Interceptor

You can access APIs blocked by Cross-Origin Resource Sharing (CORS) restriction by using either API Lab Agent, Proxyscotch or custom middleware. You can also use the API Lab web extension to intercept requests and responses.

API Lab Agent
Proxy
Browser Extension

API Lab Agent

The API Lab Agent is a micro application designed to mitigate the challenges posed by CORS in modern web browsers. Acting as a local intermediary, it intercepts API requests made through the API Lab web app and reroutes them through your local machine. This means that the API Lab Agent handles requests using your local network configuration.

Download the API Lab Agent for your operating system:

Mac

Apple Silicon (.dmg)

Download for Apple Silicon-based Mac.

Intel (.dmg)

Download for Intel-based Mac.

Windows

Windows Installer (.msi)

Download the installer for Windows (64-bit).

Windows Portable (.exe)

Download the portable version for Windows (64-bit).

Linux

Debian (.deb)

Download the Debian package for Debian-based Linux distributions.

App Image (.AppImage)

Download the AppImage for Linux.

Open API Lab app and navigate to the “Interceptors” section in the “Settings” page.
Locate the “Agent” option within the Interceptors section to initiate a connection to your local agent.
The application will prompt you for a “One-Time Verification Code”. This verification code will be generated within the API Lab Agent.
Enter the verification code into the application to establish a secure connection.

Once connected, all API requests made through the API Lab web app will be routed through API Lab agent, effectively eliminating CORS-related issues.

Recommended interceptor for most users as it is compaitble with all platforms.

Proxy

A proxy server acts as an intermediary between your device and the internet, forwarding requests and responses to and from the desired API. By routing requests through a proxy, you can bypass CORS restrictions and access APIs that would otherwise be blocked by the browser.

Enable proxy interceptor from “Settings page” under the Interceptors section.
You can replace the default Proxy URL with your own proxy middleware if you wish or use Proxyscotch, which acts as a remote proxy server for routing API requests.

Proxyscotch

Proxyscotch is our official proxy server. It is an MIT licensed open-source project that can bypass Cross-Origin Resource Sharing (CORS) restrictions by routing API requests through a remotely hosted proxy, ensuring that requests originate from a trusted environment.

Self-Hosted Proxyscotch

To use Proxyscotch with a minimal setup, you can pull and run the official pre-built Docker image. This provides an instant proxy environment without requiring manual compilation or installation. You can host Proxyscotch on your own server by following the instructions below:

# Pull the latest Proxyscotch image from Docker Hub
docker pull hoppscotch/proxyscotch

# Run the container in detached mode, exposing port 9159
docker run -d -p 9159:9159 --name proxyscotch hoppscotch/proxyscotch

Proxyscotch Installer

If you prefer a native installation, download and install both the Desktop and Server binaries for your operating system.

Mac

Tray application (macOS)

Download proxyscotch for macOS desktops. This will install the tray application for seamless proxy management.

Proxy Server Binary (Intel-based macOS)

Download the proxy server binary for Intel-based (x86-64) Macs.

Proxy Server Binary (Apple Silicon macOS)

Download the proxy server binary for Apple Silicon-based (ARM64) Macs.

Windows

Tray application (Windows - AMD)

Download proxyscotch for AMD-based Windows desktops. This will install the tray application for easy proxy management.

Proxy Server Binary (Windows - AMD)

Download the proxy server binary for AMD-based Windows machines.

Tray application (Windows - ARM)

Download proxyscotch for ARM-based Windows desktops. This will install the tray application for easy proxy management.

Proxy Server Binary (Windows - ARM)

Download the proxy server binary for ARM-based Windows machines.

Linux

Tray application (Linux - AMD)

Download proxyscotch for AMD-based Linux desktops. This will install the tray application for seamless proxy management.

Proxy Server Binary (Linux - AMD)

Download the proxy server binary for AMD-based Linux machines.

The proxy will add a desktop application to your system tray, providing quick access to various proxy settings such as setting the access token. After launching the application, a dialog will prompt you to complete the certificate installation process. For more details on how to install the certificate, visit this wiki.Upon activation, the server will run in the background and interact with the proxy to route and manage requests.

Building Proxyscotch from Source

If you prefer to build and run Proxyscotch manually from source, you can clone the repository and compile the binaries for your platform.

git clone https://github.com/hoppscotch/proxyscotch.git

Follow the platform-specific instructions below to build the proxy and server from source for your operating system:

Building on macOS

# Build the desktop tray application
./build.sh darwin

# Build the standalone server application
./build.sh darwin server

Building on Windows

You can use Git Bash to run the following commands:

# Build the desktop tray application
./build.sh windows

# Build the standalone server application
./build.sh windows server

Building on Linux

# Build the desktop tray application
./build.sh linux

# Build the standalone server application
./build.sh linux server

After building, the compiled binaries will be available in the out/ directory.

Running the Proxyscotch Server

After building the server, use the following command to start the proxy server:

$ ./out/<platform>-server/server --host="<hostname>:<port>" --token="<token_or_blank>"

# e.g. on Linux
$ ./out/linux-server/server --host="localhost:9159" --token=""

# or on Windows
$ ./out/windows-server/server.exe --host="localhost:9159" --token=""

When the token is left blank, it grants unrestricted access to your proxy server. While this might be convenient, please be aware of the potential security risks and consider whether this level of open access is appropriate for your use case.

Available Server Options

After running the Proxyscotch server, you can customize its behavior using various command-line options.

Option	Description
`--host="<hostname>:<port>"`	Define the host and port (default: `localhost:9159`).
`--token="<token>"`	Set an access token to restrict proxy usage (leave blank for open access).
`--allowed-origins="*"`	Comma-separated list of allowed origins for CORS.
`--banned-outputs="<values>"`	Comma-separated list of response values to redact.
`--banned-dests="<hosts>"`	Comma-separated list of blocked destination hosts.

Configure Proxyscotch in API Lab

Once the container is running or the server is active, configure API Lab to use http://localhost:9159 as the Proxy URL in the “Settings” page.This setup will route all API requests through Proxyscotch, facilitating communication with APIs that enforce strict CORS policies.

Browser Extension

Since CORS is as simple as adding some HTTP headers, it’s only blocked by the browser. You can build some proxy-like component that will make a call for you and get the response from the desired API. You add it to the headers and then send it back to API Lab.

How to use the Browser Extension

Install the browser extension from the below links:
- Chrome
- Firefox
Click on the API Lab Browser Extension icon from the browser toolbar and ensure that app.apilab.work is in your active origins. If you are using API Lab Self-Host, add your own domain as a new origin
Refresh the API Lab web app.
Open the interceptor and change the middleware to the browser extension You can either go to the settings and enable the use of the browser extension as shown below:
Or you can open the interceptor menu and change the middleware as shown below:

Origins
The origin list defines the URLs that the extension can connect to. If you’re using app.apilab.work, then you do not need to add any other origins. However, if you are using a self-hosted instance, you should add the domain of your self-hosted instance as an active origin.

Getting started

Clients

Protocols

Features

Self-Host

Resources

API Lab Agent

Apple Silicon (.dmg)

Intel (.dmg)

Windows Installer (.msi)

Windows Portable (.exe)

Debian (.deb)

App Image (.AppImage)

Proxy

Proxyscotch

Self-Hosted Proxyscotch

Proxyscotch Installer

Tray application (macOS)

Proxy Server Binary (Intel-based macOS)

Proxy Server Binary (Apple Silicon macOS)

Tray application (Windows - AMD)

Proxy Server Binary (Windows - AMD)

Tray application (Windows - ARM)

Proxy Server Binary (Windows - ARM)

Tray application (Linux - AMD)

Proxy Server Binary (Linux - AMD)

Building Proxyscotch from Source

Running the Proxyscotch Server

Available Server Options

Configure Proxyscotch in API Lab

Browser Extension

How to use the Browser Extension

Origins

Getting started

Clients

Protocols

Features

Self-Host

Resources

​API Lab Agent

Apple Silicon (.dmg)

Intel (.dmg)

Windows Installer (.msi)

Windows Portable (.exe)

Debian (.deb)

App Image (.AppImage)

​Proxy

​Proxyscotch

​Self-Hosted Proxyscotch

​Proxyscotch Installer

Tray application (macOS)

Proxy Server Binary (Intel-based macOS)

Proxy Server Binary (Apple Silicon macOS)

Tray application (Windows - AMD)

Proxy Server Binary (Windows - AMD)

Tray application (Windows - ARM)

Proxy Server Binary (Windows - ARM)

Tray application (Linux - AMD)

Proxy Server Binary (Linux - AMD)

​Building Proxyscotch from Source

​Running the Proxyscotch Server

​Available Server Options

​Configure Proxyscotch in API Lab

​Browser Extension

​How to use the Browser Extension

​Origins

API Lab Agent

Proxy

Proxyscotch

Self-Hosted Proxyscotch

Proxyscotch Installer

Building Proxyscotch from Source

Running the Proxyscotch Server

Available Server Options

Configure Proxyscotch in API Lab

Browser Extension

How to use the Browser Extension

Origins