HTTP/API

Use xh for one-off requests and hurl for request files that should be rerun, reviewed, or checked into a project.

Tools

hurl is managed by mise in the workstation tool inventory. The repo also renders secret-free templates under:

text

~/.config/hurl/templates/

Available templates:

text

healthcheck.hurl
json.hurl
auth-bearer.hurl

Helpers

Create a request from a managed template:

bash

hurl-new healthcheck api-health.hurl

Run one file:

bash

hurl-run api-health.hurl

Run every .hurl file under the current directory:

bash

hurl-run

Pass secrets at runtime rather than writing them into request files:

bash

hurl-run --variable token="$API_TOKEN" auth-bearer.hurl

Secret Policy

Do not commit bearer tokens, API keys, cookies, session headers, or local credential files. Use runtime variables, environment variables, direnv-managed local files, or an external secret store.

The managed auth-bearer.hurl template intentionally contains only the variable placeholder.

HTTP/API ​

Tools ​

Helpers ​

Secret Policy ​

HTTP/API

Tools

Helpers

Secret Policy