Can I self-host Hoppscotch?

Yes. The community edition is open source under the MIT license and ships as a container you can run on your own server, so your requests and history never have to leave infrastructure you control. The hosted version at hoppscotch.io is there for convenience, but self-hosting is a first-class path.

Do I need an account to use Hoppscotch?

No account is needed to send requests and test endpoints in the browser. An account only comes into play when you want cloud sync of your collections across devices on the hosted service. If you self-host or work locally, you can skip the login entirely.

Why do some requests fail in the browser with a CORS error?

Because a browser enforces cross-origin rules that a desktop client does not. When a target API blocks browser-origin calls, Hoppscotch offers a browser extension and a separate agent that proxy the request outside that sandbox, which clears most CORS failures.

Reviewed by Gabriel Bachmann

Hoppscotch

hoppscotch.io

No ratings yet. Be the first.

GitHub Website →

GitHub

Website →

API Clients Open Source Self-hosted Web Free United Kingdom

Rate Hoppscotch:

No account needed

Hoppscotch is a fast, lightweight open-source API client that runs in the browser, so you can start testing REST and GraphQL endpoints without installing anything. The same codebase self-hosts as a container on your own server, which lets a team keep its requests and history on infrastructure it controls rather than a vendor cloud.

Threat level

Covered

A covered pick. Anyone can use it as a private drop-in, with no setup or know-how. Enough for most people. Threat levels

Our take

Hoppscotch earns its place by being quick to reach and honest about where your data sits. It opens in a browser tab with nothing to install, the code is open source under the MIT license, and you can self-host it so requests and history never leave your own server. The honest catches are tied to the browser context: cross-origin rules block some calls unless you add the helper extension or the desktop agent, and cloud sync of your collections needs an account on the hosted service. Pick Hoppscotch if you want a fast client you can stand up on your own infrastructure. If most of your targets trigger CORS limits, run the agent or choose a native client instead.

Website at a glance

hoppscotch.io

B score 75

Solid website security headers

Graded by Mozilla HTTP Observatory, tested today

Inspect this site yourself

Mozilla Observatory web-check urlscan.io SSL Labs Security Headers

Measures the security configuration of the tool's own website, not the privacy of the product itself. A strong tool can still score low here.

Hoppscotch alternatives

Bruno Offline-first API client that stores your collections as plain text files in your own Git repo. No forced account, no cloud sync.

Frequently asked

Can I self-host Hoppscotch?: Yes. The community edition is open source under the MIT license and ships as a container you can run on your own server, so your requests and history never have to leave infrastructure you control. The hosted version at hoppscotch.io is there for convenience, but self-hosting is a first-class path.
Do I need an account to use Hoppscotch?: No account is needed to send requests and test endpoints in the browser. An account only comes into play when you want cloud sync of your collections across devices on the hosted service. If you self-host or work locally, you can skip the login entirely.
Why do some requests fail in the browser with a CORS error?: Because a browser enforces cross-origin rules that a desktop client does not. When a target API blocks browser-origin calls, Hoppscotch offers a browser extension and a separate agent that proxy the request outside that sandbox, which clears most CORS failures.

* Average ratings will show on this page once the threshold of 5 ratings is reached.