Skip to main content

Setup

  1. In the web app, navigate to Connections and click New Connection
  2. Select HTTP Proxy as the connection type
  3. Choose your agent and give the connection a name
  4. Set REMOTE_URL to the target service URL
  5. Click Save

Accessing the Connection

When you open a connection via Connect > Open in Native Client in the web app, Hoop issues a time-limited session token and provides two ways to use it: Authorization header — for API clients, curl, or any tool that supports custom headers: 
curl -H 'Authorization: httpproxy-<token>' https://<host>:<port>/
Token in URL path — for browsers or tools that can’t set headers: 
https://<host>:<port>/httpproxy-<token>
The session expires automatically when the time limit is reached, and the token is revoked.

Custom Headers

Use HEADER_* environment variables to inject headers into every proxied request. This is useful for credential offloading — the client never holds the API key directly. Add them to the connection’s secret object using the same "envvar:KEY": "<base64-value>" pattern as REMOTE_URL: 
"secret": {
  "envvar:REMOTE_URL": "<base64-encoded-url>",
  "envvar:HEADER_AUTHORIZATION": "<base64-encoded-bearer-token>",
  "envvar:HEADER_X_API_KEY": "<base64-encoded-api-key>"
}
You can add as many HEADER_* variables as needed. Each becomes a header on every proxied request.

Self-Signed Certificates

For services with self-signed or internal CA certificates, set INSECURE=true to skip TLS verification. Add it to the connection’s secret object alongside REMOTE_URL: 
"secret": {
  "envvar:REMOTE_URL": "<base64-encoded-url>",
  "envvar:INSECURE": "dHJ1ZQ=="
}
(dHJ1ZQ== is the base64 encoding of true.)

WebSocket Support

WebSocket connections are supported automatically. When the proxied service returns an HTTP 101 Switching Protocols response, Hoop upgrades the connection transparently — no additional configuration required.