| name | curl-http |
| description | HTTP request construction and API testing with curl and HTTPie. Use when user asks to "test API", "make HTTP request", "curl POST", "send request", "test endpoint", "debug API", "upload file", "check response time", "set auth header", "basic auth with curl", "send JSON", "test webhook", "check status code", "follow redirects", "rate limit testing", "measure API latency", "stress test endpoint", "mock API response", or any HTTP calls from the command line. |
curl and HTTPie Reference
HTTP Methods
curl https://api.example.com/users
curl -s https://api.example.com/users
curl -i https://api.example.com/users
curl -I https://api.example.com/users
curl -X POST https://api.example.com/users \
-H "Content-Type: application/json" \
-d '{"name":"Alice","email":"alice@example.com"}'
curl -X POST https://api.example.com/users -H "Content-Type: application/json" -d @payload.json
curl -X PUT https://api.example.com/users/42 \
-H "Content-Type: application/json" \
-d '{"name":"Alice","email":"alice@example.com"}'
curl -X PATCH https://api.example.com/users/42 \
-H "Content-Type: application/json" -d '{"status":"active"}'
curl -X DELETE https://api.example.com/users/42
curl -X DELETE https://api.example.com/users/42 -H "Content-Type: application/json" -d '{"reason":"duplicate"}'
Headers
curl -H "X-Request-ID: abc123" https://api.example.com
curl -H "Accept: application/json" -H "Content-Type: application/json" \
-H "X-API-Key: key123" https://api.example.com
curl -H "User-Agent: my-script/1.0" https://api.example.com
curl -H "Accept:" https://api.example.com
Request Body
curl -X POST https://api.example.com/data -H "Content-Type: application/json" \
-d '{"key":"value","count":10}'
curl -X POST https://api.example.com/login -d "username=alice&password=secret"
curl -X POST https://api.example.com/search --data-urlencode "q=hello world&limit=10"
curl -X POST https://api.example.com/upload -F "file=@report.pdf" -F "description=Quarterly report"
curl -X POST https://api.example.com/upload -F "file=@photo.png;type=image/png"
curl -X POST https://api.example.com/upload --data-binary @archive.tar.gz \
-H "Content-Type: application/octet-stream"
Authentication
curl -u alice:secretpass https://api.example.com/me
curl -H "Authorization: Basic $(echo -n alice:secretpass | base64)" https://api.example.com/me
curl -H "Authorization: Bearer eyJhbGciOi..." https://api.example.com/me
curl -H "X-API-Key: abc123" https://api.example.com/data
curl "https://api.example.com/data?api_key=abc123"
TOKEN=$(curl -s -X POST https://auth.example.com/oauth/token \
-d "grant_type=client_credentials" \
-d "client_id=CLIENT_ID" \
-d "client_secret=CLIENT_SECRET" | jq -r '.access_token')
curl -H "Authorization: Bearer $TOKEN" https://api.example.com/resource
Response Handling
curl -s -o /dev/null -w "%{http_code}" https://api.example.com
curl -I https://api.example.com
curl -i https://api.example.com
curl -o response.json https://api.example.com/data
curl -O https://cdn.example.com/file.tar.gz
curl -D headers.txt -o body.json https://api.example.com/data
curl -L https://short.url/abc
curl -L --max-redirs 5 https://short.url/abc
if curl -s -f -o /dev/null https://api.example.com/health; then
echo "Service is up"
fi
curl -s https://api.example.com/data | jq .
curl -s https://api.example.com/data | python3 -m json.tool
Verbose and Debug Modes
curl -v https://api.example.com
curl -v https://api.example.com 2>debug.log
curl --trace - https://api.example.com
curl --trace trace.log --trace-time https://api.example.com
curl -s -D - -o /dev/null https://api.example.com
Timing Breakdown
curl -s -o /dev/null -w "Total: %{time_total}s\n" https://api.example.com
curl -s -o /dev/null -w "\
DNS: %{time_namelookup}s\n\
Connect: %{time_connect}s\n\
TLS: %{time_appconnect}s\n\
TTFB: %{time_starttransfer}s\n\
Total: %{time_total}s\n\
Size: %{size_download} bytes\n\
Speed: %{speed_download} bytes/s\n" https://api.example.com
Cookies
curl -b "session=abc123" https://api.example.com
curl -c cookies.txt https://api.example.com/login -d "user=alice&pass=s"
curl -b cookies.txt https://api.example.com/dashboard
curl -b cookies.txt -c cookies.txt https://api.example.com/action
SSL/TLS Options
curl -k https://self-signed.example.com
curl --cacert /path/to/ca-bundle.crt https://api.example.com
curl --cert client.pem --key client-key.pem https://api.example.com
curl --tlsv1.2 https://api.example.com
curl --tlsv1.3 https://api.example.com
Proxy Settings
curl -x http://proxy.example.com:8080 https://api.example.com
curl --socks5 127.0.0.1:1080 https://api.example.com
curl --socks5-hostname 127.0.0.1:1080 https://api.example.com
curl -x http://user:pass@proxy.example.com:8080 https://api.example.com
curl --noproxy "localhost,127.0.0.1,.internal" https://api.example.com
Rate Limiting and Retry
curl --retry 5 https://api.example.com
curl --retry 5 --retry-delay 3 https://api.example.com
curl --retry 5 --retry-all-errors https://api.example.com
curl --limit-rate 100K https://cdn.example.com/large.zip -o file.zip
curl --connect-timeout 5 --max-time 30 https://api.example.com
Downloading Files
curl -O https://cdn.example.com/archive.tar.gz
curl -sO https://cdn.example.com/archive.tar.gz
curl -C - -O https://cdn.example.com/large-file.iso
curl -O https://cdn.example.com/a.zip -O https://cdn.example.com/b.zip
curl -o local-name.tar.gz https://cdn.example.com/archive.tar.gz
API Testing Patterns
ID=$(curl -s -X POST https://api.example.com/items \
-H "Content-Type: application/json" -d '{"name":"test"}' | jq -r '.id')
curl -s https://api.example.com/items/$ID | jq .
curl -s -X PATCH https://api.example.com/items/$ID \
-H "Content-Type: application/json" -d '{"name":"updated"}' | jq .
curl -s -X DELETE https://api.example.com/items/$ID
curl -X POST https://api.example.com/graphql \
-H "Content-Type: application/json" \
-d '{"query":"{ users { id name email } }"}'
curl -X POST https://your-app.example.com/webhooks \
-H "Content-Type: application/json" -H "X-Webhook-Secret: secret123" \
-d '{"event":"order.created","data":{"id":1}}'
for endpoint in /health /ready /metrics; do
code=$(curl -s -o /dev/null -w "%{http_code}" "https://api.example.com${endpoint}")
echo "${endpoint}: ${code}"
done
curl to Code Conversion
curl --libcurl generated.c -X POST https://api.example.com/data \
-H "Content-Type: application/json" -d '{"key":"value"}'
HTTPie as an Alternative
HTTPie (http / https commands) provides a more readable syntax for common tasks.
http https://api.example.com/users
http -b https://api.example.com/users
http -h https://api.example.com/users
http POST https://api.example.com/users name=Alice email=alice@example.com
http POST https://api.example.com/users name=Alice age:=30 active:=true tags:='["a","b"]'
http -a alice:secret https://api.example.com/me
http https://api.example.com/me "Authorization:Bearer tok"
http --form POST https://api.example.com/upload file@report.pdf
http --download https://cdn.example.com/archive.tar.gz
Comparison table
| Operation | curl | HTTPie |
|---|
| GET with headers | curl -i URL | http URL |
| POST JSON | curl -X POST -H C-T:json -d '{}' | http POST URL key=val |
| Bearer auth | curl -H "Authorization: Bearer T" | http URL Authorization:Bearer\ T |
| Download file | curl -O URL | http --download URL |
| Form upload | curl -F "f=@file" | http --form POST URL f@file |
Common Gotchas
Quoting
curl -d '{"key":"value"}' https://api.example.com
curl -d "{\"key\":\"value\"}" https://api.example.com
curl -d @payload.json https://api.example.com
Windows vs Unix
cmd.exe does not support single quotes; use double quotes with escaped inner quotes.- PowerShell requires backtick escaping or here-strings for JSON bodies.
- Line continuation:
\ on Unix, ^ on Windows cmd.exe.
Other pitfalls
- Forgetting
-L when the server returns a 301/302 redirect.
- Using
-X GET with -d -- curl sends the body but some servers ignore it on GET.
- Not URL-encoding query parameters; use
--data-urlencode or --url-query (curl 7.87+).
-o /dev/null on Windows should be -o NUL.- Piping binary output without
--output - can corrupt the terminal.
