cURL Commands Cheat Sheet
Comprehensive cURL reference with practical examples for HTTP requests, API testing, file transfers, and more. Bookmark this page for quick reference.
Flag Long Form Description -X--requestSpecify the HTTP method (GET, POST, PUT, DELETE, PATCH) -H--headerAdd a custom request header -d--dataSend data in the request body (implies POST) -F--formSend multipart form data (for file uploads) -o--outputWrite output to a file instead of stdout -O--remote-nameSave output using the remote filename -L--locationFollow HTTP redirects -s--silentSilent mode — hide progress meter and errors -v--verboseVerbose output — show request/response headers -u--userProvide username:password for authentication -k--insecureSkip SSL certificate verification -b--cookieSend cookies from a string or file -c--cookie-jarSave response cookies to a file -I--headFetch headers only (HEAD request) -i--includeInclude response headers in the output -w--write-outDisplay custom output after transfer (e.g., status code) -A--user-agentSet the User-Agent header -e--refererSet the Referer header -x--proxyUse a proxy server --connect-timeoutMaximum time for the connection to be established -m--max-timeMaximum total time for the operation
Command Description curl https://api.example.com/usersSimple GET request (GET is the default method) curl -X GET https://api.example.com/usersExplicit GET request curl -X POST https://api.example.com/usersPOST request with no body curl -X POST -d '{"name":"Alice"}' https://api.example.com/usersPOST request with JSON body curl -X PUT -d '{"name":"Bob"}' https://api.example.com/users/1PUT request to update a resource curl -X PATCH -d '{"email":"new@mail.com"}' https://api.example.com/users/1PATCH request to partially update a resource curl -X DELETE https://api.example.com/users/1DELETE request to remove a resource curl -I https://example.comHEAD request — fetch headers only curl -X OPTIONS https://api.example.com/usersOPTIONS request — check allowed methods (CORS preflight)
Command Description curl -H "Content-Type: application/json" https://api.example.comSet Content-Type header curl -H "Accept: application/json" https://api.example.comRequest JSON response curl -H "X-API-Key: abc123" https://api.example.comSend a custom API key header curl -H "Content-Type: application/json" -H "Accept: application/json" https://api.example.comMultiple headers — use -H for each curl -H "Cache-Control: no-cache" https://example.comBypass cache with no-cache header curl -A "MyApp/1.0" https://example.comSet User-Agent header (shorthand for -H "User-Agent: ...") curl -e "https://google.com" https://example.comSet Referer header curl -i https://example.comInclude response headers in output curl -v https://example.comVerbose mode — show full request and response headers
Command Description curl -u username:password https://api.example.comBasic authentication (username:password) curl -u username https://api.example.comBasic auth — curl will prompt for the password curl -H "Authorization: Bearer eyJhbGci..." https://api.example.comBearer token authentication (JWT, OAuth2) curl -H "Authorization: Token abc123" https://api.example.comToken-based authentication curl --digest -u user:pass https://api.example.comHTTP Digest authentication curl --negotiate -u : https://api.example.comNegotiate (Kerberos/SPNEGO) authentication curl -n https://api.example.comUse credentials from ~/.netrc file
Command Description curl -d "name=Alice&age=30" https://api.example.com/usersSend URL-encoded form data (application/x-www-form-urlencoded) curl -d '{"name":"Alice","age":30}' -H "Content-Type: application/json" https://api.example.com/usersSend JSON data with proper Content-Type curl --data-raw '{"key":"value"}' https://api.example.comSend data without interpreting @ as a file reference curl -d @data.json -H "Content-Type: application/json" https://api.example.comSend data from a file (prefix with @) curl -d @- https://api.example.com < data.jsonSend data from stdin curl --data-urlencode "msg=hello world" https://api.example.comURL-encode the data automatically curl -F "file=@photo.jpg" https://api.example.com/uploadUpload a file as multipart form data curl -F "file=@doc.pdf;type=application/pdf" https://api.example.com/uploadUpload a file with explicit MIME type curl -F "file=@photo.jpg" -F "name=vacation" https://api.example.com/uploadUpload file with additional form fields curl -F "files=@img1.jpg" -F "files=@img2.jpg" https://api.example.com/uploadUpload multiple files curl -T localfile.txt https://example.com/upload/Upload a file using PUT (WebDAV style)
Command Description curl -o output.html https://example.comSave response to a specific file curl -O https://example.com/file.tar.gzSave using the remote filename curl -O -O https://example.com/a.tar.gz https://example.com/b.tar.gzDownload multiple files at once curl -s https://api.example.com/dataSilent mode — suppress progress bar curl -sS https://api.example.com/dataSilent but show errors curl -v https://example.comVerbose — show all request/response details curl --trace trace.log https://example.comFull hex trace saved to file (for debugging) curl -w "%{http_code}" -o /dev/null -s https://example.comPrint only the HTTP status code curl -w "%{time_total}\n" -o /dev/null -s https://example.comMeasure total response time curl -w "DNS: %{time_namelookup}s\nConnect: %{time_connect}s\nTTFB: %{time_starttransfer}s\nTotal: %{time_total}s\n" -o /dev/null -s https://example.comDetailed timing breakdown curl -s https://api.example.com/data | jq .Pipe JSON output through jq for pretty-printing
Command Description curl -k https://self-signed.example.comSkip SSL certificate verification (insecure — testing only) curl --cacert /path/to/ca.crt https://example.comUse a custom CA certificate bundle curl --cert client.pem https://example.comUse a client certificate for mutual TLS curl --cert client.pem --key client-key.pem https://example.comClient certificate with a separate private key file curl --cert client.p12 --cert-type P12 https://example.comUse a PKCS#12 client certificate curl --tlsv1.2 https://example.comForce TLS 1.2 minimum curl --tlsv1.3 https://example.comForce TLS 1.3 minimum curl -v https://example.com 2>&1 | grep "SSL connection"Check the TLS version and cipher used
Command Description curl -b "session=abc123" https://example.comSend a cookie with the request curl -b "token=xyz; lang=en" https://example.comSend multiple cookies curl -c cookies.txt https://example.com/loginSave response cookies to a file curl -b cookies.txt https://example.com/dashboardLoad cookies from a file for the request curl -b cookies.txt -c cookies.txt https://example.comRead and update cookies in the same file curl -c - https://example.comPrint cookies to stdout
Command Description curl -x http://proxy:8080 https://example.comUse an HTTP proxy curl -x socks5://proxy:1080 https://example.comUse a SOCKS5 proxy curl --proxy-user user:pass -x http://proxy:8080 https://example.comProxy with authentication curl --noproxy "*.internal.com" https://internal.example.comBypass proxy for specific hosts curl --connect-timeout 5 https://example.comSet connection timeout to 5 seconds curl -m 30 https://example.comSet maximum total time to 30 seconds curl --retry 3 https://example.comRetry up to 3 times on transient errors curl --retry 3 --retry-delay 2 https://example.comRetry with a 2-second delay between attempts curl --limit-rate 100K https://example.com/largefile.zipLimit download speed to 100 KB/s curl -4 https://example.comForce IPv4 curl -6 https://example.comForce IPv6 curl --resolve example.com:443:1.2.3.4 https://example.comOverride DNS resolution for a host
Command Description curl -LO https://example.com/file.tar.gzDownload a file, following redirects curl -C - -O https://example.com/largefile.zipResume an interrupted download curl -sI https://example.com | head -1Get just the HTTP status line curl -o /dev/null -s -w "%{http_code}\n" https://example.comGet only the status code (200, 404, etc.) curl -s https://api.example.com/users | jq '.[0]'Fetch JSON and extract the first element curl -s -D - -o /dev/null https://example.comShow response headers only (discard body) curl -L -o /dev/null -s -w "URL: %{url_effective}\nCode: %{http_code}\nTime: %{time_total}s\n" https://example.comCheck redirect target, status code, and timing curl -sS -X POST -H "Content-Type: application/json" -d '{"query":"test"}' https://api.example.com/searchQuick API test with JSON POST curl -w "\nDNS: %{time_namelookup}s\nTCP: %{time_connect}s\nSSL: %{time_appconnect}s\nTTFB: %{time_starttransfer}s\nTotal: %{time_total}s\n" -o /dev/null -s https://example.comFull latency breakdown for performance testing curl ifconfig.meGet your public IP address curl -s https://api.github.com/repos/curl/curl/releases/latest | jq -r '.tag_name'Check the latest release version of a GitHub repo curl -K config.txtRead curl options from a config file
What is the difference between curl -d and curl -F? The -d flag sends data as application/x-www-form-urlencoded (like a standard HTML form submission), while -F sends data as multipart/form-data, which is required for file uploads. Use -d for simple key-value data and JSON API requests. Use -F when you need to upload files or send binary data alongside form fields.
How do I send a POST request with JSON data using curl? Use the -X POST flag, set the Content-Type header to application/json, and pass your JSON data with -d:
curl -X POST -H "Content-Type: application/json" -d '{"name":"Alice","email":"alice@example.com"}' https://api.example.com/users
Note: When using -d, curl automatically sets the method to POST, so -X POST is optional in this case.
How do I follow redirects with curl? Use the -L (or --location) flag to make curl follow HTTP redirects (301, 302, 307, 308) automatically. By default, curl does not follow redirects. Example: curl -L https://example.com. You can limit the maximum number of redirects with --max-redirs N (e.g., --max-redirs 5).
How do I ignore SSL certificate errors in curl? Use the -k (or --insecure) flag to skip SSL certificate verification: curl -k https://self-signed.example.com. This is useful for testing with self-signed certificates or development environments. Never use this in production as it disables a critical security check. For proper setups, specify your CA bundle with --cacert instead.