Basic curl Commands Every Web Developer Should Know

New to curl? Start with our beginner guide: Making HTTP Requests with curl
When debugging APIs or testing endpoints, you need quick, reliable tools that don’t require complex setup. While GUI tools like Postman have their place, curl commands for web developers offer unmatched speed and flexibility for command-line testing. This reference covers the essential curl commands you’ll use daily, from basic GET requests to advanced authentication patterns.
Key Takeaways
- Master basic GET and POST requests first—they cover 80% of API testing needs
- Always include proper headers for Content-Type and Authorization
- Use verbose mode (
-v
) when debugging connection issues - Set timeouts to prevent hanging scripts in production environments
- Save responses to files for analysis and comparison
- Follow redirects with
-L
for complete request chains - Combine curl with tools like jq for better JSON handling
Essential curl Commands for API Testing
1. Basic GET Request
The simplest curl command fetches data from any URL:
curl https://api.github.com/users/octocat
This returns the raw JSON response. For better readability, pipe the output through a JSON formatter:
# macOS/Linux
curl https://api.github.com/users/octocat | jq
# Windows (requires jq installation)
curl https://api.github.com/users/octocat | jq
When to use: Quick API endpoint testing, checking if services are responding, or grabbing data for scripts.
2. POST Request with JSON Data
Modern APIs expect JSON payloads. Here’s how to send them properly:
curl -X POST \
-H "Content-Type: application/json" \
-d '{"name":"John Doe","email":"john@example.com"}' \
https://api.example.com/users
For complex JSON, save it to a file and reference it:
curl -X POST \
-H "Content-Type: application/json" \
-d @user-data.json \
https://api.example.com/users
When to use: Creating resources, submitting forms, or testing POST endpoints with structured data.
3. Adding Custom Headers
APIs often require specific headers for authentication, content negotiation, or custom parameters:
curl -H "Authorization: Bearer your-token-here" \
-H "Accept: application/json" \
-H "User-Agent: MyApp/1.0" \
https://api.example.com/protected-resource
When to use: API authentication, setting user agents, specifying response formats, or adding custom application headers.
4. Following Redirects
By default, curl stops at redirects. Use -L
to follow them automatically:
curl -L https://bit.ly/shortened-url
Limit redirect hops to prevent infinite loops:
curl -L --max-redirs 5 https://example.com
When to use: Testing shortened URLs, following API redirects, or checking redirect chains in your applications.
5. Saving Response to File
Instead of cluttering your terminal, save responses directly to files:
# Save with original filename
curl -O https://example.com/data.json
# Save with custom filename
curl -o my-data.json https://api.example.com/export
# Save headers and body separately
curl -D headers.txt -o response.json https://api.example.com/data
When to use: Downloading files, saving API responses for analysis, or archiving test results.
6. Basic Authentication
Many APIs still use basic authentication. Handle it securely:
curl -u username:password https://api.example.com/secure-endpoint
For better security, let curl prompt for the password:
curl -u username https://api.example.com/secure-endpoint
When to use: Testing internal APIs, accessing development endpoints, or working with legacy authentication systems.
7. Verbose Output for Debugging
When requests fail or behave unexpectedly, verbose mode shows exactly what’s happening:
curl -v https://api.example.com/endpoint
This displays:
- Request headers sent
- Response headers received
- SSL/TLS handshake details
- Connection information
When to use: Debugging failed requests, understanding API behavior, or troubleshooting SSL issues.
8. Setting Timeouts
Prevent hanging requests by setting connection and total timeouts:
# 10-second connection timeout, 30-second total timeout
curl --connect-timeout 10 --max-time 30 https://slow-api.example.com
When to use: Testing slow endpoints, preventing script hangs, or working with unreliable networks.
9. Form Data Submission
For traditional form submissions or file uploads:
# Standard form data
curl -X POST -d "username=john&password=secret" https://example.com/login
# File upload
curl -F "file=@document.pdf" -F "description=Important doc" https://example.com/upload
When to use: Testing form endpoints, uploading files, or working with multipart data.
10. Including Response Headers
See both headers and body in the output:
# Include headers with response
curl -i https://api.example.com/endpoint
# Headers only (useful for checking status codes)
curl -I https://api.example.com/endpoint
When to use: Checking response codes, debugging caching issues, or examining API headers.
Advanced curl Commands for Web Developers
Working with Cookies
Maintain session state across requests:
# Save cookies to file
curl -c cookies.txt https://example.com/login
# Use saved cookies
curl -b cookies.txt https://example.com/dashboard
Proxy Configuration
Route requests through proxies for testing or security:
curl --proxy http://proxy.company.com:8080 https://api.example.com
SSL Certificate Handling
For development environments with self-signed certificates:
# Skip certificate verification (development only)
curl -k https://localhost:8443/api
# Use custom CA certificate
curl --cacert custom-ca.pem https://secure-api.example.com
Performance and Automation Tips
Batch Operations
Test multiple endpoints efficiently:
# Multiple URLs in one command
curl https://api1.example.com https://api2.example.com
# From a file
curl -K url-list.txt
Output Formatting
Make responses more readable:
# Pretty-print JSON with jq
curl -s https://api.example.com/data | jq '.'
# Extract specific fields
curl -s https://api.example.com/users | jq '.[] | .name'
Error Handling
Make curl fail silently on HTTP errors for scripting:
curl --fail --silent https://api.example.com/endpoint || echo "Request failed"
curl vs. Other Tools: When to Use What
Use curl when:
- Quick command-line testing
- Scripting and automation
- CI/CD pipeline integration
- Minimal system resource usage
Use Postman when:
- Complex request collections
- Team collaboration
- Visual response inspection
- Advanced testing workflows
Use HTTPie when:
- More readable syntax preferred
- JSON-first API testing
- Better default formatting
FAQs
Use the limit-rate option to throttle requests, for example by limiting to 200 kilobytes per second. You can also add delays between requests in scripts using sleep commands.
The -d flag sends data as form-encoded, which is the default for POST requests. The -F flag sends data as multipart form data, which is required when uploading files.
Yes. To do this, send a POST request with a JSON payload that includes your GraphQL query.
Use verbose mode to inspect the SSL handshake, skip certificate verification temporarily if needed using the insecure flag, or specify a custom certificate authority with the cacert option.
For token-based authentication, pass the Authorization header with your token. For basic authentication, use the username and password option. To improve security, store sensitive values in environment variables and reference them in your commands.
Conclusion
These curl commands form the backbone of command-line API testing. Start with basic GET and POST requests, then gradually incorporate headers, authentication, and advanced features as your needs grow. The key is building muscle memory for the most common patterns—once you can quickly test endpoints from the terminal, you’ll find yourself reaching for curl constantly during development and debugging.
curl commands for web developers provide the foundation for efficient API testing and debugging. These commands work across all platforms and integrate seamlessly into development workflows, making them essential tools for any web developer’s toolkit.