I won’t go into the details of curl. If you are interested in curl and want to go deep and get into all the features and details, you can look into the free Everything curl ebook about curl and libcurl.
GET calls
For example, using the Github API to get the repositories of a given user:
curl -sSL https://api.github.com/users/calvinchoy/reposThe -sSL flags are optional: -s for running in silent mode, hiding the progress bar; -S to show errors even when in silent mode; and -L ensures that the call will follow redirects.
If you want to save the output to a file, you can use the -o flag:
curl -sSL https://api.github.com/users/calvinchoy/repos -o output.jsonIn case you are interested in the response headers, you can use -I to show the headers alone, or -i to show both the response headers and body.
POST calls
For API calls where you need to submit data, you can use the -X flag to specify the HTTP method (GET, POST, PUT, DELETE), -H for the headers, and -d for the body content:
curl -X POST https://api.github.com/user/repos \
-H "Authorization: Bearer YOUR_GITHUB_TOKEN" \
-H "Content-Type: application/json" \
-d '{ "name": "name-new-repo", "description": "This is a new repo", "private": false }'I noticed that as the data (-d) gets longer, it can get difficult to properly provide the input. You can solve this by providing the data on multiple lines — curl will handle this fine as long as it’s quoted. Another option is to provide long inputs using another file, for example:
curl -X POST https://api.github.com/user/repos \
-H "Authorization: Bearer YOUR_GITHUB_TOKEN" \
-H "Content-Type: application/json" \
-d @../some-folder/payload.jsonAuthentication
Some common authorization methods used with curl, username/password, Basic, Bearer
# username and password, your probably don't want this :)
curl -u username:password ...
# Basic with base64 encoded value (not encrypted, reversible!!)
curl -H "Authorization: Basic YOUR_BASE64_STRING" ...
# Bearer using Personal Access Token (PAT)
curl -H "Authorization: Bearer YOUR_PAT" ...Important: never hardcode your tokens and credentials. Use environment variables or secrets.
Configure defaults
If you have flags that you tend to set every time, you can use the .curlrc config to set some defaults unless you use the -q flag to ignore the .curlrc file. At any time when executing curl, you can overwrite the defaults when needed.
# $HOME/.curlrc, $XDG_CONFIG_HOME/.curlrc etc. check docs for more locaton options
--silent
--show-error
--location
--header = "Content-Type: application/json"
--header = "Accept: application/json"The dashes are optional and can be removed. Some common often used option flags for reference:
-sor--silent: Silent mode (no progress bar)-Sor--show-error: Show errors even in silent mode-for--fail: Fail silently on HTTP errors-vor--verbose: Verbose (show full request/response)-Xor--request: Specify HTTP method (GET, POST, PUT, DELETE, etc.)-dor--data: Send data in request body-Hor--header: Add custom header-oor--output: Write output to file-Lor--location: Follow redirects