[GH-ISSUE #1817] [feature]: Private self hosted Hoppscotch instances

kerem commented

2026-03-16 16:03:16 +03:00

Owner

Originally created by @dansjackson on GitHub (Sep 8, 2021).
Original GitHub issue: https://github.com/hoppscotch/hoppscotch/issues/1817

Is your feature request related to a problem? Please describe.
I can imagine a use case for organisations who want to self host Hoppscotch on their own infrastructure but want to limit their instance to their employees.

Reasons for this might be that the Hoppscotch instance might contain a default token for a private proxy server that would be required to access restricted API endpoints.

Describe the solution you'd like
Ideally, Hoppscotch could include support for authentication mechanisms. Accessing Hoppscotch would not be possible on private self hosted instances unless the authentication was passed.

These could include:

OpenID/Oauth2
SAML
LDAP

Using existing external authentication systems will allow administrators to easily create permissions in their existing system that they can use to grant members of their organisation access to their Hoppscotch system.

I can imagine this being used amongst development companies who currently may have to rollout something like Postman to all of their employees and also have to be responsible for updating all of these different installed systems. Having a single instance of Hoppscotch solves this.

Describe alternatives you've considered
Personally, I am planning to use Vouch Proxy for this purpose since Hoppscotch does not natively have this ability. Other methods include HTTP Basic Auth however some self hosted applications such as Nextcloud and Bookstack have the Oauth2 ability built right into them.

Originally created by @dansjackson on GitHub (Sep 8, 2021). Original GitHub issue: https://github.com/hoppscotch/hoppscotch/issues/1817 **Is your feature request related to a problem? Please describe.** I can imagine a use case for organisations who want to self host Hoppscotch on their own infrastructure but want to limit their instance to their employees. Reasons for this might be that the Hoppscotch instance might contain a default token for a private proxy server that would be required to access restricted API endpoints. **Describe the solution you'd like** Ideally, Hoppscotch could include support for authentication mechanisms. Accessing Hoppscotch would not be possible on private self hosted instances unless the authentication was passed. These could include: - OpenID/Oauth2 - SAML - LDAP Using existing external authentication systems will allow administrators to easily create permissions in their existing system that they can use to grant members of their organisation access to their Hoppscotch system. I can imagine this being used amongst development companies who currently may have to rollout something like Postman to all of their employees and also have to be responsible for updating all of these different installed systems. Having a single instance of Hoppscotch solves this. **Describe alternatives you've considered** Personally, I am planning to use Vouch Proxy for this purpose since Hoppscotch does not natively have this ability. Other methods include HTTP Basic Auth however some self hosted applications such as Nextcloud and Bookstack have the Oauth2 ability built right into them.

kerem

2026-03-16 16:03:16 +03:00

closed this issue
added the
discussion

self-host
labels

kerem commented

2026-03-16 16:03:33 +03:00

Author

Owner

@bblumenwiese commented on GitHub (Oct 1, 2021):

Hi, I would love to see this become a reality. Because I know how easy it is to screw up keys and other secrets in Postman when working in a corporate environment and this seems to be the perfect solution I was looking for :) I have a strong interest in the intersection of security and usability, as in: Make it easy for the user to do the right thing in the right moment, and hard to do the wrong thing. Therefore I would really like to collaborate on this issue!

I would need some more actionable tasks to start working on this feature, though, and would be happy to brainstorm together with some more experienced folks on what needs to be done exactly :)

E.g.:

How would we handle the two variants with auth vs. no auth? (feature toggle?)
What should the UI look like for the auth page?

@bblumenwiese commented on GitHub (Oct 1, 2021): Hi, I would love to see this become a reality. Because I know how easy it is to screw up keys and other secrets in Postman when working in a corporate environment and this seems to be the perfect solution I was looking for :) I have a strong interest in the intersection of security and usability, as in: Make it easy for the user to do the right thing in the right moment, and hard to do the wrong thing. Therefore I would really like to collaborate on this issue! I would need some more actionable tasks to start working on this feature, though, and would be happy to brainstorm together with some more experienced folks on what needs to be done exactly :) E.g.: 1. How would we handle the two variants with auth vs. no auth? (feature toggle?) 2. What should the UI look like for the auth page?

kerem commented

2026-03-16 16:03:38 +03:00

Author

Owner

@liyasthomas commented on GitHub (Oct 2, 2021):

A selfhost ready Hoppscotch instance is in our future roadmap. This will surely have configurable auth, backend, even toggles of feature set. We're planning to introduce a hopp.config file in root for any in-app settings and providers. This is at ALPHA stage at the moment, but would love to hear more thoughts on this.

@liyasthomas commented on GitHub (Oct 2, 2021): A selfhost ready Hoppscotch instance is in our future roadmap. This will surely have configurable auth, backend, even toggles of feature set. We're planning to introduce a `hopp.config` file in root for any in-app settings and providers. This is at ALPHA stage at the moment, but would love to hear more thoughts on this.

kerem commented

2026-03-16 16:03:43 +03:00

Author

Owner

@edgariscoding commented on GitHub (Oct 14, 2021):

Would definitely love this functionality.

We'd also like to have other options instead of Firebase.

@edgariscoding commented on GitHub (Oct 14, 2021): Would definitely love this functionality. We'd also like to have other options instead of Firebase.

kerem commented

2026-03-16 16:03:48 +03:00

Author

Owner

@stuzer05 commented on GitHub (Oct 18, 2021):

Swapping firebase alone would be a major step into self hosted direction

@stuzer05 commented on GitHub (Oct 18, 2021): Swapping firebase alone would be a major step into self hosted direction

kerem commented

2026-03-16 16:03:53 +03:00

Author

Owner

@superbiche commented on GitHub (Oct 25, 2021):

+1 on swapping Firebase first. Maybe adding support for https://github.com/supabase/supabase would be an easier first step and already allow us to play around.

@superbiche commented on GitHub (Oct 25, 2021): +1 on swapping Firebase first. Maybe adding support for https://github.com/supabase/supabase would be an easier first step and already allow us to play around.

kerem commented

2026-03-16 16:03:58 +03:00

Author

Owner

@AndrewBastin commented on GitHub (Oct 25, 2021):

Yeah, so I am looking into strategies for a migration. Our plan is to move from Firebase and switch completely to our own backend (which we already have running to support Hoppscotch for Teams). It is actually our first step in the long process to establish a top to bottom fully capable (hence we are not into Supabase) self-hostable instance of Hoppscotch.

A major challenge for this is actually gracefully planning a migration of the user data and the service APIs over to the new system without affecting the end user (ideally in a completely transparent way). I am working on getting that done over the coming months.

@AndrewBastin commented on GitHub (Oct 25, 2021): Yeah, so I am looking into strategies for a migration. Our plan is to move from Firebase and switch completely to our own backend (which we already have running to support Hoppscotch for Teams). It is actually our first step in the long process to establish a top to bottom fully capable (hence we are not into Supabase) self-hostable instance of Hoppscotch. A major challenge for this is actually gracefully planning a migration of the user data and the service APIs over to the new system without affecting the end user (ideally in a completely transparent way). I am working on getting that done over the coming months.

kerem commented

2026-03-16 16:04:03 +03:00

Author

Owner

@exussum12 commented on GitHub (Nov 2, 2021):

We self host hoppscotch currently, our build process is as follows

        - git clone --depth 1 --branch v1.12.0 https://github.com/hoppscotch/hoppscotch.git
        - cd hoppscotch
        - sed -i 's/"~\/plugins\/vuex-persist", //' nuxt.config.js
        - cp ../../store/hoppscotch-collection.json store/hoppscotch-collection.json
        - cp ../../store/hoppscotch-environment.json store/hoppscotch-environment.json
        - cp ../../store/postwoman.js store/postwoman.js
        - npm install
        - npm run generate

then copy the generated files to the hosting platform. You lose features like being able to edit and auto save, as you need a PR for them, but all of the collections and environments work.

Basically stop the persistence, and the files copied in are mostly the collections and environments separated for ease of PR and viewing.

We also need a custom browser build as the URL of the instance needs whitelisting, it seems to work well, the change to v2 has been a big enough change to stop this working though, but teams support looks great in the current version!

@exussum12 commented on GitHub (Nov 2, 2021): We self host hoppscotch currently, our build process is as follows ``` - git clone --depth 1 --branch v1.12.0 https://github.com/hoppscotch/hoppscotch.git - cd hoppscotch - sed -i 's/"~\/plugins\/vuex-persist", //' nuxt.config.js - cp ../../store/hoppscotch-collection.json store/hoppscotch-collection.json - cp ../../store/hoppscotch-environment.json store/hoppscotch-environment.json - cp ../../store/postwoman.js store/postwoman.js - npm install - npm run generate ``` then copy the generated files to the hosting platform. You lose features like being able to edit and auto save, as you need a PR for them, but all of the collections and environments work. Basically stop the persistence, and the files copied in are mostly the collections and environments separated for ease of PR and viewing. We also need a custom browser build as the URL of the instance needs whitelisting, it seems to work well, the change to v2 has been a big enough change to stop this working though, but teams support looks great in the current version!

kerem commented

2026-03-16 16:04:08 +03:00

Author

Owner

@freddiN commented on GitHub (Nov 18, 2021):

I am also very much interested in this feature, I would like to set up a self hosted hoppscotch that uses our own gitlab instance for authentication.

I will keep an eye on any news regarding this topic.

@freddiN commented on GitHub (Nov 18, 2021): I am also very much interested in this feature, I would like to set up a self hosted hoppscotch that uses our own gitlab instance for authentication. I will keep an eye on any news regarding this topic.

kerem commented

2026-03-16 16:04:13 +03:00

Author

Owner

@deepakprabhakara commented on GitHub (Nov 18, 2021):

@liyasthomas I'd love to integrate SAML for you if you like, please do let me know. We have built an OSS SAML service at BoxyHQ - https://github.com/boxyhq/jackson

@deepakprabhakara commented on GitHub (Nov 18, 2021): @liyasthomas I'd love to integrate SAML for you if you like, please do let me know. We have built an OSS SAML service at BoxyHQ - https://github.com/boxyhq/jackson

kerem commented

2026-03-16 16:04:18 +03:00

Author

Owner

@tomaszkane commented on GitHub (Jan 14, 2022):

I also want to have self hosted hoppscotch without firebase and any third party dependencies.

@tomaszkane commented on GitHub (Jan 14, 2022): I also want to have self hosted hoppscotch without firebase and any third party dependencies.

kerem commented

2026-03-16 16:04:23 +03:00

Author

Owner

@uzaxirr commented on GitHub (Jan 24, 2022):

Hey @liyasthomas
Any progress on this one?

@uzaxirr commented on GitHub (Jan 24, 2022): Hey @liyasthomas Any progress on this one?

kerem commented

2026-03-16 16:04:29 +03:00

Author

Owner

@liyasthomas commented on GitHub (Jan 24, 2022):

We're deferring self-hostable Hoppscotch instances to Q2-Q3 2022. Watch this space for updates.

@liyasthomas commented on GitHub (Jan 24, 2022): We're deferring self-hostable Hoppscotch instances to Q2-Q3 2022. Watch this space for updates.

kerem commented

2026-03-16 16:04:34 +03:00

Author

Owner

@WilliamPeralta commented on GitHub (Jan 29, 2022):

We self host hoppscotch currently, our build process is as follows
        - git clone --depth 1 --branch v1.12.0 https://github.com/hoppscotch/hoppscotch.git
        - cd hoppscotch
        - sed -i 's/"~\/plugins\/vuex-persist", //' nuxt.config.js
        - cp ../../store/hoppscotch-collection.json store/hoppscotch-collection.json
        - cp ../../store/hoppscotch-environment.json store/hoppscotch-environment.json
        - cp ../../store/postwoman.js store/postwoman.js
        - npm install
        - npm run generate
then copy the generated files to the hosting platform. You lose features like being able to edit and auto save, as you need a PR for them, but all of the collections and environments work.

Basically stop the persistence, and the files copied in are mostly the collections and environments separated for ease of PR and viewing.

We also need a custom browser build as the URL of the instance needs whitelisting, it seems to work well, the change to v2 has been a big enough change to stop this working though, but teams support looks great in the current version!

I leave you a little idea of how to start with an openapi file,

I added this function on the "import / export" file where I load a docs.json file and using the "OpenApi" importer I load it and set it on the store.

it's a very crude solution, but just mount the edited file and the doc.json on the docker-compose and it works.

as soon as I have more time I look for a better solution.
Good work and thanks for this great project!

// ImportExport.vue
const fetchFile = () => {
  fetch("/docs.json")
    .then((response) => response.json())
    .then(async (data) => {
      const result = await RESTCollectionImporters[1]?.importer([
        JSON.stringify(data),
      ])()
      console.log("result", result)
      if (E.isLeft(result)) {
        failedImport()
        console.error("error", result.left)
      } else if (E.isRight(result)) {
        if (props.collectionsType.type === "team-collections") {
          importToTeams(result.right)
          fileImported()
        } else {
          setRESTCollections(result.right)
          fileImported()
        }
      }
    })
}

setTimeout(() => {
  fetchFile()
}, 1000)

@WilliamPeralta commented on GitHub (Jan 29, 2022): > We self host hoppscotch currently, our build process is as follows > > ``` > - git clone --depth 1 --branch v1.12.0 https://github.com/hoppscotch/hoppscotch.git > - cd hoppscotch > - sed -i 's/"~\/plugins\/vuex-persist", //' nuxt.config.js > - cp ../../store/hoppscotch-collection.json store/hoppscotch-collection.json > - cp ../../store/hoppscotch-environment.json store/hoppscotch-environment.json > - cp ../../store/postwoman.js store/postwoman.js > - npm install > - npm run generate > ``` > > then copy the generated files to the hosting platform. You lose features like being able to edit and auto save, as you need a PR for them, but all of the collections and environments work. > > Basically stop the persistence, and the files copied in are mostly the collections and environments separated for ease of PR and viewing. > > We also need a custom browser build as the URL of the instance needs whitelisting, it seems to work well, the change to v2 has been a big enough change to stop this working though, but teams support looks great in the current version! I leave you a little idea of how to start with an openapi file, I added this function on the "import / export" file where I load a docs.json file and using the "OpenApi" importer I load it and set it on the store. it's a very crude solution, but just mount the edited file and the doc.json on the docker-compose and it works. as soon as I have more time I look for a better solution. Good work and thanks for this great project! ```js // ImportExport.vue const fetchFile = () => { fetch("/docs.json") .then((response) => response.json()) .then(async (data) => { const result = await RESTCollectionImporters[1]?.importer([ JSON.stringify(data), ])() console.log("result", result) if (E.isLeft(result)) { failedImport() console.error("error", result.left) } else if (E.isRight(result)) { if (props.collectionsType.type === "team-collections") { importToTeams(result.right) fileImported() } else { setRESTCollections(result.right) fileImported() } } }) } setTimeout(() => { fetchFile() }, 1000) ```

kerem commented

2026-03-16 16:04:39 +03:00

Author

Owner

@vichle commented on GitHub (Mar 25, 2022):

Very interested in this feature, can you give some kind of indication of when this will be released?

@vichle commented on GitHub (Mar 25, 2022): Very interested in this feature, can you give some kind of indication of when this will be released?

kerem commented

2026-03-16 16:04:44 +03:00

Author

Owner

@jerbob92 commented on GitHub (Mar 29, 2022):

I'd like to deploy the current version with some minor changes for custom auth through Firebase.
It looks like the only part that's missing right now is the source of api.hoppscotch.io. Would it be possible to open-source that?

@jerbob92 commented on GitHub (Mar 29, 2022): I'd like to deploy the current version with some minor changes for custom auth through Firebase. It looks like the only part that's missing right now is the source of `api.hoppscotch.io`. Would it be possible to open-source that?

kerem commented

2026-03-16 16:04:49 +03:00

Author

Owner

@jerbob92 commented on GitHub (Apr 1, 2022):

Since Hoppscotch is not going to release the backend API, and these features will probably be behind a license model in the future, I have decided to make my own implementation of the Hoppscotch Backend API.

It's available here: https://github.com/jerbob92/hoppscotch-backend
All features have been implemented that are currently in use by the frontend.

Some notes:

The backend that I have created doesn't use Firebase for storage, but a MySQL server (it does use Firebase for user authentication)
You will need a mail server to get the Team invite system to work
The code isn't very pretty, and doesn't contain any unit tests

@jerbob92 commented on GitHub (Apr 1, 2022): Since Hoppscotch is not going to release the backend API, and these features will probably be behind a license model in the future, I have decided to make my own implementation of the Hoppscotch Backend API. It's available here: https://github.com/jerbob92/hoppscotch-backend All features have been implemented that are currently in use by the frontend. Some notes: - The backend that I have created doesn't use Firebase for storage, but a MySQL server (it does use Firebase for user authentication) - You will need a mail server to get the Team invite system to work - The code isn't very pretty, and doesn't contain any unit tests

kerem commented

2026-03-16 16:04:54 +03:00

Author

Owner

@xdewx commented on GitHub (Jun 14, 2022):

keep watching

@xdewx commented on GitHub (Jun 14, 2022): keep watching

kerem commented

2026-03-16 16:04:59 +03:00

Author

Owner

@abhaychaware commented on GitHub (Jul 8, 2022):

Watching.....

@abhaychaware commented on GitHub (Jul 8, 2022): Watching.....

kerem commented

2026-03-16 16:05:04 +03:00

Author

Owner

@cloudomatic commented on GitHub (Jul 13, 2022):

I would echo the need for a feature toggle for the teams capability (i..e to turn it off) on a self-hosted instance. I believe many self-hosters would like to use a Git back-end for storage in place of a database, and right now turning off the teams capability means removing various code blocks with a scalpel, although creating a mocker of api.hoppscotch.io with no actual implementation seems like an option.

@cloudomatic commented on GitHub (Jul 13, 2022): I would echo the need for a feature toggle for the teams capability (i..e to turn it off) on a self-hosted instance. I believe many self-hosters would like to use a Git back-end for storage in place of a database, and right now turning off the teams capability means removing various code blocks with a scalpel, although creating a mocker of api.hoppscotch.io with no actual implementation seems like an option.

kerem commented

2026-03-16 16:05:09 +03:00

Author

Owner

@semiherdogan commented on GitHub (Aug 2, 2022):

Hi,
any update on this?

@semiherdogan commented on GitHub (Aug 2, 2022): Hi, any update on this?

kerem commented

2026-03-16 16:05:14 +03:00

Author

Owner

@vichle commented on GitHub (Aug 23, 2022):

To anyone just commenting with "watching..." or similar: just hit the 👍 button unless you have anything constructive to add to the discussion. You are triggering useless notifications to everyone who is watching this thread, including myself. PLEASE!

@vichle commented on GitHub (Aug 23, 2022): To anyone just commenting with "watching..." or similar: just hit the 👍 button unless you have anything constructive to add to the discussion. You are triggering useless notifications to everyone who is watching this thread, including myself. PLEASE!

kerem commented

2026-03-16 16:05:19 +03:00

Author

Owner

@suyar commented on GitHub (Aug 23, 2022):

To anyone just commenting with "watching..." or similar: just hit the 👍 button unless you have anything constructive to add to the discussion. You are triggering useless notifications to everyone who is watching this thread, including myself. PLEASE!

I'm sorry I didn't realise this, I'll take care of it next time.

@suyar commented on GitHub (Aug 23, 2022): > To anyone just commenting with "watching..." or similar: just hit the 👍 button unless you have anything constructive to add to the discussion. You are triggering useless notifications to everyone who is watching this thread, including myself. PLEASE! I'm sorry I didn't realise this, I'll take care of it next time.

kerem commented

2026-03-16 16:05:24 +03:00

Author

Owner

@binaryfire commented on GitHub (Jan 28, 2023):

Hi guys. Just curious why you deleted my comment?

@binaryfire commented on GitHub (Jan 28, 2023): Hi guys. Just curious why you deleted my comment?

kerem commented

2026-03-16 16:05:30 +03:00

Author

Owner

@AndrewBastin commented on GitHub (Apr 11, 2023):

Fully Self Hostable Hoppscotch Instances are now available as a Beta. Read more at: https://docs.hoppscotch.io/documentation/self-host/getting-started

@AndrewBastin commented on GitHub (Apr 11, 2023): Fully Self Hostable Hoppscotch Instances are now available as a Beta. Read more at: https://docs.hoppscotch.io/documentation/self-host/getting-started

kerem referenced this issue

2026-03-17 00:23:51 +03:00

[PR #579] [MERGED] Even #2718

kerem referenced this issue

2026-03-17 00:23:51 +03:00

[PR #573] [MERGED] Unify Chrome and Firefox extensions #2719

kerem referenced this issue

2026-03-17 00:24:08 +03:00

[PR #583] [MERGED] Adapt extension check to new extensions #2725

Rows
Columns

[GH-ISSUE #1817] [feature]: Private self hosted Hoppscotch instances #573