Hurl is a command line tool that runs HTTP requests defined in a simple plain text format.
Hurl: A Command-Line Tool for Efficient HTTP Requests
Hurl is a versatile command-line tool designed to execute HTTP requests using a simple plain text format. It offers an efficient and straightforward way to manage complex HTTP operations, making it an essential tool for developers and DevOps professionals.
Key Features:
Plain Text Syntax: Hurl uses a simple syntax that allows you to define HTTP requests in plain text files, eliminating the need for complicated configurations.
Flexibility and Ease of Use: The tool supports variables and loops, enabling the creation of dynamic and reusable request templates. It also allows chaining multiple requests into scripts, enhancing workflow efficiency.
Cross-Platform Compatibility: Hurl is compatible with various operating systems, ensuring seamless integration across different environments.
Audience & Benefits:
Ideal for developers, DevOps engineers, testers, and anyone working with APIs or web services, Hurl streamlines workflows by automating repetitive tasks. It reduces manual errors compared to tools like curl and offers a user-friendly alternative to more complex solutions, thereby enhancing productivity and efficiency.
Hurl is a command line tool that runs HTTP requests defined in a simple plain text format.
It can chain requests, capture values and evaluate queries on headers and body response. Hurl is very
versatile: it can be used for both fetching data and testing HTTP sessions.
Hurl makes it easy to work with HTML content, REST / SOAP / GraphQL APIs, or any other XML / JSON based APIs.
# Go home and capture token
GET https://example.org
HTTP 200
[Captures]
csrf_token: xpath "string(//meta[@name='_csrf_token']/@content)"
# Do login!
POST https://example.org/login
X-CSRF-TOKEN: {{csrf_token}}
[Form]
user: toto
password: 1234
HTTP 302
Chaining multiple requests is easy:
GET https://example.org/api/health
GET https://example.org/api/step1
GET https://example.org/api/step2
GET https://example.org/api/step3
Also an HTTP Test Tool
Hurl can run HTTP requests but can also be used to test HTTP responses.
Different types of queries and predicates are supported, from XPath and JSONPath on body response,
to assert on status code and response headers.
It is well adapted for REST / JSON APIs
POST https://example.org/api/tests
{
"id": "4568",
"evaluate": true
}
HTTP 200
[Asserts]
header "X-Frame-Options" == "SAMEORIGIN"
jsonpath "$.status" == "RUNNING" # Check the status code
jsonpath "$.tests" count == 25 # Check the number of items
jsonpath "$.id" matches /\d{4}/ # Check the format of the id
Hurl can be installed via winget, making it easy to integrate into your development environment. With its focus on simplicity and functionality, Hurl is a valuable addition to any developer's toolkit.
GET https://example.org
HTTP 200
[Asserts]
xpath "normalize-space(//head/title)" == "Hello world!"
GraphQL
POST https://example.org/graphql
```graphql
{
human(id: "1000") {
name
height(unit: FOOT)
}
}
```
HTTP 200
and even SOAP APIs
POST https://example.org/InStock
Content-Type: application/soap+xml; charset=utf-8
SOAPAction: "http://www.w3.org/2003/05/soap-envelope"
GOOG
HTTP 200
Hurl can also be used to test the performance of HTTP endpoints
GET https://example.org/api/v1/pets
HTTP 200
[Asserts]
duration < 1000 # Duration in ms
And check response bytes
GET https://example.org/data.tar.gz
HTTP 200
[Asserts]
sha256 == hex,039058c6f2c0cb492c533b0a4d14ef77cc0f78abccced5287d84a1a2011cfb81;
Finally, Hurl is easy to integrate in CI/CD, with text, JUnit, TAP and HTML reports
<b>Text Format:</b> for both devops and developers
<b>Fast CLI:</b> a command line for local dev and continuous integration
<b>Single Binary:</b> easy to install, with no runtime required
Powered by curl
Hurl is a lightweight binary written in Rust. Under the hood, Hurl HTTP engine is
powered by libcurl, one of the most powerful and reliable file transfer libraries.
With its text file format, Hurl adds syntactic sugar to run and test HTTP requests,
but it's still the curl that we love: fast, efficient and IPv6 / HTTP/3 ready.
This is equivalent to construct the request with a Authorization header:
# Authorization header value can be computed with `echo -n 'bob:secret' | base64`
GET https://example.org/protected
Authorization: Basic Ym9iOnNlY3JldA==
Basic authentication section allows per request authentication. If you want to add basic authentication to all the
requests of a Hurl file you could use -u/--user option:
POST https://example.org/upload
[Multipart]
field1: value1
field2: file,example.txt;
# One can specify the file content type:
field3: file,example.zip; application/zip
Using templates with XML body is not currently supported in Hurl. You can use templates in
XML multiline string body with variables to send a variable XML body:
POST https://example.org/echo/post/xml
```xml
{{login}}
{{password}}
```
Responses are optional, everything after HTTP is part of the response asserts.
# A request with (almost) no check:
GET https://foo.com
# A status code check:
GET https://foo.com
HTTP 200
# A test on response body
GET https://foo.com
HTTP 200
[Asserts]
jsonpath "$.state" == "running"
GET https://example.org
HTTP 200
Content-Type: text/html; charset=UTF-8
[Asserts]
xpath "string(/html/head/title)" contains "Example" # Check title
xpath "count(//p)" == 2 # Check the number of p
xpath "//p" count == 2 # Similar assert for p
xpath "boolean(count(//h2))" == false # Check there is no h2
xpath "//h2" not exists # Similar assert for h2
xpath "string(//div[1])" matches /Hello.*/
GET https://example.org/api/catalog
HTTP 200
Gambardella, Matthew
XML Developer's Guide
Computer
44.95
2000-10-01
An in-depth look at creating applications with XML.
Using --location and --location-trusted (either with command line option or per request), Hurl follows
redirection and each step of the redirection can be checked.
Use --output on a specific request to get the response body (- can be used as standard output):
GET https://foo.com/failure
[Options]
# use - to output on standard output, foo.bin to save on disk
output: -
HTTP 200
GET https://foo.com/success
HTTP 200
Testing the IP address of the response, as a string. This string may be IPv6 address:
GET https://foo.com
HTTP 200
[Asserts]
ip == "2001:0db8:85a3:0000:0000:8a2e:0370:733"
ip startsWith "2001"
ip isIpv6
Polling and Retry
Retry request on any errors (asserts, captures, status code, runtime etc...):
# Create a new job
POST https://api.example.org/jobs
HTTP 201
[Captures]
job_id: jsonpath "$.id"
[Asserts]
jsonpath "$.state" == "RUNNING"
# Pull job status until it is completed
GET https://api.example.org/jobs/{{job_id}}
[Options]
retry: 10 # maximum number of retry, -1 for unlimited
retry-interval: 500ms
HTTP 200
[Asserts]
jsonpath "$.state" == "COMPLETED"
Add delay for every request, or a particular request:
# Delaying this request by 5 seconds (aka sleep)
GET https://example.org/turtle
[Options]
delay: 5s
HTTP 200
# No delay!
GET https://example.org/turtle
HTTP 200
# a, c, d are run, b is skipped
GET https://example.org/a
GET https://example.org/b
[Options]
skip: true
GET https://example.org/c
GET https://example.org/d
Hurl is a command line tool that runs HTTP requests defined in a simple plain text format.
It can chain requests, capture values and evaluate queries on headers and body response. Hurl is very versatile, it can be used for fetching data and testing HTTP sessions: HTML content, REST / SOAP / GraphQL APIs, or any other XML / JSON based APIs.
$ hurl session.hurl
If no input files are specified, input is read from stdin.
GET http://example.org/endpoint1
GET http://example.org/endpoint2
Capturing values
A value from an HTTP response can be-reused for successive HTTP requests.
A typical example occurs with CSRF tokens.
GET https://example.org
HTTP 200
# Capture the CSRF token value from html body.
[Captures]
csrf_token: xpath "normalize-space(//meta[@name='_csrf_token']/@content)"
# Do the login !
POST https://example.org/login?user=toto&password=1234
X-CSRF-TOKEN: {{csrf_token}}
Options that exist in curl have exactly the same semantics.
Options specified on the command line are defined for every Hurl file's entry,
except if they are tagged as cli-only (can not be defined in the Hurl request [Options] entry)
For instance:
$ hurl --location foo.hurl
will follow redirection for each entry in foo.hurl. You can also define an option only for a particular entry with an [Options] section. For instance, this Hurl file:
GET https://example.org
HTTP 301
GET https://example.org
[Options]
location: true
HTTP 200
will follow a redirection only for the second entry.
Generate an Authorization header with an AWS SigV4 signature.Use -u, --user to specify Access Key Id (username) and Secret Key (password).To use temporary session credentials (e.g. for an AWS IAM Role), add the X-Amz-Security-Token header containing the session token.
Specifies the certificate file for peer verification. The file may contain multiple CA certificates and must be in PEM format.Normally Hurl is built to use a default file for this, so this option is typically used to alter that default file.
Maximum time in seconds that you allow Hurl's connection to take.You can specify time units in the connect timeout expression. Set Hurl to use a connect timeout of 20 seconds with --connect-timeout 20s or set it to 35,000 milliseconds with --connect-timeout 35000ms. No spaces allowed.See also -m, --max-time.
For a request to the given HOST1:PORT1 pair, connect to HOST2:PORT2 instead. This option can be used several times in a command line.See also --resolve.
Continue executing requests to the end of the Hurl file even when an assert error occurs.By default, Hurl exits after an assert error in the HTTP response.Note that this option does not affect the behavior with multiple input Hurl files.All the input files are executed independently. The result of one file does not affect the execution of the other Hurl files.This is a cli-only option.
Read cookies from FILE (using the Netscape cookie file format).Combined with -c, --cookie-jar, you can simulate a cookie storage between successive Hurl runs.This is a cli-only option.
Write cookies to FILE after running the session.The file will be written using the Netscape cookie file format.Combined with -b, --cookie, you can simulate a cookie storage between successive Hurl runs.This is a cli-only option.
Sets delay before each request (aka sleep). The delay is not applied to requests that have been retried because of --retry. See --retry-interval to space retried requests.You can specify time units in the delay expression. Set Hurl to use a delay of 2 seconds with --delay 2s or set it to 500 milliseconds with --delay 500ms. No spaces allowed.
Set root directory to import files in Hurl. This is used for files in multipart form data, request body and response output.When it is not explicitly defined, files are relative to the Hurl file's directory.This is a cli-only option.
Specify input files that match the given glob pattern.Multiple glob flags may be used. This flag supports common Unix glob patterns like *, ? and [].However, to avoid your shell accidentally expanding glob patterns before Hurl handles them, you must use single quotes or double quotes around each pattern.This is a cli-only option.
Tells Hurl to use HTTP version 2.For HTTPS, this means Hurl negotiates HTTP/2 in the TLS handshake. Hurl does this by default.For HTTP, this means Hurl attempts to upgrade the request to HTTP/2 using the Upgrade: request header.
Tells Hurl to try HTTP/3 to the host in the URL, but fallback to earlier HTTP versions if the HTTP/3 connection establishment fails. HTTP/3 is only available for HTTPS and not for HTTP URLs.
Maximum number of parallel jobs in parallel mode. Default value corresponds (in most cases) to thecurrent amount of CPUs.See also --parallel.This is a cli-only option.
Specify the maximum transfer rate you want Hurl to use, for both downloads and uploads. This feature is useful if you have a limited pipe and you would like your transfer not to use your entire bandwidth. To make it slower than it otherwise would be.The given speed is measured in bytes/second.
Like -L, --location, but allows sending the name + password to all hosts that the site may redirect to.This may or may not introduce a security breach if the site redirects you to a site to which you send your authentication info (which is plaintext in the case of HTTP Basic authentication).
Specify the maximum size in bytes of a file to download. If the file requested is larger than this value, the transfer does not start.This is a cli-only option.
Maximum time in seconds that you allow a request/response to take. This is the standard timeout.You can specify time units in the maximum time expression. Set Hurl to use a maximum time of 20 seconds with --max-time 20s or set it to 35,000 milliseconds with --max-time 35000ms. No spaces allowed.See also --connect-timeout.
Do not prettify response output for supported content type (JSON only for the moment). By default, output is prettified ifstandard output is a terminal.This is a cli-only option.
Run files in parallel.Each Hurl file is executed in its own worker thread, without sharing anything with the other workers. The default run mode is sequential. Parallel execution is by default in --test mode.See also --jobs.This is a cli-only option.
Tell Hurl to not handle sequences of /../ or /./ in the given URL path. Normally Hurl will squash or merge them according to standards but with this option set you tell it not to do that.
When negotiating a TLS or SSL connection, the server sends a certificate indicating its identity. A public key is extracted from this certificate and if it does not exactly match the public key provided to this option, Hurl aborts the connection before sending or receiving any data.
Prettify response output for supported content type (JSON only for the moment). By default, JSON response is prettified if standard output is a terminal, and colorized, see--no-color to format without color.This is a cli-only option.
Display a progress bar in test mode. The progress bar is displayed only in interactive TTYs. This option forces the progress bar to be displayed even in non-interactive TTYs.This is a cli-only option.
Repeat the input files sequence NUM times, -1 for infinite loop. Given a.hurl, b.hurl, c.hurl as input, repeat twotimes will run a.hurl, b.hurl, c.hurl, a.hurl, b.hurl, c.hurl.
Provide a custom address for a specific host and port pair. Using this, you can make the Hurl requests(s) use a specified address and prevent the otherwise normally resolved address to be used. Consider it a sort of /etc/hosts alternative provided on the command line.
Duration in milliseconds between each retry. Default is 1000 ms.You can specify time units in the retry interval expression. Set Hurl to use a retry interval of 2 seconds with --retry-interval 2s or set it to 500 milliseconds with --retry-interval 500ms. No spaces allowed.
Define secret value to be redacted from logs and report. When defined, secrets can be used as variable everywhere variables are used.This is a cli-only option.
Define a secrets file in which you define your secretsEach secret is defined as name=value exactly as with --secret option.Note that defining a secret twice produces an error.This is a cli-only option.
(Windows) This option tells Hurl to disable certificate revocation checks. WARNING: this option loosens the SSL security, and by using this flag you ask for exactly that.This is a cli-only option.
Activate test mode: with this, the HTTP response is not outputted anymore, progress is reported for each Hurl file tested, and a text summary is displayed when all files have been run.In test mode, files are executed in parallel. To run test in a sequential way use --job 1.See also --jobs.This is a cli-only option.
Set properties file in which your define your variables.Each variable is defined as name=value exactly as with --variable option.Note that defining a variable twice produces an error.This is a cli-only option.
Turn on verbose output on standard error stream.Useful for debugging.A line starting with '>' means data sent by Hurl.A line staring with '<' means data received by Hurl.A line starting with '*' means additional info provided by Hurl.If you only want HTTP headers in the output, -i, --include might be the option you're looking for.
Turn on more verbose output on standard error stream.In contrast to --verbose option, this option outputs the full HTTP body request and response on standard error. In addition, lines starting with '**' are libcurl debug logs.
