Hurl is a command line tool that runs HTTP requests defined in a simple plain text format.
It can chain requests, capture values and evaluate queries on headers and body response. Hurl is very versatile: it can be used for both fetching data and testing HTTP sessions.
Hurl makes it easy to work with HTML content, REST / SOAP / GraphQL APIs, or any other XML / JSON based APIs.
```hurl
GET https://example.org
HTTP 200 [Captures] csrftoken: xpath "string(//meta[@name='csrf_token']/@content)"
POST https://example.org/login?user=toto&password=1234 X-CSRF-TOKEN: {{csrf_token}} HTTP 302 ```
Chaining multiple requests is easy:
hurl
GET https://example.org/api/health
GET https://example.org/api/step1
GET https://example.org/api/step2
GET https://example.org/api/step3
Hurl can run HTTP requests but can also be used to test HTTP responses. Different types of queries and predicates are supported, from [XPath] and [JSONPath] on body response, to assert on status code and response headers.
It is well adapted for REST / JSON APIs
```hurl POST https://example.org/api/tests { "id": "4568", "evaluate": true }
HTTP 200 [Asserts] header "X-Frame-Options" == "SAMEORIGIN" jsonpath "$.status" == "RUNNING" # Check the status code jsonpath "$.tests" count == 25 # Check the number of items jsonpath "$.id" matches /\d{4}/ # Check the format of the id ```
HTML content
```hurl GET https://example.org
HTTP 200 [Asserts] xpath "normalize-space(//head/title)" == "Hello world!" ```
GraphQL
~~~hurl
POST https://example.org/graphql
graphql
{
human(id: "1000") {
name
height(unit: FOOT)
}
}
HTTP 200
~~~
and even SOAP APIs
hurl
POST https://example.org/InStock
Content-Type: application/soap+xml; charset=utf-8
SOAPAction: "http://www.w3.org/2003/05/soap-envelope"
<?xml version="1.0" encoding="UTF-8"?>
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:m="https://example.org">
<soap:Header></soap:Header>
<soap:Body>
<m:GetStockPrice>
<m:StockName>GOOG</m:StockName>
</m:GetStockPrice>
</soap:Body>
</soap:Envelope>
HTTP 200
Hurl can also be used to performance test HTTP endpoints:
```hurl GET https://example.org/api/v1/pets
HTTP 200 [Asserts] duration < 1000 # Duration in ms ```
And response bytes
```hurl GET https://example.org/data.tar.gz
HTTP 200 [Asserts] sha256 == hex,039058c6f2c0cb492c533b0a4d14ef77cc0f78abccced5287d84a1a2011cfb81; ```
Hurl is a lightweight binary written in [Rust]. Under the hood, Hurl HTTP engine is powered by [libcurl], one of the most powerful and reliable file transfer libraries. With its text file format, Hurl adds syntactic sugar to run and test HTTP requests, but it's still the [curl] that we love.
To support its development, [star Hurl on GitHub]!
[Feedback, suggestion, bugs or improvements] are welcome.
hurl
POST https://hurl.dev/api/feedback
{
"name": "John Doe",
"feedback": "Hurl is awesome !"
}
HTTP 200
[License]
[Blog]
[Tutorial]
[Documentation]
[GitHub]
To run a sample, edit a file with the sample content, and run Hurl:
```shell $ vi sample.hurl
GET https://example.org
$ hurl sample.hurl ```
By default, Hurl behaves like [curl] and outputs the last HTTP response's [entry]. To have a test
oriented output, you can use [--test option]:
shell
$ hurl --test sample.hurl
You can check [Hurl tests suite] for more samples.
A simple GET:
hurl
GET https://example.org
A simple GET with headers:
hurl
GET https://example.org/news
User-Agent: Mozilla/5.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
hurl
GET https://example.org/news
[QueryStringParams]
order: newest
search: something to search
count: 100
Or:
hurl
GET https://example.org/news?order=newest&search=something%20to%20search&count=100
hurl
GET https://example.org/protected
[BasicAuth]
bob: secret
This is equivalent to construct the request with a [Authorization] header:
```hurl
echo -n 'bob:secret' | base64GET https://example.org/protected Authorization: Basic Ym9iOnNlY3JldA== ```
Basic authentication allows per request authentication.
If you want to add basic authentication to all the requests of a Hurl file
you could use [-u/--user option].
hurl
POST https://example.org/contact
[FormParams]
default: false
token: {{token}}
email: john.doe@rookie.org
number: 33611223344
```hurl POST https://example.org/upload [MultipartFormData] field1: value1 field2: file,example.txt;
field3: file,example.zip; application/zip ```
Multipart forms can also be sent with a [multiline string body]:
~~~hurl POST https://example.org/upload Content-Type: multipart/form-data; boundary="boundary" ``` --boundary Content-Disposition: form-data; name="key1"
value1 --boundary Content-Disposition: form-data; name="upload1"; filename="data.txt" Content-Type: text/plain
Hello World! --boundary Content-Disposition: form-data; name="upload2"; filename="data.html" Content-Type: text/html
--boundary-- ``` ~~~
In that case, files have to be inlined in the Hurl file.
With an inline JSON:
hurl
POST https://example.org/api/tests
{
"id": "456",
"evaluate": true
}
With a local file:
hurl
POST https://example.org/api/tests
Content-Type: application/json
file,data.json;
hurl
PUT https://example.org/api/hits
Content-Type: application/json
{
"key0": "{{a_string}}",
"key1": {{a_bool}},
"key2": {{a_null}},
"key3": {{a_number}}
}
Variables can be initialized via command line:
shell
$ hurl --variable a_string=apple \
--variable a_bool=true \
--variable a_null=null \
--variable a_number=42 \
test.hurl
Resulting in a PUT request with the following JSON body:
{
"key0": "apple",
"key1": true,
"key2": null,
"key3": 42
}
Using templates with [XML body] is not currently supported in Hurl. You can use templates in [XML multiline string body] with variables to send a variable XML body:
~~~hurl
POST https://example.org/echo/post/xml
xml
<?xml version="1.0" encoding="utf-8"?>
<Request>
<Login>{{login}}</Login>
<Password>{{password}}</Password>
</Request>
~~~
A simple GraphQL query:
~~~hurl
POST https://example.org/starwars/graphql
graphql
{
human(id: "1000") {
name
height(unit: FOOT)
}
}
~~~
A GraphQL query with variables:
~~~hurl POST https://example.org/starwars/graphql ```graphql query Hero($episode: Episode, $withFriends: Boolean!) { hero(episode: $episode) { name friends @include(if: $withFriends) { name } } }
variables { "episode": "JEDI", "withFriends": false } ``` ~~~
GraphQL queries can also use [Hurl templates].
Use implicit response asserts to test header values:
```hurl GET https://example.org/index.html
HTTP 200 Set-Cookie: theme=light Set-Cookie: sessionToken=abc123; Expires=Wed, 09 Jun 2021 10:18:14 GMT ```
Or use explicit response asserts with [predicates]:
```hurl GET https://example.org
HTTP 302 [Asserts] header "Location" contains "www.example.net" ```
Asserting JSON body response (node values, collection count etc...) with [JSONPath]:
```hurl GET https://example.org/order screencapability: low
HTTP 200 [Asserts] jsonpath "$.validated" == true jsonpath "$.userInfo.firstName" == "Franck" jsonpath "$.userInfo.lastName" == "Herbert" jsonpath "$.hasDevice" == false jsonpath "$.links" count == 12 jsonpath "$.state" != null jsonpath "$.order" matches "^order-\d{8}$" jsonpath "$.order" matches /^order-\d{8}$/ # Alternative syntax with regex literal ```
Testing status code:
```hurl GET https://example.org/order/435
HTTP 200 ```
```hurl GET https://example.org/order/435
HTTP * [Asserts] status >= 200 status < 300 ```
```hurl GET https://example.org
HTTP 200 Content-Type: text/html; charset=UTF-8
[Asserts]
xpath "string(/html/head/title)" contains "Example" # Check title
xpath "count(//p)" == 2 # Check the number of p
xpath "//p" count == 2 # Similar assert for p
xpath "boolean(count(//h2))" == false # Check there is no h2
xpath "//h2" not exists # Similar assert for h2
xpath "string(//div[1])" matches /Hello.*/
```
```hurl GET https://example.org/home
HTTP 200 [Asserts] cookie "JSESSIONID" == "8400BAFE2F66443613DC38AE3D9D6239" cookie "JSESSIONID[Value]" == "8400BAFE2F66443613DC38AE3D9D6239" cookie "JSESSIONID[Expires]" contains "Wed, 13 Jan 2021" cookie "JSESSIONID[Secure]" exists cookie "JSESSIONID[HttpOnly]" exists cookie "JSESSIONID[SameSite]" == "Lax" ```
Check the SHA-256 response body hash:
```hurl GET https://example.org/data.tar.gz
HTTP 200 [Asserts] sha256 == hex,039058c6f2c0cb492c533b0a4d14ef77cc0f78abccced5287d84a1a2011cfb81; ```
Check the properties of a SSL certificate:
```hurl GET https://example.org
HTTP 200 [Asserts] certificate "Subject" == "CN=example.org" certificate "Issuer" == "C=US, O=Let's Encrypt, CN=R3" certificate "Expire-Date" daysAfterNow > 15 certificate "Serial-Number" matches "[0-9af]+" ```
Testing HTTP version (1.0, 1.1 or 2):
hurl
GET https://example.org/order/435
HTTP/2 200
Retry request on any errors (asserts, captures, status code, runtime etc...):
```hurl
POST https://api.example.org/jobs
HTTP 201 [Captures] job_id: jsonpath "$.id" [Asserts] jsonpath "$.state" == "RUNNING"
GET https://api.example.org/jobs/{{job_id}} [Options] retry: true
HTTP 200 [Asserts] jsonpath "$.state" == "COMPLETED" ```
```hurl GET https://sample.org/helloworld
HTTP * [Asserts] duration < 1000 # Check that response time is less than one second ```
```hurl
POST https://example.org/InStock
Content-Type: application/soap+xml; charset=utf-8
SOAPAction: "http://www.w3.org/2003/05/soap-envelope"
HTTP 200 ```
```hurl GET https://example.org
HTTP 200 [Captures] csrftoken: xpath "string(//meta[@name='csrf_token']/@content)"
POST https://example.org/login?user=toto&password=1234 X-CSRF-TOKEN: {{csrf_token}} HTTP 302 ```
```hurl GET https://example.org/data.bin
HTTP 200 [Asserts] bytes startsWith hex,efbbbf; ```
hurl - run and test HTTP requests.
hurl [options] [FILE...]
Hurl is a command line tool that runs HTTP requests defined in a simple plain text format.
It can chain requests, capture values and evaluate queries on headers and body response. Hurl is very versatile, it can be used for fetching data and testing HTTP sessions: HTML content, REST / SOAP / GraphQL APIs, or any other XML / JSON based APIs.
shell
$ hurl session.hurl
If no input files are specified, input is read from stdin.
shell
$ echo GET http://httpbin.org/get | hurl
{
"args": {},
"headers": {
"Accept": "*/*",
"Accept-Encoding": "gzip",
"Content-Length": "0",
"Host": "httpbin.org",
"User-Agent": "hurl/0.99.10",
"X-Amzn-Trace-Id": "Root=1-5eedf4c7-520814d64e2f9249ea44e0"
},
"origin": "1.2.3.4",
"url": "http://httpbin.org/get"
}
Output goes to stdout by default. To have output go to a file, use the -o, --output option:
shell
$ hurl -o output input.hurl
By default, Hurl executes all HTTP requests and outputs the response body of the last HTTP call.
To have a test oriented output, you can use --test option:
shell
$ hurl --test *.hurl
The Hurl file format is fully documented in https://hurl.dev/docs/hurl-file.html
It consists of one or several HTTP requests
hurl
GET http:/example.org/endpoint1
GET http:/example.org/endpoint2
A value from an HTTP response can be-reused for successive HTTP requests.
A typical example occurs with CSRF tokens.
```hurl GET https://example.org HTTP 200
[Captures] csrftoken: xpath "normalize-space(//meta[@name='csrf_token']/@content)"
POST https://example.org/login?user=toto&password=1234 X-CSRF-TOKEN: {{csrf_token}} ```
More information on captures can be found here https://hurl.dev/docs/capturing-response.html
The HTTP response defined in the Hurl file are used to make asserts. Responses are optional.
At the minimum, response includes assert on the HTTP status code.
hurl
GET http:/example.org
HTTP 301
It can also include asserts on the response headers
hurl
GET http:/example.org
HTTP 301
Location: http://www.example.org
Explicit asserts can be included by combining a query and a predicate
hurl
GET http:/example.org
HTTP 301
[Asserts]
xpath "string(//title)" == "301 Moved"
With the addition of asserts, Hurl can be used as a testing tool to run scenarios.
More information on asserts can be found here https://hurl.dev/docs/asserting-response.html
Options that exist in curl have exactly the same semantics.
Options specified on the command line are defined for every Hurl file's entry.
For instance:
shell
$ hurl --location foo.hurl
will follow redirection for each entry in foo.hurl. You can also define an option only for a particular entry with an [Options] section. For instance, this Hurl file:
```hurl GET https://example.org HTTP 301
GET https://example.org [Options] location: true HTTP 200 ```
will follow a redirection only for the second entry.
| Option | Description |
| --- | --- |
| --cacert <FILE> | Specifies the certificate file for peer verification. The file may contain multiple CA certificates and must be in PEM format.
Normally Hurl is built to use a default file for this, so this option is typically used to alter that default file.
|
| -E, --cert <CERTIFICATE[:PASSWORD]> | Client certificate file and password.
See also --key.
|
| --color | Colorize debug output (the HTTP response output is not colorized).
|
| --compressed | Request a compressed response using one of the algorithms br, gzip, deflate and automatically decompress the content.
|
| --connect-timeout <SECONDS> | Maximum time in seconds that you allow Hurl's connection to take.
See also -m, --max-time.
|
| --connect-to <HOST1:PORT1:HOST2:PORT2> | For a request to the given HOST1:PORT1 pair, connect to HOST2:PORT2 instead. This option can be used several times in a command line.
See also --resolve.
|
| -b, --cookie <FILE> | Read cookies from FILE (using the Netscape cookie file format).
Combined with -c, --cookie-jar, you can simulate a cookie storage between successive Hurl runs.
|
| -c, --cookie-jar <FILE> | Write cookies to FILE after running the session (only for one session).
The file will be written using the Netscape cookie file format.
Combined with -b, --cookie, you can simulate a cookie storage between successive Hurl runs.
|
| --fail-at-end | Continue executing requests to the end of the Hurl file even when an assert error occurs.
By default, Hurl exits after an assert error in the HTTP response.
Note that this option does not affect the behavior with multiple input Hurl files.
All the input files are executed independently. The result of one file does not affect the execution of the other Hurl files.
|
| --file-root <DIR> | Set root file system to import files in Hurl. This is used for both files in multipart form data and request body.
When this is not explicitly defined, the files are relative to the current directory in which Hurl is running.
|
| -L, --location | Follow redirect. To limit the amount of redirects to follow use the --max-redirs option
|
| --glob <GLOB> | Specify input files that match the given glob pattern.
Multiple glob flags may be used. This flag supports common Unix glob patterns like , ? and [].
However, to avoid your shell accidentally expanding glob patterns before Hurl handles them, you must use single quotes or double quotes around each pattern.
|
| -i, --include | Include the HTTP headers in the output (last entry).
|
| --ignore-asserts | Ignore all asserts defined in the Hurl file.
|
| -k, --insecure | This option explicitly allows Hurl to perform "insecure" SSL connections and transfers.
|
| --interactive | Stop between requests.
This is similar to a break point, You can then continue (Press C) or quit (Press Q).
|
| --json | Output each hurl file result to JSON. The format is very closed to HAR format.
|
| --key <KEY> | Private key file name.
|
| --max-redirs <NUM> | Set maximum number of redirection-followings allowed
By default, the limit is set to 50 redirections. Set this option to -1 to make it unlimited.
|
| -m, --max-time <SECONDS> | Maximum time in seconds that you allow a request/response to take. This is the standard timeout.
See also --connect-timeout.
|
| --no-color | Do not colorize output.
|
| --no-output | Suppress output. By default, Hurl outputs the body of the last response.
|
| --noproxy <HOST(S)> | Comma-separated list of hosts which do not use a proxy.
Override value from Environment variable no_proxy.
|
| -o, --output <FILE> | Write output to FILE instead of stdout.
|
| -x, --proxy <[PROTOCOL://]HOST[:PORT]> | Use the specified proxy.
|
| --report-junit <FILE> | Generate JUnit File.
If the FILE report already exists, it will be updated with the new test results.
|
| --report-html <DIR> | Generate HTML report in DIR.
If the HTML report already exists, it will be updated with the new test results.
|
| --resolve <HOST:PORT:ADDR> | Provide a custom address for a specific host and port pair. Using this, you can make the Hurl requests(s) use a specified address and prevent the otherwise normally resolved address to be used. Consider it a sort of /etc/hosts alternative provided on the command line.
|
| --retry | Retry requests if any error occurs (asserts, captures, runtimes etc...).
|
| --retry-interval <MILLISECONDS> | Duration in milliseconds between each retry. Default is 1000 ms.
|
| --retry-max-count <NUM> | Maximum number of retries. Set this option to -1 to make it unlimited. Default is 10.
|
| --ssl-no-revoke | (Windows) This option tells Hurl to disable certificate revocation checks. WARNING: this option loosens the SSL security, and by using this flag you ask for exactly that.
|
| --test | Activate test mode: with this, the HTTP response is not outputted anymore, progress is reported for each Hurl file tested, and a text summary is displayed when all files have been run.
|
| --to-entry <ENTRY_NUMBER> | Execute Hurl file to ENTRY_NUMBER (starting at 1).
Ignore the remaining of the file. It is useful for debugging a session.
|
| -u, --user <USER:PASSWORD> | Add basic Authentication header to each request.
|
| -A, --user-agent <NAME> | Specify the User-Agent string to send to the HTTP server.
|
| --variable <NAME=VALUE> | Define variable (name/value) to be used in Hurl templates.
|
| --variables-file <FILE> | Set properties file in which your define your variables.
Each variable is defined as name=value exactly as with --variable option.
Note that defining a variable twice produces an error.
|
| -v, --verbose | Turn on verbose output on standard error stream.
Useful for debugging.
A line starting with '>' means data sent by Hurl.
A line staring with '<' means data received by Hurl.
A line starting with '' means additional info provided by Hurl.
If you only want HTTP headers in the output, -i, --include might be the option you're looking for.
|
| --very-verbose | Turn on more verbose output on standard error stream.
In contrast to --verbose option, this option outputs the full HTTP body request and response on standard error. In addition, lines starting with '**' are libcurl debug logs.
|
| -h, --help | Usage help. This lists all current command line options with a short description.
|
| -V, --version | Prints version information
|
Environment variables can only be specified in lowercase.
Using an environment variable to set the proxy has the same effect as using the -x, --proxy option.
| Variable | Description |
| --- | --- |
| http_proxy [PROTOCOL://]<HOST>[:PORT] | Sets the proxy server to use for HTTP.
|
| https_proxy [PROTOCOL://]<HOST>[:PORT] | Sets the proxy server to use for HTTPS.
|
| all_proxy [PROTOCOL://]<HOST>[:PORT] | Sets the proxy server to use if no protocol-specific proxy is set.
|
| no_proxy <comma-separated list of hosts> | List of host names that shouldn't go through any proxy.
|
| HURL_name value | Define variable (name/value) to be used in Hurl templates. This is similar than --variable and --variables-file options.
|
| NO_COLOR | When set to a non-empty string, do not colorize output (see --no-color option).
|
| Value | Description |
| --- | --- |
| 0 | Success.
|
| 1 | Failed to parse command-line options.
|
| 2 | Input File Parsing Error.
|
| 3 | Runtime error (such as failure to connect to host).
|
| 4 | Assert Error.
|
curl(1) hurlfmt(1)
Precompiled binary is available at [hurl-3.0.0-x86_64-linux.tar.gz]:
shell
$ INSTALL_DIR=/tmp
$ curl -silent --location https://github.com/Orange-OpenSource/hurl/releases/download/3.0.0/hurl-3.0.0-x86_64-linux.tar.gz | tar xvz -C $INSTALL_DIR
$ export PATH=$INSTALL_DIR/hurl-3.0.0:$PATH
For Debian / Ubuntu, Hurl can be installed using a binary .deb file provided in each Hurl release.
shell
$ curl --location --remote-name https://github.com/Orange-OpenSource/hurl/releases/download/3.0.0/hurl_3.0.0_amd64.deb
$ sudo apt update && apt install ./hurl_3.0.0_amd64.deb
[hurl-bin package] for Arch Linux and derived distros is available via [AUR].
[NixOS / Nix package] is available on stable channel.
Precompiled binary is available at [hurl-3.0.0-x86_64-macos.tar.gz] for x86 CPUs and [hurl-3.0.0-arm64-macos.tar.gz] for ARM CPUS.
shell
$ brew install hurl
shell
$ sudo port install hurl
shell
$ sudo pkg install hurl
Hurl can be installed from a standalone zip file [hurl-3.0.0-win64.zip]. You will need to update your PATH variable.
An installer [hurl-3.0.0-win64-installer.exe] is also available.
shell
$ choco install hurl
shell
$ scoop install hurl
shell
$ winget install hurl
If you're a Rust programmer, Hurl can be installed with cargo.
shell
$ cargo install hurl
shell
$ docker pull ghcr.io/orange-opensource/hurl:latest
shell
$ npm install --save-dev @orangeopensource/hurl
Hurl sources are available in [GitHub].
Hurl depends on libssl, libcurl and libxml2 native libraries. You will need their development files in your platform.
shell
$ apt install -y build-essential pkg-config libssl-dev libcurl4-openssl-dev libxml2-dev
shell
$ yum install -y pkg-config gcc openssl-devel libxml2-devel
shell
$ pacman -Sy --noconfirm pkgconf gcc glibc openssl libxml2
shell
$ xcode-select --install
$ brew install pkg-config
Hurl is written in [Rust]. You should [install] the latest stable release.
shell
$ curl https://sh.rustup.rs -sSf | sh -s -- -y
$ source $HOME/.cargo/env
$ rustc --version
$ cargo --version
Then build hurl:
shell
$ git clone https://github.com/Orange-OpenSource/hurl
$ cd hurl
$ cargo build --release
$ ./target/release/hurl --version
Please follow the [contrib on Windows section].