2026-02-10 — 2026-03-10
10 changes
Hoppscotch shipped two major developer experience improvements this week: full Web Crypto API support in the JavaScript sandbox and collection-level headers with authorization inheritance. The crypto addition means developers can now hash, encrypt, and sign data directly in their test scripts without external libraries. Collection-level auth is more impactful — it eliminates the repetitive work of copying API keys and common headers across dozens of requests within the same project. The rest of the week was reliability work. We fixed a data integrity bug where request IDs were getting overwritten during exports, causing delete operations to target the wrong requests. A Prisma update resolved the pagination issue that capped teams at 10 collections. We also patched a security hole where users could delete other people's access tokens and fixed workspace invite failures that were blocking team onboarding. Firefox users got scrollbar cleanup in input fields. The product is becoming more capable for crypto workflows while systematically removing friction from team collaboration. Next week focuses on GraphQL schema improvements and additional workspace management features.
Social posts
Added full Web Crypto API to Hoppscotch's JS sandbox. You can now hash passwords, encrypt payloads, and generate signatures directly in your test scripts without importing crypto libraries.
Why copy the same auth header to 47 requests? Collection-level headers in Hoppscotch now inherit down to every request in the folder. Set your API key once, test everywhere.
Fixed 6 bugs this week including a nasty one where deleting requests would target the wrong item. Sometimes the most important shipping happens in the database layer, not the UI.
We added collection-level authorization to Hoppscotch this week. Instead of duplicating API keys across every request in a project, you set auth once at the collection level and it inherits down. It's one of those features that seems obvious in retrospect but eliminates hours of repetitive configuration work for API developers testing large services.
Spent most of this week on reliability fixes rather than flashy features. Fixed data integrity bugs, patched security vulnerabilities, and resolved team onboarding failures. The unglamorous work of making sure delete buttons delete the right thing and invite links actually work. This is what product maturity looks like.