cURL HTTP and API Workflows

cURL•Permalink

HTTP methods, auth, JSON APIs, headers, caching, compression, and response inspection with curl.

View

Standard Detailed Compact

Export

Copy the compact sheet, download it, or print it.

Download

`D` dense toggle · `C` copy all

HTTP Methods and APIs

GET, POST, PUT, PATCH, DELETE, OPTIONS and common REST patterns.

GET JSON from an API

Fetch JSON and ask for a JSON response.

↗#

bashANYcurlapijsonget

bash

curl -H 'Accept: application/json' https://api.example.com/v1/items

A standard API request pattern.

POST JSON

Create a resource by sending JSON payload.

↗#

bashANYcurlapijsonpost

bash

curl -X POST https://api.example.com/v1/items -H 'Content-Type: application/json' -d '{"name":"demo"}'

Set `Content-Type: application/json` when posting JSON bodies.

PUT JSON

Replace a resource with a JSON request body.

↗#

bashANYcurlapijsonput

bash

curl -X PUT https://api.example.com/v1/items/123 -H 'Content-Type: application/json' -d '{"name":"updated"}'

PUT is commonly used for full replacement of a resource.

PATCH JSON

Partially update a resource with JSON.

↗#

bashANYcurlapijsonpatch

bash

curl -X PATCH https://api.example.com/v1/items/123 -H 'Content-Type: application/json' -d '{"status":"archived"}'

PATCH is used for partial updates.

DELETE a resource

Delete a resource by ID.

↗#

bashANYcurlapidelete

bash

curl -X DELETE https://api.example.com/v1/items/123

Common REST delete pattern.

Inspect allowed methods

Send an OPTIONS request to inspect server capabilities.

↗#

bashANYcurloptionscors

bash

curl -X OPTIONS -i https://api.example.com/v1/items

Helpful for CORS and API debugging.

Send a TRACE request

Use TRACE for debugging if the server allows it.

↗#

bashANYcurltracedebug

bash

curl -X TRACE -i https://example.com

TRACE is often disabled for security reasons.

Send custom content type

Post XML or another custom media type.

↗#

bashANYcurlcontent-typeapi

bash

curl -X POST https://api.example.com/import -H 'Content-Type: application/xml' --data-binary @payload.xml

Not all APIs use JSON; curl can send any content type.

HTTP Auth and Security

Basic, bearer, API keys, cookies, mTLS, and AWS SigV4.

HTTP Basic auth

Authenticate with username and password.

↗#

bashANYcurlauthbasic

bash

curl -u 'user:password' https://example.com/protected

`-u` sends credentials for Basic auth or similar schemes.

Bearer token auth

Send a Bearer token for OAuth-style APIs.

↗#

bashANYcurlauthbearer

bash

curl -H 'Authorization: Bearer TOKEN' https://api.example.com/me

A common pattern for REST and GraphQL APIs.

API key in header

Send an API key header.

↗#

bashANYcurlapi-keyauth

bash

curl -H 'x-api-key: YOUR_API_KEY' https://api.example.com/data

Many APIs require custom key headers.

API key in query string

Pass an API key in the URL.

↗#

bashANYcurlapi-keyquery

bash

curl 'https://api.example.com/data?api_key=YOUR_API_KEY'

Some APIs still accept query-string keys, though headers are often preferred.

Mutual TLS with client cert

Authenticate using a client certificate and key.

↗#

bashANYcurltlsmtlscert

bash

curl --cert client.crt --key client.key https://mtls.example.com

Use mTLS when the server requires client certificates.

Use a custom CA bundle

Trust a specific CA certificate file.

↗#

bashANYcurltlsca

bash

curl --cacert ca.pem https://internal.example.com

Useful for private PKI or local development environments.

Skip TLS certificate verification

Disable certificate verification for testing only.

↗#

bashANYcurltlsinsecure

bash

curl -k https://selfsigned.example.com

`-k` / `--insecure` is convenient in dev, but avoid it in production workflows.

AWS SigV4 request signing

Sign an AWS-compatible HTTP request using SigV4.

↗#

bashANYcurlawssigv4auth

bash

curl --aws-sigv4 'aws:amz:us-east-1:execute-api' --user 'AKIA...:SECRET' https://abc123.execute-api.us-east-1.amazonaws.com/prod/items

curl includes AWS Signature Version 4 support.

Response Inspection

Headers, redirects, cache data, compression, and conditional requests.

Request compressed response

Ask the server for a compressed response body.

↗#

bashANYcurlcompressionhttp

bash

curl --compressed https://example.com

curl can request and decode compressed responses automatically.

Save ETag metadata

Store ETag metadata for conditional requests.

↗#

bashANYcurletagcache

bash

curl --etag-save etag.txt -O https://example.com/data.json

Useful for polling resources efficiently.

Conditional request with ETag

Use a saved ETag to avoid downloading unchanged content.

↗#

bashANYcurletagcache

bash

curl --etag-compare etag.txt -O https://example.com/data.json

If the content is unchanged the server can return `304 Not Modified`.

Conditional request by modification time

Only fetch if the remote file is newer than a local file.

↗#

bashANYcurlconditionalcache

bash

curl -z local-copy.txt -O https://example.com/local-copy.txt

`-z` uses time conditions such as If-Modified-Since.

Write headers to a file

Store response headers separately from the body.

↗#

bashANYcurlheadersdebug

bash

curl -D headers.txt -o body.html https://example.com

This keeps response body and headers in separate files.

Verbose HTTP/TLS details

Show detailed request and response conversation.

↗#

bashANYcurlverbosedebug

bash

curl -v https://example.com

`-v` is the first switch to reach for when debugging.

Full ASCII trace

Capture a detailed ASCII trace of the transfer.

↗#

bashANYcurltracedebug

bash

curl --trace-ascii trace.txt https://example.com

`--trace-ascii` is more detailed than `-v` and script-friendly.

Multiple requests in one command

Separate different request groups with `--next`.

↗#

bashANYcurlmultiplerequests

bash

curl https://example.com --next -I https://api.example.com

`--next` lets one command perform multiple logically separate requests.

More in cURL

cURL Auth, TLS, and Proxy Security

Authentication, cookies, TLS verification, client certs, pinned keys, and proxy-secured curl workflows.

cURL Debugging, Performance, and Scripting

Tracing, DNS overrides, proxies, protocol selection, config files, timeouts, and script-friendly curl patterns.

cURL Download and Upload Workflows

Comprehensive curl patterns for downloads, retries, upload flows, range requests, SMTP, SFTP, and batch transfers.

cURL Cheat Sheet

High-coverage curl commands for HTTP requests, APIs, downloads, uploads, cookies, redirects, and automation.

Recommended next

No recommendations yet.

Browse all sheets →