16 stable releases (3 major)

4.2.0 Jan 12, 2024
4.1.0 Sep 21, 2023
4.0.0 Jun 30, 2023
3.0.1 Jun 1, 2023
1.2.0 Mar 3, 2021

#22 in Web programming

Download history 882/week @ 2023-11-07 417/week @ 2023-11-14 644/week @ 2023-11-21 795/week @ 2023-11-28 649/week @ 2023-12-05 816/week @ 2023-12-12 701/week @ 2023-12-19 240/week @ 2023-12-26 743/week @ 2024-01-02 1167/week @ 2024-01-09 1169/week @ 2024-01-16 1111/week @ 2024-01-23 1115/week @ 2024-01-30 1068/week @ 2024-02-06 1296/week @ 2024-02-13 1165/week @ 2024-02-20

4,879 downloads per month


35K SLoC

Hurl Logo

deploy status coverage Crates.io documentation

What's Hurl?

Hurl is a command line tool that runs HTTP requests defined in a simple plain text format.

It can chain requests, capture values and evaluate queries on headers and body response. Hurl is very versatile: it can be used for both fetching data and testing HTTP sessions.

Hurl makes it easy to work with HTML content, REST / SOAP / GraphQL APIs, or any other XML / JSON based APIs.

# Get home:
GET https://example.org
HTTP 200
csrf_token: xpath "string(//meta[@name='_csrf_token']/@content)"

# Do login!
POST https://example.org/login?user=toto&password=1234
X-CSRF-TOKEN: {{csrf_token}}
HTTP 302

Chaining multiple requests is easy:

GET https://example.org/api/health
GET https://example.org/api/step1
GET https://example.org/api/step2
GET https://example.org/api/step3

Also an HTTP Test Tool

Hurl can run HTTP requests but can also be used to test HTTP responses. Different types of queries and predicates are supported, from XPath and JSONPath on body response, to assert on status code and response headers.

Hurl Demo

It is well adapted for REST / JSON APIs

POST https://example.org/api/tests
    "id": "4568",
    "evaluate": true
HTTP 200
header "X-Frame-Options" == "SAMEORIGIN"
jsonpath "$.status" == "RUNNING"    # Check the status code
jsonpath "$.tests" count == 25      # Check the number of items
jsonpath "$.id" matches /\d{4}/     # Check the format of the id

HTML content

GET https://example.org
HTTP 200
xpath "normalize-space(//head/title)" == "Hello world!"


POST https://example.org/graphql
  human(id: "1000") {
    height(unit: FOOT)
HTTP 200

and even SOAP APIs

POST https://example.org/InStock
Content-Type: application/soap+xml; charset=utf-8
SOAPAction: "http://www.w3.org/2003/05/soap-envelope"
<?xml version="1.0" encoding="UTF-8"?>
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:m="https://example.org">
HTTP 200

Hurl can also be used to test the performance of HTTP endpoints

GET https://example.org/api/v1/pets
HTTP 200
duration < 1000  # Duration in ms

And check response bytes

GET https://example.org/data.tar.gz
HTTP 200
sha256 == hex,039058c6f2c0cb492c533b0a4d14ef77cc0f78abccced5287d84a1a2011cfb81;

Finally, Hurl is easy to integrate in CI/CD, with text, JUnit, TAP and HTML reports

HTML report

Why Hurl?

  • Text Format: for both devops and developers
  • Fast CLI: a command line for local dev and continuous integration
  • Single Binary: easy to install, with no runtime required

Powered by curl

Hurl is a lightweight binary written in Rust. Under the hood, Hurl HTTP engine is powered by libcurl, one of the most powerful and reliable file transfer libraries. With its text file format, Hurl adds syntactic sugar to run and test HTTP requests, but it's still the curl that we love: fast, efficient and HTTP/3 ready.


To support its development, star Hurl on GitHub!

Feedback, suggestion, bugs or improvements are welcome.

POST https://hurl.dev/api/feedback
  "name": "John Doe",
  "feedback": "Hurl is awesome!"
HTTP 200







Table of Contents


To run a sample, edit a file with the sample content, and run Hurl:

$ vi sample.hurl

GET https://example.org

$ hurl sample.hurl

By default, Hurl behaves like curl and outputs the last HTTP response's entry. To have a test oriented output, you can use --test option:

$ hurl --test sample.hurl

You can check Hurl tests suite for more samples.

Getting Data

A simple GET:

GET https://example.org


HTTP Headers

A simple GET with headers:

GET https://example.org/news
User-Agent: Mozilla/5.0 
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive


Query Params

GET https://example.org/news
order: newest
search: something to search
count: 100


GET https://example.org/news?order=newest&search=something%20to%20search&count=100


Basic Authentication

GET https://example.org/protected
bob: secret


This is equivalent to construct the request with a Authorization header:

# Authorization header value can be computed with `echo -n 'bob:secret' | base64`
GET https://example.org/protected
Authorization: Basic Ym9iOnNlY3JldA== 

Basic authentication allows per request authentication. If you want to add basic authentication to all the requests of a Hurl file you could use -u/--user option.

Sending Data

Sending HTML Form Data

POST https://example.org/contact
default: false
token: {{token}}
email: john.doe@rookie.org
number: 33611223344


Sending Multipart Form Data

POST https://example.org/upload
field1: value1
field2: file,example.txt;
# One can specify the file content type:
field3: file,example.zip; application/zip


Multipart forms can also be sent with a multiline string body:

POST https://example.org/upload
Content-Type: multipart/form-data; boundary="boundary"
Content-Disposition: form-data; name="key1"

Content-Disposition: form-data; name="upload1"; filename="data.txt"
Content-Type: text/plain

Hello World!
Content-Disposition: form-data; name="upload2"; filename="data.html"
Content-Type: text/html

<div>Hello <b>World</b>!</div>

In that case, files have to be inlined in the Hurl file.


Posting a JSON Body

With an inline JSON:

POST https://example.org/api/tests
    "id": "456",
    "evaluate": true


With a local file:

POST https://example.org/api/tests
Content-Type: application/json


Templating a JSON Body

PUT https://example.org/api/hits
Content-Type: application/json
    "key0": "{{a_string}}",
    "key1": {{a_bool}},
    "key2": {{a_null}},
    "key3": {{a_number}}

Variables can be initialized via command line:

$ hurl --variable a_string=apple \
       --variable a_bool=true \
       --variable a_null=null \
       --variable a_number=42 \

Resulting in a PUT request with the following JSON body:

    "key0": "apple",
    "key1": true,
    "key2": null,
    "key3": 42


Templating a XML Body

Using templates with XML body is not currently supported in Hurl. You can use templates in XML multiline string body with variables to send a variable XML body:

POST https://example.org/echo/post/xml
<?xml version="1.0" encoding="utf-8"?>


Using GraphQL Query

A simple GraphQL query:

POST https://example.org/starwars/graphql
  human(id: "1000") {
    height(unit: FOOT)

A GraphQL query with variables:

POST https://example.org/starwars/graphql
query Hero($episode: Episode, $withFriends: Boolean!) {
  hero(episode: $episode) {
    friends @include(if: $withFriends) {

variables {
  "episode": "JEDI",
  "withFriends": false

GraphQL queries can also use Hurl templates.


Testing Response

Testing Response Headers

Use implicit response asserts to test header values:

GET https://example.org/index.html
HTTP 200
Set-Cookie: theme=light
Set-Cookie: sessionToken=abc123; Expires=Wed, 09 Jun 2021 10:18:14 GMT


Or use explicit response asserts with predicates:

GET https://example.org
HTTP 302
header "Location" contains "www.example.net"


Testing REST APIs

Asserting JSON body response (node values, collection count etc...) with JSONPath:

GET https://example.org/order
screencapability: low
HTTP 200
jsonpath "$.validated" == true
jsonpath "$.userInfo.firstName" == "Franck"
jsonpath "$.userInfo.lastName" == "Herbert"
jsonpath "$.hasDevice" == false
jsonpath "$.links" count == 12
jsonpath "$.state" != null
jsonpath "$.order" matches "^order-\\d{8}$"
jsonpath "$.order" matches /^order-\d{8}$/     # Alternative syntax with regex literal


Testing status code:

GET https://example.org/order/435
HTTP 200


GET https://example.org/order/435
# Testing status code is in a 200-300 range
status >= 200
status < 300


Testing HTML Response

GET https://example.org
HTTP 200
Content-Type: text/html; charset=UTF-8
xpath "string(/html/head/title)" contains "Example" # Check title
xpath "count(//p)" == 2  # Check the number of p
xpath "//p" count == 2  # Similar assert for p
xpath "boolean(count(//h2))" == false  # Check there is no h2  
xpath "//h2" not exists  # Similar assert for h2
xpath "string(//div[1])" matches /Hello.*/


GET https://example.org/home
HTTP 200
cookie "JSESSIONID" == "8400BAFE2F66443613DC38AE3D9D6239"
cookie "JSESSIONID[Value]" == "8400BAFE2F66443613DC38AE3D9D6239"
cookie "JSESSIONID[Expires]" contains "Wed, 13 Jan 2021"
cookie "JSESSIONID[Secure]" exists
cookie "JSESSIONID[HttpOnly]" exists
cookie "JSESSIONID[SameSite]" == "Lax"


Testing Bytes Content

Check the SHA-256 response body hash:

GET https://example.org/data.tar.gz
HTTP 200
sha256 == hex,039058c6f2c0cb492c533b0a4d14ef77cc0f78abccced5287d84a1a2011cfb81;


SSL Certificate

Check the properties of a SSL certificate:

GET https://example.org
HTTP 200
certificate "Subject" == "CN=example.org"
certificate "Issuer" == "C=US, O=Let's Encrypt, CN=R3"
certificate "Expire-Date" daysAfterNow > 15
certificate "Serial-Number" matches /[\da-f]+/



HTTP Version

Testing HTTP version (1.0, 1.1, 2 or 3):

GET https://example.org/order/435
HTTP/3 200


Polling and Retry

Retry request on any errors (asserts, captures, status code, runtime etc...):

# Create a new job
POST https://api.example.org/jobs
HTTP 201
job_id: jsonpath "$.id"
jsonpath "$.state" == "RUNNING"

# Pull job status until it is completed
GET https://api.example.org/jobs/{{job_id}}
retry: 10   # maximum number of retry, -1 for unlimited
HTTP 200
jsonpath "$.state" == "COMPLETED"


Testing Endpoint Performance

GET https://sample.org/helloworld
duration < 1000   # Check that response time is less than one second



POST https://example.org/InStock
Content-Type: application/soap+xml; charset=utf-8
SOAPAction: "http://www.w3.org/2003/05/soap-envelope"
<?xml version="1.0" encoding="UTF-8"?>
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:m="https://example.org">
HTTP 200


Capturing and Using a CSRF Token

GET https://example.org
HTTP 200
csrf_token: xpath "string(//meta[@name='_csrf_token']/@content)"

POST https://example.org/login?user=toto&password=1234
X-CSRF-TOKEN: {{csrf_token}}
HTTP 302


Checking Byte Order Mark (BOM) in Response Body

GET https://example.org/data.bin
HTTP 200
bytes startsWith hex,efbbbf;


AWS Signature Version 4 Requests

Generate signed API requests with AWS Signature Version 4, as used by several cloud providers.

POST https://sts.eu-central-1.amazonaws.com/
aws-sigv4: aws:amz:eu-central-1:sts
Action: GetCallerIdentity
Version: 2011-06-15

The Access Key is given per --user.




hurl - run and test HTTP requests.


hurl [options] [FILE...]


Hurl is a command line tool that runs HTTP requests defined in a simple plain text format.

It can chain requests, capture values and evaluate queries on headers and body response. Hurl is very versatile, it can be used for fetching data and testing HTTP sessions: HTML content, REST / SOAP / GraphQL APIs, or any other XML / JSON based APIs.

$ hurl session.hurl

If no input files are specified, input is read from stdin.

$ echo GET http://httpbin.org/get | hurl
      "args": {},
      "headers": {
        "Accept": "*/*",
        "Accept-Encoding": "gzip",
        "Content-Length": "0",
        "Host": "httpbin.org",
        "User-Agent": "hurl/0.99.10",
        "X-Amzn-Trace-Id": "Root=1-5eedf4c7-520814d64e2f9249ea44e0"
      "origin": "",
      "url": "http://httpbin.org/get"

Output goes to stdout by default. To have output go to a file, use the -o, --output option:

$ hurl -o output input.hurl

By default, Hurl executes all HTTP requests and outputs the response body of the last HTTP call.

To have a test oriented output, you can use --test option:

$ hurl --test *.hurl

Hurl File Format

The Hurl file format is fully documented in https://hurl.dev/docs/hurl-file.html

It consists of one or several HTTP requests

GET http://example.org/endpoint1
GET http://example.org/endpoint2

Capturing values

A value from an HTTP response can be-reused for successive HTTP requests.

A typical example occurs with CSRF tokens.

GET https://example.org
HTTP 200
# Capture the CSRF token value from html body.
csrf_token: xpath "normalize-space(//meta[@name='_csrf_token']/@content)"

# Do the login !
POST https://example.org/login?user=toto&password=1234
X-CSRF-TOKEN: {{csrf_token}}

More information on captures can be found here https://hurl.dev/docs/capturing-response.html


The HTTP response defined in the Hurl file are used to make asserts. Responses are optional.

At the minimum, response includes assert on the HTTP status code.

GET http://example.org
HTTP 301

It can also include asserts on the response headers

GET http://example.org
HTTP 301
Location: http://www.example.org

Explicit asserts can be included by combining a query and a predicate

GET http://example.org
HTTP 301
xpath "string(//title)" == "301 Moved"

With the addition of asserts, Hurl can be used as a testing tool to run scenarios.

More information on asserts can be found here https://hurl.dev/docs/asserting-response.html


Options that exist in curl have exactly the same semantics.

Options specified on the command line are defined for every Hurl file's entry.

For instance:

$ hurl --location foo.hurl

will follow redirection for each entry in foo.hurl. You can also define an option only for a particular entry with an [Options] section. For instance, this Hurl file:

GET https://example.org
HTTP 301

GET https://example.org
location: true
HTTP 200

will follow a redirection only for the second entry.

Option Description
Generate an Authorization header with an AWS SigV4 signature.

Use -u, --user to specify Access Key Id (username) and Secret Key (password).

To use temporary session credentials (e.g. for an AWS IAM Role), add the X-Amz-Security-Token header containing the session token.
Specifies the certificate file for peer verification. The file may contain multiple CA certificates and must be in PEM format.
Normally Hurl is built to use a default file for this, so this option is typically used to alter that default file.
Client certificate file and password.

See also --key.
Colorize debug output (the HTTP response output is not colorized).
Request a compressed response using one of the algorithms br, gzip, deflate and automatically decompress the content.
Maximum time in seconds that you allow Hurl's connection to take.

See also -m, --max-time.
For a request to the given HOST1:PORT1 pair, connect to HOST2:PORT2 instead. This option can be used several times in a command line.

See also --resolve.
Continue executing requests to the end of the Hurl file even when an assert error occurs.
By default, Hurl exits after an assert error in the HTTP response.

Note that this option does not affect the behavior with multiple input Hurl files.

All the input files are executed independently. The result of one file does not affect the execution of the other Hurl files.
Read cookies from FILE (using the Netscape cookie file format).

Combined with -c, --cookie-jar, you can simulate a cookie storage between successive Hurl runs.
Write cookies to FILE after running the session (only for one session).
The file will be written using the Netscape cookie file format.

Combined with -b, --cookie, you can simulate a cookie storage between successive Hurl runs.
Sets delay before each request.
Control the format of error message (short by default or long)
Set root directory to import files in Hurl. This is used for files in multipart form data, request body and response output.
When it is not explicitly defined, files are relative to the current directory in which Hurl is running.
Specify input files that match the given glob pattern.

Multiple glob flags may be used. This flag supports common Unix glob patterns like *, ? and [].
However, to avoid your shell accidentally expanding glob patterns before Hurl handles them, you must use single quotes or double quotes around each pattern.
Tells Hurl to use HTTP version 1.0 instead of using its internally preferred HTTP version.
Tells Hurl to use HTTP version 1.1.
Tells Hurl to use HTTP version 2.
For HTTPS, this means Hurl negotiates HTTP/2 in the TLS handshake. Hurl does this by default.
For HTTP, this means Hurl attempts to upgrade the request to HTTP/2 using the Upgrade: request header.
Tells Hurl to try HTTP/3 to the host in the URL, but fallback to earlier HTTP versions if the HTTP/3 connection establishment fails. HTTP/3 is only available for HTTPS and not for HTTP URLs.
Ignore all asserts defined in the Hurl file.
Include the HTTP headers in the output
This option explicitly allows Hurl to perform "insecure" SSL connections and transfers.
Stop between requests.

This is similar to a break point, You can then continue (Press C) or quit (Press Q).
This option tells Hurl to use IPv4 addresses only when resolving host names, and not for example try IPv6.
This option tells Hurl to use IPv6 addresses only when resolving host names, and not for example try IPv4.
Output each Hurl file result to JSON. The format is very closed to HAR format.
Private key file name.
Follow redirect. To limit the amount of redirects to follow use the --max-redirs option
Like -L, --location, but allows sending the name + password to all hosts that the site may redirect to.
This may or may not introduce a security breach if the site redirects you to a site to which you send your authentication info (which is plaintext in the case of HTTP Basic authentication).
Set maximum number of redirection-followings allowed

By default, the limit is set to 50 redirections. Set this option to -1 to make it unlimited.
Maximum time in seconds that you allow a request/response to take. This is the standard timeout.

See also --connect-timeout.
Do not colorize output.
Suppress output. By default, Hurl outputs the body of the last response.
Comma-separated list of hosts which do not use a proxy.

Override value from Environment variable no_proxy.
Write output to FILE instead of stdout.
Tell Hurl to not handle sequences of /../ or /./ in the given URL path. Normally Hurl will squash or merge them according to standards but with this option set you tell it not to do that.
PROTOCOL://HOST[:PORT]> Use the specified proxy.
Generate HTML report in DIR.

If the HTML report already exists, it will be updated with the new test results.
Generate JUnit File.

If the FILE report already exists, it will be updated with the new test results.
Generate TAP report.

If the FILE report already exists, it will be updated with the new test results.
Provide a custom address for a specific host and port pair. Using this, you can make the Hurl requests(s) use a specified address and prevent the otherwise normally resolved address to be used. Consider it a sort of /etc/hosts alternative provided on the command line.
Maximum number of retries, 0 for no retries, -1 for unlimited retries. Retry happens if any error occurs (asserts, captures, runtimes etc...).
Duration in milliseconds between each retry. Default is 1000 ms.
(Windows) This option tells Hurl to disable certificate revocation checks. WARNING: this option loosens the SSL security, and by using this flag you ask for exactly that.
Activate test mode: with this, the HTTP response is not outputted anymore, progress is reported for each Hurl file tested, and a text summary is displayed when all files have been run.
Execute Hurl file to ENTRY_NUMBER (starting at 1).
Ignore the remaining of the file. It is useful for debugging a session.
(HTTP) Connect through this Unix domain socket, instead of using the network.
Add basic Authentication header to each request.
Specify the User-Agent string to send to the HTTP server.
Define variable (name/value) to be used in Hurl templates.
Set properties file in which your define your variables.

Each variable is defined as name=value exactly as with --variable option.

Note that defining a variable twice produces an error.
Turn on verbose output on standard error stream.
Useful for debugging.

A line starting with '>' means data sent by Hurl.
A line staring with '<' means data received by Hurl.
A line starting with '*' means additional info provided by Hurl.

If you only want HTTP headers in the output, -i, --include might be the option you're looking for.
Turn on more verbose output on standard error stream.

In contrast to --verbose option, this option outputs the full HTTP body request and response on standard error. In addition, lines starting with '**' are libcurl debug logs.
Usage help. This lists all current command line options with a short description.
Prints version information


Environment variables can only be specified in lowercase.

Using an environment variable to set the proxy has the same effect as using the -x, --proxy option.

Variable Description
http_proxy [PROTOCOL://]<HOST>[:PORT] Sets the proxy server to use for HTTP.
https_proxy [PROTOCOL://]<HOST>[:PORT] Sets the proxy server to use for HTTPS.
all_proxy [PROTOCOL://]<HOST>[:PORT] Sets the proxy server to use if no protocol-specific proxy is set.
no_proxy <comma-separated list of hosts> List of host names that shouldn't go through any proxy.
HURL_name value Define variable (name/value) to be used in Hurl templates. This is similar than --variable and --variables-file options.
NO_COLOR When set to a non-empty string, do not colorize output (see --no-color option).

Exit Codes

Value Description
0 Success.
1 Failed to parse command-line options.
2 Input File Parsing Error.
3 Runtime error (such as failure to connect to host).
4 Assert Error.



See Also

curl(1) hurlfmt(1)


Binaries Installation


Precompiled binary is available at Hurl latest GitHub release:

$ VERSION=4.2.0
$ curl --silent --location https://github.com/Orange-OpenSource/hurl/releases/download/$VERSION/hurl-$VERSION-x86_64-unknown-linux-gnu.tar.gz | tar xvz -C $INSTALL_DIR

Debian / Ubuntu

For Debian / Ubuntu, Hurl can be installed using a binary .deb file provided in each Hurl release.

$ VERSION=4.2.0
$ curl --location --remote-name https://github.com/Orange-OpenSource/hurl/releases/download/$VERSION/hurl_$VERSION_amd64.deb
$ sudo apt update && sudo apt install ./hurl_$VERSION_amd64.deb


Hurl is available on testing channel.

$ apk add --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing hurl

Arch Linux / Manjaro

hurl-bin package for Arch Linux and derived distros is available via AUR.

NixOS / Nix

NixOS / Nix package is available on stable channel.


Precompiled binaries for Intel and ARM CPUs are available at Hurl latest GitHub release.


$ brew install hurl


$ sudo port install hurl


$ sudo pkg install hurl


Zip File

Hurl can be installed from a standalone zip file at Hurl latest GitHub release. You will need to update your PATH variable.


An executable installer is also available at Hurl latest GitHub release.


$ choco install hurl


$ scoop install hurl

Windows Package Manager

$ winget install hurl


If you're a Rust programmer, Hurl can be installed with cargo.

$ cargo install hurl


$ conda install -c conda-forge hurl

Hurl can also be installed with conda-forge powered package manager like pixi.


$ docker pull ghcr.io/orange-opensource/hurl:latest


$ npm install --save-dev @orangeopensource/hurl

Building From Sources

Hurl sources are available in GitHub.

Build on Linux

Hurl depends on libssl, libcurl and libxml2 native libraries. You will need their development files in your platform.

Debian based distributions

$ apt install -y build-essential pkg-config libssl-dev libcurl4-openssl-dev libxml2-dev

Red Hat based distributions

$ yum install -y pkg-config gcc openssl-devel libxml2-devel

Arch based distributions

$ pacman -S --noconfirm pkgconf gcc glibc openssl libxml2

Alpine based distributions

$ apk add curl-dev gcc libxml2-dev musl-dev openssl-dev 

Build on macOS

$ xcode-select --install
$ brew install pkg-config

Hurl is written in Rust. You should install the latest stable release.

$ curl https://sh.rustup.rs -sSf | sh -s -- -y
$ source $HOME/.cargo/env
$ rustc --version
$ cargo --version

Then build hurl:

$ git clone https://github.com/Orange-OpenSource/hurl
$ cd hurl
$ cargo build --release
$ ./target/release/hurl --version

Build on Windows

Please follow the contrib on Windows section.


~819K SLoC