will be used. The OpenSSH certificates RFC calls this `valid_before`. */
+  validUntil: string;
   /** human-readable description of this SSH User Certificate. optional, max 255 bytes. */
   description: string;
   /** arbitrary user-defined machine-readable data of this SSH User Certificate. optional, max 4096 bytes. */
@@ -1698,38 +1761,38 @@ export interface SSHUserCertificate {
   /** URI of the SSH User Certificate API resource */
   uri: string;
   /** timestamp when the SSH User Certificate API resource was created, RFC 3339 format */
-  created_at: string;
+  createdAt: string;
   /** human-readable description of this SSH User Certificate. optional, max 255 bytes. */
   description: string;
   /** arbitrary user-defined machine-readable data of this SSH User Certificate. optional, max 4096 bytes. */
   metadata: string;
   /** a public key in OpenSSH Authorized Keys format that this certificate signs */
-  public_key: string;
-  /** the key type of the public_key, one of rsa, ecdsa or ed25519 */
-  key_type: string;
+  publicKey: string;
+  /** the key type of the `public_key`, one of `rsa`, `ecdsa` or `ed25519` */
+  keyType: string;
   /** the ssh certificate authority that is used to sign this ssh user certificate */
-  ssh_certificate_authority_id: string;
+  sshCertificateAuthorityId: string;
   /** the list of principals included in the ssh user certificate. This is the list of usernames that the certificate holder may sign in as on a machine authorizinig the signing certificate authority. Dangerously, if no principals are specified, this certificate may be used to log in as any user. */
   principals: Array<string>;
-  /** A map of critical options included in the certificate. Only two critical options are currently defined by OpenSSH: force-command and source-address. See  (https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys)the OpenSSH certificate protocol spec for additional details. */
-  critical_options: Map<string, string>;
-  /** A map of extensions included in the certificate. Extensions are additional metadata that can be interpreted by the SSH server for any purpose. These can be used to permit or deny the ability to open a terminal, do port forwarding, x11 forwarding, and more. If unspecified, the certificate will include limited permissions with the following extension map: {"permit-pty": "", "permit-user-rc": ""} OpenSSH understands a number of predefined extensions. See  (https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys)the OpenSSH certificate protocol spec for additional details. */
+  /** A map of critical options included in the certificate. Only two critical options are currently defined by OpenSSH: `force-command` and `source-address`. See [the OpenSSH certificate protocol spec](https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys) for additional details. */
+  criticalOptions: Map<string, string>;
+  /** A map of extensions included in the certificate. Extensions are additional metadata that can be interpreted by the SSH server for any purpose. These can be used to permit or deny the ability to open a terminal, do port forwarding, x11 forwarding, and more. If unspecified, the certificate will include limited permissions with the following extension map: `{"permit-pty": "", "permit-user-rc": ""}` OpenSSH understands a number of predefined extensions. See [the OpenSSH certificate protocol spec](https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys) for additional details. */
   extensions: Map<string, string>;
   /** the time when the ssh host certificate becomes valid, in RFC 3339 format. */
-  valid_after: string;
-  /** the time after which the ssh host certificate becomes invalid, in RFC 3339 format. the OpenSSH certificates RFC calls this valid_before. */
-  valid_until: string;
-  /** the signed SSH certificate in OpenSSH Authorized Keys Format. this value should be placed in a -cert.pub certificate file on disk that should be referenced in your sshd_config configuration file with a HostCertificate directive */
+  validAfter: string;
+  /** the time after which the ssh host certificate becomes invalid, in RFC 3339 format. the OpenSSH certificates RFC calls this `valid_before`. */
+  validUntil: string;
+  /** the signed SSH certificate in OpenSSH Authorized Keys Format. this value should be placed in a `-cert.pub` certificate file on disk that should be referenced in your `sshd_config` configuration file with a `HostCertificate` directive */
   certificate: string;
 }
 
 export interface SSHUserCertificateList {
   /** the list of all ssh user certificates on this account */
-  ssh_user_certificates: Array<SSHUserCertificate>;
+  sshUserCertificates: Array<SSHUserCertificate>;
   /** URI of the ssh user certificates list API resource */
   uri: string;
   /** URI of the next page, or null if there is no next page */
-  next_page_uri?: string;
+  nextPageUri?: string;
 }
 
 export interface TLSCertificateCreate {
@@ -1737,10 +1800,10 @@ export interface TLSCertificateCreate {
   description: string;
   /** arbitrary user-defined machine-readable data of this TLS certificate. optional, max 4096 bytes. */
   metadata: string;
-  /** chain of PEM-encoded certificates, leaf first. See  (https://ngrok.com/docs/api#tls-certificates-pem)Certificate Bundles. */
-  certificate_pem: string;
-  /** private key for the TLS certificate, PEM-encoded. See  (https://ngrok.com/docs/ngrok-link#tls-certificates-key)Private Keys. */
-  private_key_pem: string;
+  /** chain of PEM-encoded certificates, leaf first. See [Certificate Bundles](https://ngrok.com/docs/api#tls-certificates-pem). */
+  certificatePem: string;
+  /** private key for the TLS certificate, PEM-encoded. See [Private Keys](https://ngrok.com/docs/ngrok-link#tls-certificates-key). */
+  privateKeyPem: string;
 }
 
 export interface TLSCertificateUpdate {
@@ -1757,64 +1820,64 @@ export interface TLSCertificate {
   /** URI of the TLS certificate API resource */
   uri: string;
   /** timestamp when the TLS certificate was created, RFC 3339 format */
-  created_at: string;
+  createdAt: string;
   /** human-readable description of this TLS certificate. optional, max 255 bytes. */
   description: string;
   /** arbitrary user-defined machine-readable data of this TLS certificate. optional, max 4096 bytes. */
   metadata: string;
-  /** chain of PEM-encoded certificates, leaf first. See  (https://ngrok.com/docs/api#tls-certificates-pem)Certificate Bundles. */
-  certificate_pem: string;
+  /** chain of PEM-encoded certificates, leaf first. See [Certificate Bundles](https://ngrok.com/docs/api#tls-certificates-pem). */
+  certificatePem: string;
   /** subject common name from the leaf of this TLS certificate */
-  subject_common_name: string;
+  subjectCommonName: string;
   /** subject alternative names (SANs) from the leaf of this TLS certificate */
-  subject_alternative_names: TLSCertificateSANs;
+  subjectAlternativeNames: TLSCertificateSANs;
   /** timestamp (in RFC 3339 format) when this TLS certificate was issued automatically, or null if this certificate was user-uploaded */
-  issued_at?: string;
+  issuedAt?: string;
   /** timestamp when this TLS certificate becomes valid, RFC 3339 format */
-  not_before: string;
+  notBefore: string;
   /** timestamp when this TLS certificate becomes invalid, RFC 3339 format */
-  not_after: string;
+  notAfter: string;
   /** set of actions the private key of this TLS certificate can be used for */
-  key_usages: Array<string>;
+  keyUsages: Array<string>;
   /** extended set of actions the private key of this TLS certificate can be used for */
-  extended_key_usages: Array<string>;
+  extendedKeyUsages: Array<string>;
   /** type of the private key of this TLS certificate. One of rsa, ecdsa, or ed25519. */
-  private_key_type: string;
+  privateKeyType: string;
   /** issuer common name from the leaf of this TLS certificate */
-  issuer_common_name: string;
+  issuerCommonName: string;
   /** serial number of the leaf of this TLS certificate */
-  serial_number: string;
+  serialNumber: string;
   /** subject organization from the leaf of this TLS certificate */
-  subject_organization: string;
+  subjectOrganization: string;
   /** subject organizational unit from the leaf of this TLS certificate */
-  subject_organizational_unit: string;
+  subjectOrganizationalUnit: string;
   /** subject locality from the leaf of this TLS certificate */
-  subject_locality: string;
+  subjectLocality: string;
   /** subject province from the leaf of this TLS certificate */
-  subject_province: string;
+  subjectProvince: string;
   /** subject country from the leaf of this TLS certificate */
-  subject_country: string;
+  subjectCountry: string;
 }
 
 export interface TLSCertificateList {
   /** the list of all TLS certificates on this account */
-  tls_certificates: Array<TLSCertificate>;
+  tlsCertificates: Array<TLSCertificate>;
   /** URI of the TLS certificates list API resource */
   uri: string;
   /** URI of the next page, or null if there is no next page */
-  next_page_uri?: string;
+  nextPageUri?: string;
 }
 
 export interface TLSCertificateSANs {
   /** set of additional domains (including wildcards) this TLS certificate is valid for */
-  dns_names: Array<string>;
+  dnsNames: Array<string>;
   /** set of IP addresses this TLS certificate is also valid for */
   ips: Array<string>;
 }
 
 export interface TunnelSession {
   /** version of the ngrok agent that started this ngrok tunnel session */
-  agent_version: string;
+  agentVersion: string;
   /** reference to the tunnel credential or ssh credential used by the ngrok agent to start this tunnel session */
   credential: Ref;
   /** unique tunnel session resource identifier */
@@ -1828,8 +1891,8 @@ export interface TunnelSession {
   /** the ngrok region identifier in which this tunnel session was started */
   region: string;
   /** time when the tunnel session first connected to the ngrok servers */
-  started_at: string;
-  /** the transport protocol used to start the tunnel session. Either ngrok/v2 or ssh */
+  startedAt: string;
+  /** the transport protocol used to start the tunnel session. Either `ngrok/v2` or `ssh` */
   transport: string;
   /** URI to the API resource of the tunnel session */
   uri: string;
@@ -1837,11 +1900,11 @@ export interface TunnelSession {
 
 export interface TunnelSessionList {
   /** list of all tunnel sessions on this account */
-  tunnel_sessions: Array<TunnelSession>;
+  tunnelSessions: Array<TunnelSession>;
   /** URI to the API resource of the tunnel session list */
   uri: string;
   /** URI of the next page, or null if there is no next page */
-  next_page_uri?: string;
+  nextPageUri?: string;
 }
 
 export interface TunnelSessionsUpdate {
@@ -1851,18 +1914,26 @@ export interface TunnelSessionsUpdate {
 export interface Tunnel {
   /** unique tunnel resource identifier */
   id: string;
-  /** URL of the tunnel's public endpoint */
-  public_url: string;
+  /** URL of the ephemeral tunnel's public endpoint */
+  publicUrl: string;
   /** timestamp when the tunnel was initiated in RFC 3339 format */
-  started_at: string;
-  /** user-supplied metadata for the tunnel defined in the ngrok configuration file. See the tunnel  (https://ngrok.com/docs#tunnel-definitions-metadata)metadata configuration option In API version 0, this value was instead pulled from the top-level  (https://ngrok.com/docs#config_metadata)metadata configuration option. */
+  startedAt: string;
+  /** user-supplied metadata for the tunnel defined in the ngrok configuration file. See the tunnel [metadata configuration option](https://ngrok.com/docs#tunnel-definitions-metadata) In API version 0, this value was instead pulled from the top-level [metadata configuration option](https://ngrok.com/docs#config_metadata). */
   metadata: string;
-  /** tunnel protocol. one of http, https, tcp or tls */
+  /** tunnel protocol for ephemeral tunnels. one of `http`, `https`, `tcp` or `tls` */
   proto: string;
   /** identifier of tune region where the tunnel is running */
   region: string;
   /** reference object pointing to the tunnel session on which this tunnel was started */
-  tunnel_session: Ref;
+  tunnelSession: Ref;
+  /** the ephemeral endpoint this tunnel is associated with, if this is an agent-initiated tunnel */
+  endpoint?: Ref;
+  /** the labels the tunnel group backends will match against, if this is a backend tunnel */
+  labels: Map<string, string>;
+  /** tunnel group backends served by this backend tunnel */
+  backends?: Array<Ref>;
+  /** upstream address the ngrok agent forwards traffic over this tunnel to. this may be expressed as a URL or a network address. */
+  forwardsTo: string;
 }
 
 export interface TunnelList {
@@ -1871,5 +1942,5 @@ export interface TunnelList {
   /** URI of the tunnels list API resource */
   uri: string;
   /** URI of the next page, or null if there is no next page */
-  next_page_uri?: string;
+  nextPageUri?: string;
 }