# Step 1: Login POST http://localhost:3333/login [FormParams] email: jason@debian.org password: supersecretpassword HTTP 200 [Captures] # Capture the token into a variable named 'token' token: jsonpath "$.access_token" # Step 2: Use the token to access a protected route # Hurl automatically handles the variable injection with {{token}} GET http://localhost:8080/api/protected-route Authorization: Bearer {{token}} HTTP 200 [Asserts] # Check for something that only an auth'd user sees jsonpath "$.status" == "success"