reqwest
The most popular Rust HTTP client library. Built on Tokio and Hyper with a high-level ergonomic API. Supports async/await, automatic JSON serialization/deserialization via serde, streaming requests/responses, cookie management, connection pooling, TLS (rustls or native-tls), proxy support, and middleware. The de-facto standard Rust HTTP client for making API calls.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
MIT/Apache 2.0. TLS via rustls (preferred) — memory-safe TLS implementation. Certificate verification enabled by default. No sensitive data logged by default.
⚡ Reliability
Best When
You need an ergonomic, production-ready async HTTP client in Rust — making API calls with JSON, authentication, and connection reuse.
Avoid When
You need synchronous HTTP without Tokio — use ureq. For HTTP/3 or custom protocol needs, consider hyper directly.
Use Cases
- • Make async HTTP API calls in Rust agent services — GET, POST, PUT with JSON bodies via Serde integration
- • Build Rust-based API client SDKs with connection pooling and retry logic for agent API integrations
- • Stream large HTTP responses in agent download pipelines without buffering entire responses in memory
- • Implement OAuth flows and authenticated API clients with header management and cookie jar
- • Build Rust agent tools that consume REST APIs with automatic JSON deserialization to typed structs
Not For
- • Non-async (synchronous) HTTP — use ureq for a simpler sync-only HTTP client
- • Low-level HTTP control — use hyper directly for custom HTTP protocol handling
- • gRPC clients — use tonic for gRPC in Rust
Interface
Authentication
Local library — no authentication required. MIT/Apache 2.0 dual licensed. Auth configured per client/request via header or bearer_auth().
Pricing
MIT/Apache 2.0 dual licensed. Zero cost.
Agent Metadata
Known Gotchas
- ⚠ Reuse Client for connection pooling — creating a new Client per request creates a new connection pool; use Client::new() once and clone/share: let client = Arc::new(reqwest::Client::new())
- ⚠ Cargo features gate capabilities: reqwest = { features = ['json', 'rustls-tls'] } — 'json' enables .json() and .json::<T>(); 'rustls-tls' or 'native-tls' for HTTPS
- ⚠ reqwest v0.12 breaking change: .json::<T>() returns T directly, not wrapped; error handling with response.error_for_status()? before deserialization
- ⚠ Timeouts must be configured explicitly: Client::builder().timeout(Duration::from_secs(30)).build()? — no default timeout in reqwest
- ⚠ Streaming: response.bytes_stream() for streaming; don't call .text() or .bytes() which buffer entire response in memory for large responses
- ⚠ TLS configuration: rustls-tls (pure Rust, preferred) vs native-tls (system TLS) — choose one in Cargo.toml features; don't enable both
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for reqwest.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-07.