cURL Command Guide: The Developer's Swiss Army Knife

The Basics: GET, POST, PUT, DELETE

# Simple GET request
curl https://api.example.com/users

# GET with query parameters
curl 'https://api.example.com/users?page=2&limit=20'

# POST with JSON body
curl -X POST https://api.example.com/users \
  -H 'Content-Type: application/json' \
  -d '{"name":"Alice","email":"alice@example.com"}'

# PUT to update a resource
curl -X PUT https://api.example.com/users/123 \
  -H 'Content-Type: application/json' \
  -d '{"name":"Alice Smith"}'

# DELETE
curl -X DELETE https://api.example.com/users/123

Authentication Patterns

# Bearer token (JWT / OAuth)
curl https://api.example.com/me \
  -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9...'

# API key in header
curl https://api.example.com/data \
  -H 'X-API-Key: sk_live_abc123'

# Basic auth (username:password → Base64)
curl -u alice:s3cr3t https://api.example.com/admin
# or equivalently:
curl -H 'Authorization: Basic YWxpY2U6czNjcjN0' https://api.example.com/admin

# API key as query param (avoid — it ends up in server logs)
curl 'https://api.example.com/data?api_key=abc123'  # ⚠️ avoid

Working with Headers and Response Bodies

# Show response headers only
curl -I https://example.com

# Show request + response headers (verbose)
curl -v https://api.example.com/users

# Print only the status code
curl -s -o /dev/null -w '%{http_code}' https://api.example.com/health

# Pretty-print JSON response (requires jq)
curl -s https://api.example.com/users | jq .

# Save response to file
curl -o response.json https://api.example.com/data

# Download a file, keep original filename
curl -OL https://example.com/archive.tar.gz

Form Data and File Uploads

# application/x-www-form-urlencoded (HTML form default)
curl -X POST https://api.example.com/login \
  -d 'username=alice&password=secret'

# multipart/form-data (file upload)
curl -X POST https://api.example.com/upload \
  -F 'file=@/path/to/document.pdf' \
  -F 'title=My Document'

# Upload with custom content type for the file part
curl -X POST https://api.example.com/images \
  -F 'image=@photo.jpg;type=image/jpeg'

# Send raw file as body (e.g. binary upload)
curl -X PUT https://api.example.com/files/123 \
  -H 'Content-Type: application/octet-stream' \
  --data-binary @file.bin

Cookies and Sessions

# Save cookies to a file after login
curl -X POST https://example.com/login \
  -d 'user=alice&pass=secret' \
  -c cookies.txt

# Send saved cookies on subsequent requests
curl https://example.com/dashboard \
  -b cookies.txt

# Send a specific cookie manually
curl https://example.com/api \
  -H 'Cookie: session=abc123; theme=dark'

Essential Flags Reference

Converting cURL to Code

Once you have a working cURL command (e.g. copied from your browser's Network tab via “Copy as cURL”), you can convert it to JavaScript, Python, Go, or any other language without manually translating every flag.

# This cURL command:
curl 'https://api.example.com/users' \
  -H 'Authorization: Bearer token123' \
  -H 'Content-Type: application/json' \
  -d '{"name":"Alice"}'

# Becomes this in JavaScript (fetch):
const res = await fetch('https://api.example.com/users', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer token123',
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({ name: 'Alice' }),
});