CURL

↑

The Command-Line URL Tool

What Is curl?

curl (short for Client URL) is a powerful command-line tool to:
- send HTTP(S) requests,
- download or upload files,
- interact with APIs,
- debug network problems.

It supports many protocols:
- HTTP, HTTPS
- FTP, FTPS, SFTP
- SCP, SMTP, POP3, IMAP, and more (depending on build)

Typical use cases:
- Checking a website response
- Calling a REST API from the terminal
- Downloading files
- Sending form data or JSON payloads
- Testing authentication and headers

curl is installed by default on many Linux/macOS systems; Windows has official builds too.

Basic Syntax

The simplest form:

curl <options> <URL>

Examples:

# Fetch a web page and print to terminal (stdout)
curl https://example.com

# Fetch over HTTP
curl http://example.com

If you provide no options, curl:
- sends an HTTP GET request,
- prints the response body to the terminal.

Saving Output to a File

By default, the response body is printed to the screen.
To save it to a file, you have two common options:

# 1) Shell redirection
curl https://example.com > page.html

# 2) Let curl decide file name from URL with -O (uppercase O)
curl -O https://example.com/file.zip

# 3) Save to a chosen file name with -o (lowercase o)
curl -o mypage.html https://example.com

-O: use the file name from the URL.
-o: explicitly specify the file name.

Seeing Response Headers

Sometimes you want to see HTTP headers (status code, content type, etc.).
Use -i (include headers in output):

curl -i https://example.com

This prints:

status line (e.g. HTTP/1.1 200 OK)
response headers
blank line
response body

Use -I (uppercase i) to fetch only the headers via an HTTP HEAD request:

curl -I https://example.com

Following Redirects

Many sites redirect (e.g. from http to https).
By default, curl does not follow redirects.
Use -L to follow them:

curl -L http://example.com

Now curl will automatically follow the Location headers until it reaches the final URL.

Adding Custom Headers

APIs often require custom HTTP headers (e.g. auth tokens, content type).
Use -H (or --header) to add a header:

curl -H "X-My-Header: hello" https://example.com

# Multiple headers:
curl \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Accept: application/json" \
  https://api.example.com/data

Sending Query Parameters

Query parameters are simply part of the URL:

curl "https://example.com/search?q=haskell&page=2"

Be sure to quote the URL if it contains & so the shell does not interpret it.

HTTP Methods: GET, POST, PUT, DELETE, ...

By default, curl sends a GET request.
Use -X (or --request) to specify a method explicitly:

# Explicit GET
curl -X GET https://example.com

# DELETE
curl -X DELETE https://api.example.com/items/123

For POST/PUT, you usually combine with -d (send data).

Sending Form Data (application/x-www-form-urlencoded)

Classic HTML forms send data encoded like key=value&key2=value2.
Use -d (or --data) to send such data:

curl -X POST https://example.com/login \
  -d "username=alice&password=secret"

When you use -d without -X, curl automatically uses POST and sets an appropriate content type.
To send multiple fields:

curl https://example.com/form \
  -d "field1=value1" \
  -d "field2=value2"

Sending JSON Data

Modern APIs typically use JSON.
When sending JSON:
- set the Content-Type header,
- provide JSON payload via -d.

curl -X POST https://api.example.com/users \
  -H "Content-Type: application/json" \
  -d '{"name": "Alice", "age": 30}'

If your shell uses quotes differently, be careful to escape them properly.

Uploading Files

Use -F (form) to upload files with multipart/form-data (like HTML forms):

curl -X POST https://example.com/upload \
  -F "file=@/path/to/local/file.txt"

The @ prefix tells curl to read the contents from a file.
You can upload multiple fields/files:

curl https://example.com/upload \
  -F "description=My file" \
  -F "file=@/path/to/file.txt"

Authentication

Basic Auth:

curl -u "username:password" https://api.example.com/secure

-u adds the appropriate Authorization: Basic ... header.
Bearer Token (common for APIs):

curl https://api.example.com/data \
  -H "Authorization: Bearer YOUR_TOKEN_HERE"

HTTPS and Certificates

When using https://, curl verifies the server’s TLS certificate.
For debugging self-signed or local dev setups, you can (temporarily) skip verification:

curl -k https://self-signed.example.local

Warning: -k (or --insecure) disables certificate verification and is not recommended for production.
Better: point curl to a custom CA bundle with --cacert.

Verbose and Debugging Output

Use -v (--verbose) to debug requests:

curl -v https://example.com

This prints:
- request line and headers,
- response headers,
- TLS handshake info (for HTTPS).
Use --trace and --trace-ascii for even more low-level details.

Setting User-Agent and Other Common Options

Some servers behave differently based on the User-Agent header.
Set it with -A (or --user-agent):

curl -A "MyTestClient/1.0" https://example.com

Other useful flags:
- --compressed – ask server for compressed response (gzip, etc.)
- --max-time <seconds> – limit total time of request
- --connect-timeout <seconds> – limit connection setup time

Rate Limiting and Repeated Requests

For simple repeated calls with pauses, combine curl with shell tools:

# Call an endpoint every 5 seconds (Ctrl-C to stop)
while true; do
  curl -s https://example.com/health
  echo
  sleep 5
done

-s (silent) hides progress meter and errors (show only output), useful when scripting.

Getting Help and Manual

To see a quick summary of options:

curl --help

For the full manual (very detailed):

man curl        # on Unix-like systems
curl --manual   # portable way

Common Options

Basic Output & File Handling Options

These options control where the response goes and how it is displayed.

Option	Description	Example
`-h`, `--help`	Show a short help summary of available options.	`curl --help`
`-V`, `--version`	Show version info and supported protocols/features.	`curl --version`
`-s`, `--silent`	Silent mode: no progress meter or error messages (only body on stdout).	`curl -s https://example.com`
`-S`, `--show-error`	Show errors even when `-s` is used (good for scripts).	`curl -sS https://example.com`
`-o <file>`	Write response body to the given file name.	`curl -o page.html https://example.com`
`-O` (capital O)	Save to a file named after the remote URL's path (remote file name).	`curl -O https://example.com/file.zip`
`-L`, `--location`	Follow HTTP redirects (3xx responses) automatically.	`curl -L http://example.com`
`-#`	Display a nice progress bar instead of the default meter.	`curl -# -O https://example.com/big.iso`
`-C -`	Resume a previous download (if server supports HTTP range requests).	`curl -C - -O https://example.com/big.iso`

HTTP Request & Response Control

These options control the HTTP method and what parts of the response you see.

Option	Description	Example
`-X <METHOD>`, `--request <METHOD>`	Explicitly specify HTTP method: GET, POST, PUT, DELETE, etc.	`curl -X DELETE https://api.example.com/items/123`
`-i`, `--include`	Include HTTP response headers in the output (before body).	`curl -i https://example.com`
`-I`, `--head`	Send an HTTP HEAD request (get only headers, no body).	`curl -I https://example.com`
`--http1.1`, `--http2`	Force HTTP/1.1 or HTTP/2 for the request (if supported).	`curl --http2 https://example.com`
`--compressed`	Request a compressed response (gzip, deflate) and automatically decompress it.	`curl --compressed https://example.com`
`--limit-rate <speed>`	Limit transfer speed (e.g. `200k`, `2M`).	`curl --limit-rate 200k -O https://example.com/file.zip`

Sending Data: Forms, JSON, Raw Bodies

These options are central when working with REST APIs or HTML forms.

Option	Description	Example
`-d <data>`, `--data <data>`	Send a request body. Defaults to `application/x-www-form-urlencoded` and switches method to POST if not set.	`curl -d "user=alice&pass=secret" https://example.com/login`
`--data-urlencode <data>`	Like `-d`, but URL-encodes the given data (safe for special characters).	`curl --data-urlencode "q=haskell & monads" https://example.com/search`
`--data-binary <data>`	Send data exactly as given, without stripping newlines or treating `@` specially.	`curl --data-binary "@/path/to/raw.bin" https://example.com/upload`
`-F <name=@file>`, `--form`	Send multipart/form-data (file upload) like an HTML form.	`curl -F "file=@/path/to/photo.jpg" https://example.com/upload`
`-G`, `--get`	Send the data as query parameters in a GET request instead of POST.	`curl -G -d "q=haskell" -d "page=2" https://example.com/search`

Headers & Authentication Options

For APIs and protected resources, you often need to set custom headers or credentials.

Option	Description	Example
`-H <header>`, `--header <header>`	Add a custom HTTP header. Can be used multiple times.	`curl -H "Accept: application/json" https://api.example.com/data`
`-A <agent>`, `--user-agent <agent>`	Set a custom User-Agent string.	`curl -A "MyClient/1.0" https://example.com`
`-u <user:pass>`, `--user <user:pass>`	Use HTTP Basic authentication (sends Authorization: Basic ... header).	`curl -u "alice:secret" https://api.example.com/me`
`--oauth2-bearer <token>`	Send OAuth2 Bearer token as Authorization header.	`curl --oauth2-bearer YOUR_TOKEN https://api.example.com/data`
`--referer <url>`	Set the HTTP Referer header.	`curl --referer "https://google.com" https://example.com`
`-b <file or data>`, `--cookie`	Send cookies from a file or directly as a string (client side).	`curl -b "session=abcd1234" https://example.com`
`-c <file>`, `--cookie-jar`	Save cookies to a file after the request (for reuse later).	`curl -c cookies.txt https://example.com/login`

TLS / HTTPS & Security Options

These options affect how curl handles HTTPS connections and certificates.

Option	Description	Example
`-k`, `--insecure`	Skip certificate verification (accept self-signed/invalid certs). Useful for local dev, not recommended in production.	`curl -k https://localhost:8443`
`--cacert <file>`	Use a custom CA certificate file to verify the server.	`curl --cacert myCA.pem https://internal.example.com`
`--cert <cert>`	Provide a client certificate (for mutual TLS authentication).	`curl --cert mycert.pem https://secure.example.com`
`--key <key>`	Private key corresponding to `--cert`, if stored separately.	`curl --cert client.crt --key client.key https://secure.example.com`
`--tlsv1.2`, `--tlsv1.3`	Force a specific TLS version (useful for debugging or strict policies).	`curl --tlsv1.2 https://example.com`

Debugging & Performance Options

These options help when you are inspecting or tuning HTTP requests.

Option	Description	Example
`-v`, `--verbose`	Verbose mode: show request headers, response headers, and connection info.	`curl -v https://example.com`
`--trace <file>`	Write a very detailed trace of everything curl does into a file (binary safe).	`curl --trace trace.log https://example.com`
`--trace-ascii <file>`	Like `--trace`, but easier to read (ASCII only).	`curl --trace-ascii debug.txt https://example.com`
`--max-time <seconds>`	Limit the total allowed time for the whole transfer.	`curl --max-time 10 https://slow.example.com`
`--connect-timeout <seconds>`	Limit how long curl waits to establish the connection.	`curl --connect-timeout 5 https://example.com`
`--retry <n>`	Automatically retry the request up to `n` times on transient errors.	`curl --retry 3 https://flaky.example.com`
`--retry-delay <seconds>`	Wait this many seconds between retries.	`curl --retry 3 --retry-delay 5 https://flaky.example.com`

Common Option Combinations (Mini Cheat Sheet)

Some very common real-world patterns:

# 1) Simple JSON API GET request with custom header
curl -sS -H "Accept: application/json" https://api.example.com/users

# 2) JSON POST with Bearer token
curl -sS -X POST https://api.example.com/users \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -d '{"name":"Alice","age":30}'

# 3) Follow redirects, save result to file
curl -L -o page.html https://example.com

# 4) Debug a failing HTTPS endpoint (verbose + do not verify cert)
curl -v -k https://localhost:8443

# 5) Upload a file with additional form data
curl -F "file=@/path/to/file.txt" \
     -F "description=My upload" \
     https://example.com/upload