Back to Blog
Tutorial8 min read2026-07-18

Self-Host Hoppscotch (Open-Source Postman Alternative) on PandaStack

Hoppscotch is a fast, open-source API client — a self-hostable alternative to Postman with team collections and environments. Here's how to run it on PandaStack with managed PostgreSQL for your whole team.

Ajay Kumar
Ajay Kumar
Founder & DevOps, PandaStack

Postman is powerful and also increasingly a login wall, a sync service, and a nagging reminder to upgrade your plan. Hoppscotch (https://hoppscotch.io) is the lightweight open-source alternative: a fast API client that runs in the browser, supports REST/GraphQL/WebSocket, and — when self-hosted — gives your team shared collections and environments without a per-seat SaaS bill. This guide self-hosts the full Hoppscotch stack on PandaStack backed by managed PostgreSQL.

What self-hosted Hoppscotch includes

The community/self-host edition gives you:

  • The app (the API client UI your team uses)
  • The backend (auth, team collections, environments, sync)
  • The admin dashboard (user and team management)
  • PostgreSQL as the data store

You can use the public hoppscotch.io for solo work with local storage, but self-hosting is what unlocks shared team collections stored on your own infrastructure.

Step 1: Create the PostgreSQL database

Dashboard (https://dashboard.pandastack.io) → Databases → New Database → PostgreSQL. Hoppscotch stores users, teams, and collections here. Copy the connection string.

Step 2: Deploy the backend

Hoppscotch publishes official images. Deploy the backend image:

  1. 1New App → Container App, Hoppscotch backend image, container port 3170.
  2. 2Environment variables (the essentials):
VariableValue
DATABASE_URLyour managed Postgres connection string
JWT_SECRETopenssl rand -hex 32
SESSION_SECRETanother openssl rand -hex 32
REDIRECT_URLhttps://your-hoppscotch.pandastack.io
WHITELISTED_ORIGINSyour app + admin URLs, comma-separated
  1. 1Run the Prisma migrations the backend ships with (via an entrypoint or a one-off panda exec) so the schema exists before first use.
  2. 2Deploy.

Step 3: Configure an auth provider

Hoppscotch self-host requires at least one auth method. The simplest is email magic-link (set your SMTP details as env vars); alternatively wire up Google or GitHub OAuth by providing the client ID/secret and callback URL. Set VITE_ALLOWED_AUTH_PROVIDERS accordingly. Without a configured provider, no one can log in — this is the most common self-host stumble.

Step 4: Deploy the frontend app

  1. 1New App → Container App, Hoppscotch app image, container port 3000.
  2. 2Set the backend API URL env vars to point at your deployed backend (https://your-hoppscotch-api.pandastack.io).
  3. 3Deploy. Your team's API client lives at https://your-hoppscotch.pandastack.io.

Step 5: Deploy the admin dashboard

  1. 1New App → Container App, Hoppscotch admin image, container port 3100.
  2. 2Same backend API URL env vars.
  3. 3Deploy. The first user to log into the admin dashboard becomes the instance admin.

Step 6: Set up your team

From the admin dashboard and the app:

  1. 1Invite teammates (via the auth method you configured).
  2. 2Create a Team.
  3. 3Create shared Collections of requests inside that team — everyone with access sees and edits them.
  4. 4Define Environments (dev, staging, prod) with variables like {{baseUrl}} and {{token}} so the same request runs against any environment.

Step 7: Actually use it

A typical request in Hoppscotch:

  • Method + URL: GET {{baseUrl}}/users/1
  • Headers: Authorization: Bearer {{token}}
  • Hit send; inspect status, timing, and the JSON response with syntax highlighting.

Environment variables ({{baseUrl}}, {{token}}) resolve from the active environment, so switching from staging to production is a dropdown, not a find-and-replace. Collections keep your whole API surface documented and runnable in one place — shared across the team, stored in your Postgres.

Step 8: Operational notes

  • Backups — every collection, environment, and team lives in Postgres. PandaStack's managed backups cover it; verify they're enabled before your team invests hours building collections.
  • SecretsJWT_SECRET and SESSION_SECRET gate all auth; keep them in env vars and rotate on any leak (rotating invalidates active sessions, so warn the team).
  • HTTPS everywhere — PandaStack provisions SSL automatically; make sure REDIRECT_URL and WHITELISTED_ORIGINS use https:// or auth callbacks will fail.
  • Solo? — if it's just you, the public hoppscotch.io with local storage needs no infrastructure at all. Self-host when you want shared team collections on your own servers.

Wrap-up

Self-hosted Hoppscotch gives your team a fast, open-source API client with shared collections and environments — no per-seat pricing, no vendor login wall. On PandaStack it's three container apps (backend, app, admin) plus a managed Postgres database. Configure an auth provider or nobody gets in. Docs: https://docs.pandastack.io. Start free at https://dashboard.pandastack.io.

Ready to deploy?

Start free on PandaStack.

Start free on PandaStack

More in Tutorial

Browse all Tutorial articles →

See also