We're excited to announce the release of Hoppscotch v2026.5.0! This update brings OpenAPI 3.1 collection export, a configurable proxy URL for self-hosted Community Edition deployments, zoom level controls in the desktop app, Mongolian language support, and stronger security protections across secret variable handling and fresh-install onboarding.

OpenAPI 3.1 Collection Export

Hoppscotch collections can now be exported as OpenAPI 3.1 documents. OpenAPI 3.1 aligns fully with JSON Schema, making it easier to use your collections with the latest generation of API tooling — code generators, validators, mocking servers, and documentation platforms.

Whether you're sharing an API spec with your team or publishing docs to an external portal, you can now export directly from Hoppscotch without any manual conversion step.

Get the latest version →

Configurable Proxy URL (Self-Hosted)

Self-hosted Community Edition deployments can now configure the Proxy URL from PROXY_APP_URL environment variable or the Admin Dashboard. This gives infrastructure teams more flexibility when managing network policies and simplifies proxy management across environments.

Alongside this, a related fix ensures that Hoppscotch waits for proxy settings to be fully loaded before issuing any requests, preventing subtle race conditions that could result in requests bypassing the configured proxy.

Desktop Zoom Level Control

The Hoppscotch desktop app now includes a zoom level control in settings. Whether you prefer a larger UI on a high-DPI display or a more compact view on a smaller screen, you can now dial in the right zoom level without touching your OS-level display settings.

Mongolian Language Support

Hoppscotch is now available in Mongolian, bringing the total number of supported languages up. We're grateful to the community contributors who make these translations possible, helping developers around the world use Hoppscotch in their native language.

Security: Secret Variable Values No Longer Leak to Backend

Secret variable values are now strictly kept on the client side and are no longer sent to the backend. This closes a potential data exposure path that could have allowed sensitive credentials — API keys, tokens, passwords — to be inadvertently transmitted.

If you use secret variables in your collections, we strongly recommend upgrading to this release.

Security Hardening

Fresh-install onboarding now strips and rejects unknown DTO fields, preventing mass-assignment of sensitive configuration like JWT_SECRET or SESSION_SECRET.

Bug Fixes

We've also resolved a number of bugs in this release:

• Fixed REST request update failures caused by backend validation handling.

What do you want us to build next? Write to us at hello@hoppscotch.io, join the conversation on our Discord server, or head over to our GitHub repository.