Skip to main content
Sandboxes have controlled network access that allows secure communication while maintaining isolation. Understanding networking helps you build applications that interact with external services.

Network Access Overview

Each sandbox has:
  • Outbound access: Can make HTTP/HTTPS requests to external services
  • Inbound access: Receives a unique URL for external connections
  • Isolated network: Each sandbox has its own network namespace

Outbound Access

By default, sandboxes can make outbound HTTP/HTTPS requests to any external service:
  • Python
  • JavaScript/TypeScript
from hopx_ai import Sandbox

sandbox = Sandbox.create(template="code-interpreter")

# Make outbound HTTP request
result = sandbox.run_code("""
import requests
response = requests.get('https://api.example.com/data')
print(response.json())
""")

sandbox.kill()  # Cleanup

Common Use Cases

Fetching data from APIs:
  • Python
  • JavaScript/TypeScript
result = sandbox.run_code("""
import requests

# Fetch data from public API
response = requests.get('https://jsonplaceholder.typicode.com/posts/1')
data = response.json()
print(f"Title: {data['title']}")
""")
Downloading files:
  • Python
  • JavaScript/TypeScript
result = sandbox.run_code("""
import requests

# Download file
response = requests.get('https://example.com/file.csv')
with open('/workspace/file.csv', 'wb') as f:
    f.write(response.content)
print("File downloaded")
""")

Inbound Access

Each sandbox gets a unique URL for inbound requests:
  • Python
  • JavaScript/TypeScript
from hopx_ai import Sandbox

sandbox = Sandbox.create(template="code-interpreter")
info = sandbox.get_info()

# Get sandbox URL
sandbox_url = info.public_host
# https://sandbox-id.us-west-2.hopx.dev

print(f"Sandbox URL: {sandbox_url}")

sandbox.kill()  # Cleanup

Hosting Web Services

You can run web servers inside sandboxes and access them via the sandbox URL:
  • Python
  • JavaScript/TypeScript
# Run a Flask app in background
result = sandbox.run_code_background("""
from flask import Flask
app = Flask(__name__)

@app.route('/')
def hello():
    return 'Hello from sandbox!'

if __name__ == '__main__':
    app.run(host='0.0.0.0', port=8000)
""")

# Access via: https://sandbox-id.us-west-2.hopx.dev
sandbox.kill()  # Cleanup

Network Isolation

Each sandbox has its own isolated network namespace:
  • Separate network stack: Each sandbox has its own IP address and routing
  • No inter-sandbox communication: Sandboxes cannot directly communicate with each other
  • Firewall rules: Network policies can restrict access
Network isolation ensures that sandboxes cannot interfere with each other or access unauthorized resources.

Network Configuration

Default Configuration

By default, sandboxes have:
  • ✅ Outbound HTTP/HTTPS access enabled
  • ✅ Inbound access via unique URL
  • ❌ No inter-sandbox communication
  • ❌ No direct IP access

Internet Access Control

You can control internet access when creating sandboxes:
  • Python
  • JavaScript/TypeScript
# Create sandbox with internet access (default)
sandbox = Sandbox.create(
    template="code-interpreter",
    internet_access=True  # Default: True
)

# Create sandbox without internet access
sandbox_no_internet = Sandbox.create(
    template="code-interpreter",
    internet_access=False
)

sandbox.kill()  # Cleanup
sandbox_no_internet.kill()  # Cleanup

Security Considerations

  • All outbound requests are logged for security monitoring
  • Rate limiting applies to prevent abuse
  • Malicious requests are automatically blocked
  • Each sandbox URL requires API key authentication
  • URLs are unique and hard to guess
  • Access can be revoked by deleting the sandbox
  • Sandboxes cannot access internal network resources
  • Each sandbox is completely isolated from others
  • Network policies enforce security boundaries

Next Steps

Core Concepts

Back to Core Concepts overview

Security

Learn about network security

Architecture

Understand the architecture

Running Code

Learn about code execution