cURL for API Testing: GET, POST, PUT, DELETE Examples

Basic GET Requests

cURL (Client URL) is a command-line tool for transferring data with URLs. It's the go-to tool for testing APIs without needing Postman or other GUI tools.

# Simple GET request
curl https://api.example.com/users

# With verbose output (shows headers)
curl -v https://api.example.com/users

# Save response to file
curl -o response.json https://api.example.com/users

# Show only response headers
curl -I https://api.example.com/users

# Follow redirects
curl -L https://example.com

POST Requests

Form Data (URL-encoded)

# Simple form data
curl -X POST \
  -d "username=john&password=secret" \
  https://api.example.com/login

# Multiple -d flags (same result)
curl -X POST \
  -d "username=john" \
  -d "password=secret" \
  https://api.example.com/login

JSON Payload

# POST with JSON body
curl -X POST \
  -H "Content-Type: application/json" \
  -d '{"name": "John Doe", "email": "john@example.com"}' \
  https://api.example.com/users

# JSON from a file
curl -X POST \
  -H "Content-Type: application/json" \
  -d @payload.json \
  https://api.example.com/users

Always include -H "Content-Type: application/json" when sending JSON data.

PUT and PATCH Requests

PUT (Replace Resource)

# PUT replaces the entire resource
curl -X PUT \
  -H "Content-Type: application/json" \
  -d '{"name": "John Updated", "email": "john.new@example.com"}' \
  https://api.example.com/users/123

PATCH (Partial Update)

# PATCH updates only specified fields
curl -X PATCH \
  -H "Content-Type: application/json" \
  -d '{"email": "newemail@example.com"}' \
  https://api.example.com/users/123

DELETE Requests

# Delete a resource
curl -X DELETE https://api.example.com/users/123

# Delete with confirmation body
curl -X DELETE \
  -H "Content-Type: application/json" \
  -d '{"confirm": true}' \
  https://api.example.com/users/123

Custom Headers

# Single header
curl -H "Authorization: Bearer YOUR_TOKEN" \
  https://api.example.com/protected

# Multiple headers
curl \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Accept: application/json" \
  -H "X-Custom-Header: value" \
  https://api.example.com/data

# Common header patterns
curl -H "Content-Type: application/json" \
     -H "Accept: application/json" \
     -H "X-API-Key: your-api-key" \
     https://api.example.com/endpoint

Authentication

Basic Auth

# Username and password
curl -u username:password https://api.example.com/secure

# Prompt for password (more secure)
curl -u username https://api.example.com/secure

Bearer Token

# JWT or OAuth token
curl -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
  https://api.example.com/protected

API Key

# In header
curl -H "X-API-Key: your-api-key" \
  https://api.example.com/data

# In query string
curl "https://api.example.com/data?api_key=your-api-key"

Working with Cookies

# Save cookies to file
curl -c cookies.txt https://example.com/login

# Send cookies from file
curl -b cookies.txt https://example.com/dashboard

# Save and send cookies (session management)
curl -b cookies.txt -c cookies.txt \
  -d "username=john&password=secret" \
  https://example.com/login

# Then use the session
curl -b cookies.txt -c cookies.txt \
  https://example.com/protected-page

Complete Login Flow Example

# Step 1: Login and save cookies
curl -X POST \
  -c cookies.txt \
  -d "username=john&password=secret" \
  https://example.com/login

# Step 2: Access protected resource
curl -b cookies.txt \
  https://example.com/api/dashboard

# Step 3: Make authenticated API call
curl -b cookies.txt \
  -X POST \
  -H "Content-Type: application/json" \
  -d '{"action": "update"}' \
  https://example.com/api/settings

Debugging & Troubleshooting

# Verbose output (shows request/response headers)
curl -v https://api.example.com/endpoint

# Show only response headers
curl -I https://api.example.com/endpoint

# Include response headers in output
curl -i https://api.example.com/endpoint

# Trace entire connection (very detailed)
curl --trace - https://api.example.com/endpoint

# Silent mode (no progress bar)
curl -s https://api.example.com/endpoint

# Show errors only
curl -sS https://api.example.com/endpoint

# Measure timing
curl -w "\nTime: %{time_total}s\n" \
  https://api.example.com/endpoint

Advanced Options

Timeouts

# Connection timeout (seconds)
curl --connect-timeout 5 https://api.example.com

# Maximum time for entire operation
curl --max-time 30 https://api.example.com

SSL/TLS Options

# Skip SSL verification (development only!)
curl -k https://self-signed.example.com

# Use specific certificate
curl --cacert /path/to/cert.pem https://api.example.com

# Client certificate auth
curl --cert client.pem --key client-key.pem \
  https://api.example.com

Proxy

# Use HTTP proxy
curl -x http://proxy.example.com:8080 \
  https://api.example.com

# SOCKS proxy
curl --socks5 localhost:9050 \
  https://api.example.com

Real-World Examples

GitHub API

# Get user info
curl https://api.github.com/users/octocat

# Authenticated request
curl -H "Authorization: token YOUR_GITHUB_TOKEN" \
  https://api.github.com/user/repos

REST API CRUD Operations

# CREATE - Add new user
curl -X POST \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $TOKEN" \
  -d '{"name": "Alice", "email": "alice@example.com"}' \
  https://api.example.com/users

# READ - Get user
curl -H "Authorization: Bearer $TOKEN" \
  https://api.example.com/users/1

# UPDATE - Modify user
curl -X PUT \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $TOKEN" \
  -d '{"name": "Alice Smith"}' \
  https://api.example.com/users/1

# DELETE - Remove user
curl -X DELETE \
  -H "Authorization: Bearer $TOKEN" \
  https://api.example.com/users/1

File Upload

# Upload file
curl -X POST \
  -F "file=@/path/to/document.pdf" \
  -F "description=My document" \
  https://api.example.com/upload

Quick Reference

Resources

• cURL Man Page
• Everything cURL - Free online book
• httpbin.org - Test your HTTP requests

Need help building or testing APIs? Contact us for development services.