curl / hurl commands I often use for testing

curl with certificates and XML-Payload

curl -k -vv --cert /PATH/TO/CERT/XYZ.cer:PASSWORD --key /PATH/TO/KEY/XYZ.key --cacert /PATH/TO/CAS/XYZ.pem --data-binary "@test.xml" https://SOAP-ENDPOINT.de:12345/CC

curl to get token and call api

replace CLIENT, API_GATEWAY, PASSWORD, HOST-GWURI and HOST accordingly.

bash(linux):

ACCESS_TOKEN=$(curl -u "CLIENT:PASSWORD" \
-X POST 'https://HOST/auth/realms/cit2/protocol/openid-connect/token' \
-d grant_type=client_credentials -d client_id=CLIENT \
-d client_secret=PASSWORD | jq -r '.access_token' )

curl -w "dns: %{time_namelookup}, tcp_con: %{time_connect}, ssl_con: %{time_appconnect}, start: %{time_starttransfer}" \
--insecure -v https://HOST-GWURI/UserRolesAndPermissions/v1/permission?fields=queryCache,fullSize&limit=1&offset=500 \
-H"Authorization: Bearer $ACCESS_TOKEN" -H"X-Request-ID: 234234234234234234234234234234234234"

cmd (multiline windows):

curl -u "CLIENT:PASSWORD" ^
-X POST https://HOST/auth/realms/cit2/protocol/openid-connect/token ^
-d grant_type=client_credentials -d client_id=CLIENT ^
-d client_secret=PASSWORD | jq -r ".access_token" > token.secret
 
for /f %i in ('type token.secret') do set "ACCESS_TOKEN=%i"

OHA example

  • winget install –id hatoo.oha
  • winget install –id jqlang.jq
oha --insecure -c6 -z1m https://API_GATEWAY/AccountManagement/v2/partyAccount/billingAccount/0000000004 -H"Authorization: Bearer %ACCESS_TOKEN%"

hurl example with a token request for testing purposes

  • winget install hurl / sudo apt-get install hurl
  • https://hurl.dev/docs
  • hurl -v billingAccount-oauth.hurl
cat billingAccount-oauth.hurl

# Get an authorization token and store it in "jwt_token"
POST https://HOST/auth/realms/cit2/protocol/openid-connect/token
[FormParams]
grant_type: client_credentials
client_id: CLIENTID
client_secret: PASSWORD
[BasicAuth]
CLIENTID: PASSWORD

HTTP 200
[Captures]
jwt_token: jsonpath "$.access_token"
 
 
 
GET https://GW/AccountManagement/v2/partyAccount/billingAccount?customerNr=1831084780&limit=11&offset=0
User-Agent: Frank
Authorization: Bearer {{jwt_token}}
X-Request-ID: 234234234234234234234234234234234234
 
[Options]
insecure: true
 
HTTP 200
[Asserts]
header "Content-Type" == "application/json;charset=UTF-8"
jsonpath "$.[0].financialAccountNr" == "2298506192"
 
 
 
GET https://GW/AccountManagement/v2/partyAccount/billingAccount?customerNr=1941081174
User-Agent: Frank
Authorization: Bearer {{jwt_token}}
X-Request-ID: Request-RANDOM-NUMBER
 
[Options]
insecure: true
 
HTTP 200
[Asserts]
header "Content-Type" == "application/json;charset=UTF-8"
jsonpath "$" count == 7780
 
 
 
GET https://GW/ccountManagement/v2/partyAccount/billingAccount?customerNr=1941081174&limit=1000&offset=7000
User-Agent: Frank
Authorization: Bearer {{jwt_token}}
X-Request-ID: Request-RANDOM-NUMBER
 
[Options]
insecure: true
 
HTTP 206
[Asserts]
header "Content-Type" == "application/json;charset=UTF-8"
jsonpath "$" count == 780
header "X-Total-Count" == "7780"

Simple script cmd/bash

cmd:

hurl -v billingAccount-oauth.hurl
if NOT %errorlevel% == 0 echo ERROR billingAccount

bash:

hurl -v billingAccount-oauth.hurl
if [ $? != 0 ] ; then echo "ERROR billingAccount"; fi

python

test.urls:

GET:/AccountManagement/v2/financialAccount/921210248331695202110
GET:/AgreementManagement/v1/agreementSpecifications?agreementType=InvoiceContract&owner=1
GET:/PartyManagement/v4/parties/9221690093
GET:/ProductInventoryManagement/v3/product?fields=customerNumber=XXXX1663950,productStatus=active,productRelationships=true
...

url-test.py:

import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning
 
# Deaktiviere SSL-Warnungen
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
 
import random
import time
import sys
import concurrent.futures
import os
 
def generate_x_request_id():
    x_request_id = ''.join([str(random.randint(0, 9)) for _ in range(40)])
    return x_request_id
 
if len(sys.argv) < 2:
    print("Bitte geben Sie den Dateinamen als Befehlszeilenargument an.")
    sys.exit(1)
 
filename = sys.argv[1]
 
# Lesen der Datei
try:
    with open(filename, 'r') as file:
        urls = file.readlines()
except FileNotFoundError:
    print(f"Die Datei '{filename}' konnte nicht gefunden werden.")
    sys.exit(1)
 
# Definieren der zu setzenden HTTP-Header
headers = {
    'Authorization': 'Basic XXXXXXXXXXXXXXXXXXX',
 #  'Authorization': 'Bearer YYYYYYYYYYYYYYYXXXXXXX',
    'X-System-ID': '1'
}
 
base_url = 'https://localhost:20205/crm_restserver'
 
# Funktion zum Senden der HTTP-Anfragen
def send_request(url):
    start_time = time.time()
    full_url = base_url + url.strip()
    x_request_id = generate_x_request_id()
    headers['X-Request-ID'] = x_request_id
    response = requests.get(full_url, headers=headers, verify=False)
    response_size = len(response.content)
    duration = time.time() - start_time
    print(f"Request URL: {full_url}   Code: {response.status_code}   {duration:.4f} seconds   {response_size} bytes", flush=True)
 
max_threads = 6
counter = 0
 
def submit_request(url):
    try:
        send_request(url)
    except Exception as e:
        print(f"Fehler beim Bearbeiten der URL '{url}': {e}")
        os._exit(0)
 
start_all = time.time()
 
with concurrent.futures.ThreadPoolExecutor(max_workers=max_threads) as executor:
    for url in urls:
        url = url.strip()
        if len(url) > 1:
            if url[0] !='#':
                counter = counter + 1
                clean_url = url.strip().split(':')[1]
                executor.submit(submit_request, clean_url)
 
durationAll = time.time() - start_all
print(f"Urls processed: {counter}   took {durationAll:.4f} seconds")
  • python url-test.py test.urls