hurl/README.md

What's Hurl?

Hurl is a command line tool that runs HTTP requests defined in a simple plain text format.

It can perform requests, capture values and evaluate queries on headers and body response. Hurl is very versatile: it can be used for both fetching data and testing HTTP sessions.

# Get home:
GET https://example.net

HTTP/1.1 200
[Captures]
csrf_token: xpath "string(//meta[@name='_csrf_token']/@content)"

# Do login!
POST https://example.net/login?user=toto&password=1234
X-CSRF-TOKEN: {{csrf_token}}

HTTP/1.1 302

Chaining multiple requests is easy:

GET https://api.example.net/health
GET https://api.example.net/step1
GET https://api.example.net/step2
GET https://api.example.net/step3

Also an HTTP Test Tool

Hurl can run HTTP requests but can also be used to test HTTP responses. Different types of queries and predicates are supported, from XPath and JSONPath on body response, to assert on status code and response headers.

It is well adapted for REST / JSON apis

POST https://api.example.net/tests
{
    "id": "4568",
    "evaluate": true
}

HTTP/1.1 200
[Asserts]
header "X-Frame-Options" == "SAMEORIGIN"
jsonpath "$.status" == "RUNNING"    # Check the status code
jsonpath "$.tests" count == 25      # Check the number of items
jsonpath "$.id" matches /\d{4}/     # Check the format of the id

HTML content

GET https://example.net

HTTP/1.1 200
[Asserts]
xpath "normalize-space(//head/title)" == "Hello world!"

and even SOAP apis

POST https://example.net/InStock
Content-Type: application/soap+xml; charset=utf-8
SOAPAction: "http://www.w3.org/2003/05/soap-envelope"
<?xml version="1.0" encoding="UTF-8"?>
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:m="http://www.example.org">
  <soap:Header></soap:Header>
  <soap:Body>
    <m:GetStockPrice>
      <m:StockName>GOOG</m:StockName>
    </m:GetStockPrice>
  </soap:Body>
</soap:Envelope>

HTTP/1.1 200

Hurl can also be used to test HTTP endpoints performances:

GET http://api.example.org/v1/pets

HTTP/1.0 200
[Asserts]
duration < 1000  # Duration in ms

And responses bytes content

GET http://example.org/data.tar.gz

HTTP/1.0 200
[Asserts]
sha256 == hex,039058c6f2c0cb492c533b0a4d14ef77cc0f78abccced5287d84a1a2011cfb81;

Why Hurl?

• Text Format: for both devops and developers
• Fast CLI: a command line for local dev and continuous integration
• Single Binary: easy to install, with no runtime required

Powered by curl

Hurl is a lightweight binary written in Rust. Under the hood, Hurl HTTP engine is powered by libcurl, one of the most powerful and reliable file transfer library. With its text file format, Hurl adds syntactic sugar to run and tests HTTP requests, but it's still the curl that we love.

Feedbacks

Feedback, suggestion, bugs or improvements are welcome!

POST https://hurl.dev/api/feedback
{
  "name": "John Doe",
  "feedback": "Hurl is awesome !"
}
HTTP/1.1 200

Resources

License

Blog

Documentation

GitHub

Table of Contents

• Samples
  • Getting Data
    • HTTP Headers
    • Query Params
    • Basic Authentification
  • Sending Data
    • Sending HTML Form Datas
    • Sending Multipart Form Datas
    • Posting a JSON Body
    • Templating a JSON / XML Body
  • Testing Response
    • Testing Response Headers
    • Testing REST Apis
    • Testing HTML Response
    • Testing Set-Cookie Attributes
  • Others
    • Testing Endpoint Performance
    • Using SOAP Apis
    • Capturing and Using a CSRF Token
    • Checking Byte Order Mark (BOM) in Response Body
• Man Page
  • Name
  • Synopsis
  • Description
  • Hurl File Format
    • Capturing values
    • Asserts
  • Options
  • Environment
  • Exit Codes
  • WWW
  • See Also
• Installation
  • Binaries Installation
    • Linux
      • Debian / Ubuntu
      • Arch Linux / Manjaro
    • macOS
    • Windows
      • Zip File
      • Installer
      • Chocolatey
      • Scoop
      • Windows Package Manager
    • Cargo
    • Docker
  • Building From Sources
    • Build on Linux, macOS
    • Build on Windows

Samples

To run a sample, edit a file with the sample content, and run Hurl:

$ vi sample.hurl

GET https://example.net

$ hurl sample.hurl

You can check Hurl tests suit for more samples.

Getting Data

A simple GET:

GET https://example.net

Doc

HTTP Headers

A simple GET with headers:

GET https://example.net/news
User-Agent: Mozilla/5.0 
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive

Doc

Query Params

GET https://example.net/news
[QueryStringParams]
order: newest
search: something to search
count: 100

Or:

GET https://example.net/news?order=newest&search=something%20to%20search&count=100

Doc

Basic Authentification

GET http://example.com/protected
[BasicAuth]
bob: secret

Doc

This is equivalent to construct the request with a Authorization header:

# Authorization header value can be computed with `echo -n 'bob:secret' | base64`
GET http://example.com/protected
Authorization: Basic Ym9iOnNlY3JldA== 

Basic authentification allows per request authentification. If you want to add basic authentification to all the request of a Hurl file you could use -u/--user option.

Sending Data

Sending HTML Form Datas

POST https://example.net/contact
[FormParams]
default: false
token: {{token}}
email: john.doe@rookie.org
number: 33611223344

Doc

Sending Multipart Form Datas

POST https://example.net/upload
[MultipartFormData]
field1: value1
field2: file,example.txt;
# On can specify the file content type:
field3: file,example.zip; application/zip

Doc

Posting a JSON Body

With an inline JSON:

POST https://api.example.net/tests
{
    "id": "456",
    "evaluate": true
}

Doc

With a local file:

POST https://api.example.net/tests
Content-Type: application/json
file,data.json;

Doc

Templating a JSON / XML Body

Using templates with JSON body or XML body is not currently supported in Hurl. Besides, you can use templates in raw string body with variables to send a JSON or XML body:

PUT https://api.example.net/hits
Content-Type: application/json
```
{
    "key0": "{{a_string}}",
    "key1": {{a_bool}},
    "key2": {{a_null}},
    "key3": {{a_number}}
}
```

Variables can be initialized via command line:

$ hurl --variable a_string=apple \
       --variable a_bool=true \
       --variable a_null=null \
       --variable a_number=42 \
       test.hurl

Resulting in a PUT request with the following JSON body:

{
    "key0": "apple",
    "key1": true,
    "key2": null,
    "key3": 42
}

Doc

Testing Response

Testing Response Headers

Use implicit response asserts to test header values:

GET http://www.example.org/index.html

HTTP/1.0 200
Set-Cookie: theme=light
Set-Cookie: sessionToken=abc123; Expires=Wed, 09 Jun 2021 10:18:14 GMT

Doc

Or use explicit response asserts with predicates:

GET https://example.net

HTTP/1.1 302
[Asserts]
header "Location" contains "www.example.net"

Doc

Testing REST Apis

Asserting JSON body response (node values, collection count etc...) with JSONPath:

GET https://example.org/order
screencapability: low

HTTP/1.1 200
[Asserts]
jsonpath "$.validated" == true
jsonpath "$.userInfo.firstName" == "Franck"
jsonpath "$.userInfo.lastName" == "Herbert"
jsonpath "$.hasDevice" == false
jsonpath "$.links" count == 12
jsonpath "$.state" != null
jsonpath "$.order" matches "^order-\\d{8}$"
jsonpath "$.order" matches /^order-\d{8}$/     # Alternative syntax with regex litteral

Doc

Testing status code:

GET https://example.org/order/435

HTTP/1.1 200

Doc

GET https://example.org/order/435

# Testing status code is in a 200-300 range
HTTP/1.1 *
[Asserts]
status >= 200
status < 300

Doc

Testing HTML Response

GET https://example.com

HTTP/1.1 200
Content-Type: text/html; charset=UTF-8

[Asserts]
xpath "string(/html/head/title)" contains "Example" # Check title
xpath "count(//p)" == 2  # Check the number of p
xpath "//p" count == 2  # Similar assert for p
xpath "boolean(count(//h2))" == false  # Check there is no h2  
xpath "//h2" not exists  # Similar assert for h2
xpath "string(//div[1])" matches /Hello.*/

Doc

Testing Set-Cookie Attributes

GET http://myserver.com/home

HTTP/1.0 200
[Asserts]
cookie "JSESSIONID" == "8400BAFE2F66443613DC38AE3D9D6239"
cookie "JSESSIONID[Value]" == "8400BAFE2F66443613DC38AE3D9D6239"
cookie "JSESSIONID[Expires]" contains "Wed, 13 Jan 2021"
cookie "JSESSIONID[Secure]" exists
cookie "JSESSIONID[HttpOnly]" exists
cookie "JSESSIONID[SameSite]" == "Lax"

Doc

Others

Testing Endpoint Performance

GET https://sample.org/helloworld

HTTP/* *
[Asserts]
duration < 1000   # Check that response time is less than one second

Doc

Using SOAP Apis

POST https://example.net/InStock
Content-Type: application/soap+xml; charset=utf-8
SOAPAction: "http://www.w3.org/2003/05/soap-envelope"
<?xml version="1.0" encoding="UTF-8"?>
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:m="http://www.example.org">
  <soap:Header></soap:Header>
  <soap:Body>
    <m:GetStockPrice>
      <m:StockName>GOOG</m:StockName>
    </m:GetStockPrice>
  </soap:Body>
</soap:Envelope>

HTTP/1.1 200

Doc

Capturing and Using a CSRF Token

GET https://example.net

HTTP/* 200
[Captures]
csrf_token: xpath "string(//meta[@name='_csrf_token']/@content)"

POST https://example.net/login?user=toto&password=1234
X-CSRF-TOKEN: {{csrf_token}}

HTTP/* 302

Doc

Checking Byte Order Mark (BOM) in Response Body

GET https://example.net/data.bin

HTTP/* 200
[Asserts]
bytes startsWith hex,efbbbf;

Doc

Man Page

Name

hurl - run and test HTTP requests.

Synopsis

hurl [options] [FILE...]

Description

Hurl is an HTTP client that performs HTTP requests defined in a simple plain text format.

Hurl is very versatile, it enables to chain HTTP requests, capture values from HTTP responses and make asserts.

$ hurl session.hurl

If no input-files are specified, input is read from stdin.

$ echo GET http://httpbin.org/get | hurl
    {
      "args": {},
      "headers": {
        "Accept": "*/*",
        "Accept-Encoding": "gzip",
        "Content-Length": "0",
        "Host": "httpbin.org",
        "User-Agent": "hurl/0.99.10",
        "X-Amzn-Trace-Id": "Root=1-5eedf4c7-520814d64e2f9249ea44e0"
      },
      "origin": "1.2.3.4",
      "url": "http://httpbin.org/get"
    }

Output goes to stdout by default. For output to a file, use the -o option:

$ hurl -o output input.hurl

By default, Hurl executes all HTTP requests and outputs the response body of the last HTTP call.

Hurl File Format

The Hurl file format is fully documented in https://hurl.dev/docs/hurl-file.html

It consists of one or several HTTP requests

GET http:/example.net/endpoint1
GET http:/example.net/endpoint2

Capturing values

A value from an HTTP response can be-reused for successive HTTP requests.

A typical example occurs with csrf tokens.

GET https://example.net
HTTP/1.1 200
# Capture the CSRF token value from html body.
[Captures]
csrf_token: xpath "normalize-space(//meta[@name='_csrf_token']/@content)"

# Do the login !
POST https://example.net/login?user=toto&password=1234
X-CSRF-TOKEN: {{csrf_token}}

Asserts

The HTTP response defined in the Hurl session are used to make asserts.

At the minimum, the response includes the asserts on the HTTP version and status code.

GET http:/google.com
HTTP/1.1 301

It can also include asserts on the response headers

GET http:/google.com
HTTP/1.1 301
Location: http://www.google.com

You can also include explicit asserts combining query and predicate

GET http:/google.com
HTTP/1.1 301
[Asserts]
xpath "string(//title)" == "301 Moved"

Thanks to asserts, Hurl can be used as a testing tool to run scenarii.

Options

Options that exist in curl have exactly the same semantic.

Option	Description
--cacert	Tells curl to use the specified certificate file to verify the peer. The file may contain multiple CA certificates. The certificate(s) must be in PEM format. Normally curl is built to use a default file for this, so this option is typically used to alter that default file.
--color	Colorize Output
--compressed	Request a compressed response using one of the algorithms br, gzip, deflate and automatically decompress the content.
--connect-timeout <seconds>	Maximum time in seconds that you allow Hurl's connection to take. See also -m, --max-time option.
-b, --cookie <file>	Read cookies from file (using the Netscape cookie file format). Combined with -c, --cookie-jar, you can simulate a cookie storage between successive Hurl runs.
-c, --cookie-jar <file>	Write cookies to FILE after running the session (only for one session). The file will be written using the Netscape cookie file format. Combined with -b, --cookie, you can simulate a cookie storage between successive Hurl runs.
--fail-at-end	Continue executing requests to the end of the Hurl file even when an assert error occurs. By default, Hurl exits after an assert error in the HTTP response. Note that this option does not affect the behavior with multiple input Hurl files. All the input files are executed independently. The result of one file does not affect the execution of the other Hurl files.
--file-root <dir>	Set root filesystem to import files in Hurl. This is used for both files in multipart form data and request body. When this is not explicitly defined, the files are relative to the current directory in which Hurl is running.
-L, --location	Follow redirect. You can limit the amount of redirects to follow by using the --max-redirs option.
--glob <glob>	Specify input files that match the given blob. Multiple glob flags may be used. This flag supports common Unix glob patterns like *, ? and []. However, to avoid your shell accidentally expanding glob patterns before Hurl handles them, you must use single quotes or double quotes around each pattern.
-i, --include	Include the HTTP headers in the output (last entry).
--ignore-asserts	Ignore all asserts defined in the Hurl file.
-k, --insecure	This option explicitly allows Hurl to perform "insecure" SSL connections and transfers.
--interactive	Stop between requests. This is similar to a break point, You can then continue (Press C) or quit (Press Q).
--json	Output each hurl file result to JSON. The format is very closed to HAR format.
--max-redirs <num>	Set maximum number of redirection-followings allowed By default, the limit is set to 50 redirections. Set this option to -1 to make it unlimited.
-m, --max-time <seconds>	Maximum time in seconds that you allow a request/response to take. This is the standard timeout. See also --connect-timeout option.
--no-color	Do not colorize Output
--no-output	Suppress output. By default, Hurl outputs the body of the last response.
--noproxy <no-proxy-list>	Comma-separated list of hosts which do not use a proxy. Override value from Environment variable no_proxy.
-o, --output <file>	Write output to instead of stdout.
--progress	Print filename and status for each test (on stderr)
-x, --proxy [protocol://]host[:port]	Use the specified proxy.
--report-junit <file>	Generate JUNIT . If the report already exists, it will be updated with the new test results.
--report-html <dir>	Generate HTML report in dir. If the HTML report already exists, it will be updated with the new test results.
--summary	Print test metrics at the end of the run (on stderr)
--test	Activate test mode; equals --no-output --progress --summary
--to-entry <entry-number>	Execute Hurl file to ENTRY_NUMBER (starting at 1). Ignore the remaining of the file. It is useful for debugging a session.
-u, --user <user:password>	Add basic Authentication header to each request.
-A, --user-agent <name>	Specify the User-Agent string to send to the HTTP server.
--variable <name=value>	Define variable (name/value) to be used in Hurl templates.
--variables-file <file>	Set properties file in which your define your variables. Each variable is defined as name=value exactly as with --variable option. Note that defining a variable twice produces an error.
-v, --verbose	Turn on verbose output on standard error stream Useful for debugging. A line starting with '>' means data sent by Hurl. A line staring with '<' means data received by Hurl. A line starting with '*' means additional info provided by Hurl. If you only want HTTP headers in the output, -i, --include might be the option you're looking for.
-h, --help	Usage help. This lists all current command line options with a short description.
-V, --version	Prints version information

Environment

Environment variables can only be specified in lowercase.

Using an environment variable to set the proxy has the same effect as using the -x, --proxy option.

Variable	Description
http_proxy [protocol://]<host>[:port]	Sets the proxy server to use for HTTP.
https_proxy [protocol://]<host>[:port]	Sets the proxy server to use for HTTPS.
all_proxy [protocol://]<host>[:port]	Sets the proxy server to use if no protocol-specific proxy is set.
no_proxy <comma-separated list of hosts>	list of host names that shouldn't go through any proxy.
HURL_name value	Define variable (name/value) to be used in Hurl templates. This is similar than --variable and --variables-file options.

Exit Codes

Value	Description
1	Failed to parse command-line options.
2	Input File Parsing Error.
3	Runtime error (such as failure to connect to host).
4	Assert Error.

WWW

https://hurl.dev

See Also

curl(1) hurlfmt(1)

Installation

Binaries Installation

Linux

Precompiled binary is available at hurl-1.6.0-x86_64-linux.tar.gz:

$ INSTALL_DIR=/tmp
$ curl -sL https://github.com/Orange-OpenSource/hurl/releases/download/1.6.0/hurl-1.6.0-x86_64-linux.tar.gz | tar xvz -C $INSTALL_DIR
$ export PATH=$INSTALL_DIR/hurl-1.6.0:$PATH

Debian / Ubuntu

For Debian / Ubuntu, Hurl can be installed using a binary .deb file provided in each Hurl release.

$ curl -LO https://github.com/Orange-OpenSource/hurl/releases/download/1.6.0/hurl_1.6.0_amd64.deb
$ sudo dpkg -i hurl_1.6.0_amd64.deb

Arch Linux / Manjaro

hurl-bin package for Arch Linux and derived distros are available via AUR.

macOS

Precompiled binary is available at hurl-1.6.0-x86_64-osx.tar.gz.

Hurl can also be installed with Homebrew:

$ brew install hurl

Windows

Zip File

Hurl can be installed from a standalone zip file hurl-1.6.0-win64.zip. You will need to update your PATH variable.

Installer

An installer hurl-1.6.0-win64-installer.exe is also available.

Chocolatey

$ choco install hurl

Scoop

$ scoop install hurl

Windows Package Manager

$ winget install hurl

Cargo

If you're a Rust programmer, Hurl can be installed with cargo.

$ cargo install hurl

Docker

$ docker pull orangeopensource/hurl

Building From Sources

Hurl sources are available in GitHub.

Build on Linux, macOS

Hurl depends on libssl, libcurl and libxml2 native libraries. You will need their development files in your platform.

# debian based distributions
apt install -y pkg-config libssl-dev libcurl4-openssl-dev libxml2-dev

# redhat based distributions
yum install -y pkg-config gcc openssl-devel libxml2-devel

# arch based distributions
pacman -Sy --noconfirm pkgconf gcc openssl libxml2

# macos
xcode-select --install
brew install pkg-config

Hurl is written in Rust. You should install the latest stable release.

$ curl https://sh.rustup.rs -sSf | sh -s -- -y
$ source $HOME/.cargo/env
$ rustc --version
$ cargo --version

Build

$ git clone https://github.com/Orange-OpenSource/hurl
$ cd hurl
$ cargo build --release
$ ./target/release/hurl --version

Build on Windows

Please follow the contrib on Windows section.