DEV.co
Open-Source Testing · Orange-OpenSource

hurl

Hurl is a command-line tool that executes HTTP requests defined in plain text files, supporting request chaining, response assertions, and multiple output formats. It combines curl's reliability with a higher-level syntax for API testing, data fetching, and integration testing workflows.

Source: GitHub — github.com/Orange-OpenSource/hurl
19.1k
GitHub stars
732
Forks
Rust
Primary language
Apache-2.0
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
RepositoryOrange-OpenSource/hurl
OwnerOrange-OpenSource
Primary languageRust
LicenseApache-2.0 — OSI-approved
Stars19.1k
Forks732
Open issues199
Latest release8.0.1 (2026-04-29)
Last updated2026-07-08
Sourcehttps://github.com/Orange-OpenSource/hurl

What hurl is

Written in Rust and powered by libcurl, Hurl parses a custom text format to execute HTTP requests with support for captures (XPath, JSONPath), assertions (status, headers, body content), and test reporting (HTML, JUnit, TAP, JSON). It runs as a single binary with no runtime dependencies.

Quickstart

Get the hurl source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/Orange-OpenSource/hurl.gitcd hurl# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

REST/JSON API Testing

Define multi-step API test scenarios with request chaining, variable capture, and JSON/XPath assertions in a human-readable format. Native support for JSONPath queries on response bodies enables quick validation of API contracts.

CI/CD Integration Testing

Execute HTTP-based integration tests in pipelines with generated JUnit, TAP, or HTML reports. Single binary deployment and text-based test files make version control and test maintenance straightforward.

HTTP Request Workflows & Data Fetching

Chain multiple HTTP requests with response capture and templating for data extraction, CSRF token handling, and session-based workflows. Simpler and more readable than shell scripts wrapping curl for sequential API calls.

Implementation considerations

  • Learn Hurl's custom text format (headers, captures, asserts blocks); minimal syntax but requires familiarization for team adoption.
  • Define environment-specific variables (endpoints, credentials) via CLI flags or files to avoid hardcoding secrets in test files.
  • Plan for capture and variable scoping across chained requests; complex multi-step workflows may benefit from helper scripts or modular .hurl files.
  • Integrate report generation (--json, --junit, --html) early into CI/CD to enable test result aggregation and trend analysis.
  • Consider SSL/certificate validation settings (--insecure, --cert) for dev/staging environments; document security implications.

When to avoid it — and what to weigh

  • Complex Load Testing — Hurl is not designed for performance/load testing at scale. For sustained concurrent request simulation, specialized tools (JMeter, Locust, k6) are more appropriate.
  • Heavy GUI/Browser Testing — Hurl tests HTTP requests only; it does not execute JavaScript or interact with DOM. For full browser automation and UI testing, use Selenium, Playwright, or Cypress instead.
  • GraphQL-First Workflows with Subscriptions — While Hurl can send GraphQL queries, it does not support WebSocket subscriptions or real-time GraphQL features. GraphQL-specific clients are better suited for those scenarios.
  • Embedded or Headless Testing Without CLI — Hurl is a standalone CLI tool; it is not packaged as a library for embedding in other applications. If programmatic HTTP testing APIs are required, consider curl bindings or dedicated testing frameworks.

License & commercial use

Apache License 2.0 (Apache-2.0) is an OSI-approved permissive license permitting commercial use, modification, and distribution with full liability disclaimer.

Apache-2.0 explicitly permits commercial use and closed-source derivative works. No per-seat licensing, royalties, or commercial agreements required. Users may build proprietary tools using or bundling Hurl. Retain license and copyright notices in distributions.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationStrong
License clarityClear
Deployment complexityLow
DEV.co fitStrong
Assessment confidenceHigh
Security considerations

Hurl executes HTTP requests and processes untrusted responses (JSON, XML, HTML). Consider: (1) code injection via captured variables in subsequent requests—validate/sanitize user inputs; (2) credential exposure in .hurl files or logs—use environment variables and redaction flags; (3) SSL/TLS verification—disable --insecure only in dev/test; (4) payload injection in dynamic request bodies. No security audit data provided; refer to project issues and releases for known CVEs.

Alternatives to consider

curl + shell scripting

Lower-level, maximally flexible, but error-prone for complex workflows, harder to maintain, and test assertions require manual parsing.

Postman/Insomnia

GUI-driven, rich features for API design and mocking, better for interactive exploration; less suitable for CI/CD automation and version control.

pytest + requests library

Full Python testing framework with rich assertions and fixtures; steeper learning curve for non-developers; requires Python runtime.

Software development agency

Build on hurl with DEV.co software developers

Hurl streamlines HTTP request workflows and integration testing. Whether you're building REST APIs, testing microservices, or automating CI/CD pipelines, Devco can help you adopt and integrate Hurl into your development practices. Contact us to explore how Hurl fits your testing strategy.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

hurl FAQ

Can Hurl run JavaScript or interact with the DOM?
No. Hurl is an HTTP-level tool. It sends requests and validates responses. For browser automation or JavaScript execution, use Playwright, Selenium, or Cypress.
How do I securely pass API keys or passwords to Hurl tests?
Use environment variables (--variable flag or shell export) and the --redact flag to mask sensitive data in logs/reports. Store secrets in CI/CD secret managers, not in .hurl files.
Can I use Hurl for load testing or performance benchmarking?
Hurl can measure response duration (duration < 1000) for individual requests, but it is not designed for sustained load or concurrent testing. Use k6, JMeter, or Locust for that.
Does Hurl support WebSocket or GraphQL subscriptions?
Hurl handles HTTP requests and GraphQL queries over HTTP POST, but does not support WebSocket or real-time subscriptions.

Custom software development services

Need help beyond evaluating hurl? DEV.co is a software development agency offering software development services and web development for teams of every size. Our software developers and web developers build custom software, web applications, APIs, and open-source testing integrations — and maintain them long-term.

Ready to Simplify Your API Testing?

Hurl streamlines HTTP request workflows and integration testing. Whether you're building REST APIs, testing microservices, or automating CI/CD pipelines, Devco can help you adopt and integrate Hurl into your development practices. Contact us to explore how Hurl fits your testing strategy.