curl Cheat Sheet — HTTP Requests, File Transfers & API Testing from the Command Line

Quick reference for curl: GET/POST requests, headers, cookies, authentication, file uploads and downloads, debugging, TLS, proxies, and scripting patterns.

curl is a command-line tool for transferring data with URLs. It supports HTTP, HTTPS, FTP, and dozens of other protocols. This cheat sheet covers the most essential curl commands and flags for making HTTP requests, sending data, handling authentication, uploading files, debugging connections, and scripting — organized by workflow for fast lookup.

Basic Requests

Command	Description
curl https://example.com	Fetch a URL and print response body to stdout
curl -o file.html https://example.com	Save response to a file
curl -O https://example.com/report.pdf	Save with the remote filename
curl -L https://example.com	Follow redirects (3xx responses)
curl -s https://example.com	Silent mode — suppress progress meter
curl -sS https://example.com	Silent but still show errors
curl -f https://example.com	Fail silently on HTTP errors (no output on 4xx/5xx)
curl -I https://example.com	Fetch only the response headers (HEAD request)
curl -i https://example.com	Include response headers in the output

How Do You Send POST Requests with curl?

Command	Description
curl -X POST https://api.example.com/items	Send an empty POST request
curl -d "key=value&name=test" https://api.example.com/form	POST form-urlencoded data
curl -H "Content-Type: application/json" -d '{"name":"test"}' https://api.example.com/items	POST JSON data with explicit Content-Type header
curl --json '{"name":"test"}' https://api.example.com/items	POST JSON (curl 7.82+) — sets Content-Type and Accept headers automatically
curl -d @data.json https://api.example.com/items	POST data from a file
curl -X PUT -d '{"name":"updated"}' https://api.example.com/items/1	Send a PUT request with data
curl -X PATCH -d '{"name":"patched"}' https://api.example.com/items/1	Send a PATCH request
curl -X DELETE https://api.example.com/items/1	Send a DELETE request

Headers and Cookies

Command	Description
curl -H "Authorization: Bearer TOKEN" https://api.example.com	Send a custom header
curl -H "X-Custom: value" -H "Accept: text/plain" URL	Send multiple custom headers
curl -A "MyApp/1.0" https://example.com	Set the User-Agent string
curl -e https://referrer.com https://example.com	Set the Referer header
curl -b "session=abc123" https://example.com	Send a cookie
curl -b cookies.txt https://example.com	Send cookies from a file (Netscape format)
curl -c cookies.txt https://example.com	Save response cookies to a file
curl -b cookies.txt -c cookies.txt https://example.com	Read and write cookies (maintain session)

Authentication

Command	Description
curl -u user:pass https://example.com	HTTP Basic authentication
curl -u user https://example.com	Basic auth — curl prompts for password interactively
curl -H "Authorization: Bearer TOKEN" https://api.example.com	Bearer token authentication
curl --negotiate -u : https://example.com	Kerberos/SPNEGO authentication
curl --digest -u user:pass https://example.com	HTTP Digest authentication
curl -n https://example.com	Use credentials from ~/.netrc file
curl --oauth2-bearer TOKEN https://api.example.com	OAuth 2.0 bearer token (curl 7.83+)

How Do You Upload Files with curl?

Command	Description
curl -F "file=@photo.jpg" https://api.example.com/upload	Upload a file as multipart/form-data
curl -F "file=@photo.jpg;type=image/jpeg" URL	Upload with explicit MIME type
curl -F "file=@doc.pdf" -F "name=report" URL	Upload file with additional form fields
curl -T file.txt https://example.com/upload/	Upload via PUT (WebDAV, FTP, etc.)
curl -T "{file1,file2}.txt" ftp://ftp.example.com/	Upload multiple files via FTP
curl --data-binary @image.png -H "Content-Type: image/png" URL	Upload raw binary data in POST body

How Do You Download Files with curl?

Command	Description
curl -o output.zip https://example.com/file.zip	Download and save with a custom filename
curl -O https://example.com/file.zip	Download and save with the remote filename
curl -O -C - https://example.com/file.zip	Resume an interrupted download
curl -O https://example.com/file[1-10].txt	Download a range of files using globbing
curl --limit-rate 1M -O https://example.com/large.iso	Limit download speed to 1 MB/s
curl -Z -O https://a.com/1.zip -O https://b.com/2.zip	Download multiple files in parallel (curl 7.66+)
curl -J -O https://example.com/download	Use filename from Content-Disposition header

Debugging and Verbose Output

Command	Description
curl -v https://example.com	Verbose output — shows request/response headers and TLS handshake
curl --trace trace.log https://example.com	Full hex + ASCII trace of all data to a file
curl --trace-ascii trace.log https://example.com	ASCII-only trace (more readable)
curl -w "%{http_code}" -o /dev/null -s URL	Print only the HTTP status code
curl -w "%{time_total}\n" -o /dev/null -s URL	Measure total request time in seconds
curl -w "dns:%{time_namelookup} connect:%{time_connect} ttfb:%{time_starttransfer} total:%{time_total}\n" -o /dev/null -s URL	Detailed timing breakdown
curl -D headers.txt https://example.com	Dump response headers to a file
curl --compressed https://example.com	Request compressed response (gzip, deflate, br) and decompress

TLS and Certificates

Command	Description
curl -k https://self-signed.example.com	Skip TLS certificate verification (insecure)
curl --cacert ca.pem https://example.com	Use a custom CA certificate bundle
curl --cert client.pem --key client-key.pem URL	Client certificate authentication (mTLS)
curl --tlsv1.3 https://example.com	Force TLS 1.3
curl --tls-max 1.2 https://example.com	Set maximum TLS version to 1.2
curl --pinnedpubkey "sha256//hash=" https://example.com	Pin a specific public key hash

Proxies and Network Options

Command	Description
curl -x http://proxy:8080 https://example.com	Route request through an HTTP proxy
curl -x socks5://proxy:1080 https://example.com	Use a SOCKS5 proxy
curl --noproxy "*.local,localhost" URL	Bypass proxy for specific hosts
curl --resolve example.com:443:1.2.3.4 https://example.com	Override DNS resolution for a host
curl --connect-timeout 5 https://example.com	Set connection timeout to 5 seconds
curl -m 30 https://example.com	Set maximum total time to 30 seconds
curl --retry 3 https://example.com	Retry up to 3 times on transient errors
curl --retry 3 --retry-delay 2 https://example.com	Retry with a 2-second delay between attempts
curl -4 https://example.com	Force IPv4
curl -6 https://example.com	Force IPv6

Frequently Asked Questions

What is the difference between -d and -F in curl?

The -d flag sends data as application/x-www-form-urlencoded (like an HTML form submission), while -F sends data as multipart/form-data (used for file uploads). Use -d for simple key-value data and API calls, and -F when you need to upload files.

How do you send JSON with curl?

Use curl --json '{"key":"value"}' URL (curl 7.82+), which automatically sets Content-Type: application/json and Accept: application/json. For older versions, use curl -H "Content-Type: application/json" -d '{"key":"value"}' URL.

How do you check the HTTP status code with curl?

Run curl -o /dev/null -s -w "%{http_code}" URL. The -o /dev/null discards the body, -s suppresses the progress bar, and -w "%{http_code}" prints the status code. Add \n for a trailing newline.

How do you follow redirects in curl?

Add the -L (or --location) flag: curl -L https://example.com. By default curl does not follow redirects. Use --max-redirs N to limit the number of redirects followed (default is 50 with -L).

How do you resume a failed download with curl?

Use curl -C - -O URL. The -C - flag tells curl to automatically detect the byte offset from the partially downloaded file and resume from where it left off.

What does curl -k do and when should you use it?

The -k (--insecure) flag tells curl to skip TLS certificate verification. Use it only for development or testing against self-signed certificates. Never use -k in production scripts — it disables protection against man-in-the-middle attacks.