hurl
Hurl is a command-line tool that executes HTTP requests defined in plain text files, supporting request chaining, response assertions, and multiple output formats. It combines curl's reliability with a higher-level syntax for API testing, data fetching, and integration testing workflows.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | Orange-OpenSource/hurl |
| Owner | Orange-OpenSource |
| Primary language | Rust |
| License | Apache-2.0 — OSI-approved |
| Stars | 19.1k |
| Forks | 732 |
| Open issues | 199 |
| Latest release | 8.0.1 (2026-04-29) |
| Last updated | 2026-07-08 |
| Source | https://github.com/Orange-OpenSource/hurl |
What hurl is
Written in Rust and powered by libcurl, Hurl parses a custom text format to execute HTTP requests with support for captures (XPath, JSONPath), assertions (status, headers, body content), and test reporting (HTML, JUnit, TAP, JSON). It runs as a single binary with no runtime dependencies.
Get the hurl source
Clone the repository and explore it locally.
git clone https://github.com/Orange-OpenSource/hurl.gitcd hurl# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Learn Hurl's custom text format (headers, captures, asserts blocks); minimal syntax but requires familiarization for team adoption.
- Define environment-specific variables (endpoints, credentials) via CLI flags or files to avoid hardcoding secrets in test files.
- Plan for capture and variable scoping across chained requests; complex multi-step workflows may benefit from helper scripts or modular .hurl files.
- Integrate report generation (--json, --junit, --html) early into CI/CD to enable test result aggregation and trend analysis.
- Consider SSL/certificate validation settings (--insecure, --cert) for dev/staging environments; document security implications.
When to avoid it — and what to weigh
- Complex Load Testing — Hurl is not designed for performance/load testing at scale. For sustained concurrent request simulation, specialized tools (JMeter, Locust, k6) are more appropriate.
- Heavy GUI/Browser Testing — Hurl tests HTTP requests only; it does not execute JavaScript or interact with DOM. For full browser automation and UI testing, use Selenium, Playwright, or Cypress instead.
- GraphQL-First Workflows with Subscriptions — While Hurl can send GraphQL queries, it does not support WebSocket subscriptions or real-time GraphQL features. GraphQL-specific clients are better suited for those scenarios.
- Embedded or Headless Testing Without CLI — Hurl is a standalone CLI tool; it is not packaged as a library for embedding in other applications. If programmatic HTTP testing APIs are required, consider curl bindings or dedicated testing frameworks.
License & commercial use
Apache License 2.0 (Apache-2.0) is an OSI-approved permissive license permitting commercial use, modification, and distribution with full liability disclaimer.
Apache-2.0 explicitly permits commercial use and closed-source derivative works. No per-seat licensing, royalties, or commercial agreements required. Users may build proprietary tools using or bundling Hurl. Retain license and copyright notices in distributions.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Strong |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Strong |
| Assessment confidence | High |
Hurl executes HTTP requests and processes untrusted responses (JSON, XML, HTML). Consider: (1) code injection via captured variables in subsequent requests—validate/sanitize user inputs; (2) credential exposure in .hurl files or logs—use environment variables and redaction flags; (3) SSL/TLS verification—disable --insecure only in dev/test; (4) payload injection in dynamic request bodies. No security audit data provided; refer to project issues and releases for known CVEs.
Alternatives to consider
curl + shell scripting
Lower-level, maximally flexible, but error-prone for complex workflows, harder to maintain, and test assertions require manual parsing.
Postman/Insomnia
GUI-driven, rich features for API design and mocking, better for interactive exploration; less suitable for CI/CD automation and version control.
pytest + requests library
Full Python testing framework with rich assertions and fixtures; steeper learning curve for non-developers; requires Python runtime.
Build on hurl with DEV.co software developers
Hurl streamlines HTTP request workflows and integration testing. Whether you're building REST APIs, testing microservices, or automating CI/CD pipelines, Devco can help you adopt and integrate Hurl into your development practices. Contact us to explore how Hurl fits your testing strategy.
Talk to DEV.coRelated on DEV.co
Explore the category and the services that help you build with it.
hurl FAQ
Can Hurl run JavaScript or interact with the DOM?
How do I securely pass API keys or passwords to Hurl tests?
Can I use Hurl for load testing or performance benchmarking?
Does Hurl support WebSocket or GraphQL subscriptions?
Custom software development services
Need help beyond evaluating hurl? DEV.co is a software development agency offering software development services and web development for teams of every size. Our software developers and web developers build custom software, web applications, APIs, and open-source testing integrations — and maintain them long-term.
Ready to Simplify Your API Testing?
Hurl streamlines HTTP request workflows and integration testing. Whether you're building REST APIs, testing microservices, or automating CI/CD pipelines, Devco can help you adopt and integrate Hurl into your development practices. Contact us to explore how Hurl fits your testing strategy.