Mastering cURL for API Testing and Documentation
Learn how to use cURL to test API endpoints, authenticate requests, send data payloads, and debug responses. Essential command line techniques for technical writers and developers working with REST APIs.
You’ve already tackled API fundamentals—rate limits, authentication, pagination, and error handling. Now, it’s time to level up and master cURL, the command-line Swiss Army knife for API testing.
What You’ll Learn in This Chapter
After completing this chapter, you’ll be able to:
- Execute API requests using various HTTP methods (GET, POST, PUT, DELETE)
- Include headers and authentication tokens in your requests
- Send data payloads in JSON and form-encoded formats
- Upload and download files through API endpoints
- Debug API responses using cURL’s powerful features
- Troubleshoot common API issues directly from the command line
Let’s get started with the essentials!
What is cURL?
cURL (short for Client URL) is a command-line tool used for sending HTTP requests to APIs. It’s like Postman, but without the fancy UI.
A basic cURL command looks like this:
curl https://api.example.com
This sends a GET request to https://api.example.com. Simple, right? Now, let’s explore more powerful features.
Sending API Requests with cURL
HTTP Methods and cURL Commands
| HTTP Method | cURL Command | Purpose | Example Use Case |
|---|---|---|---|
| GET | curl -X GET "https://api.example.com/users" |
Retrieve data | Fetch user profiles, product listings |
| POST | curl -X POST "https://api.example.com/users" -d '{"name":"John"}' -H "Content-Type: application/json" |
Create new data | Create new user, submit form data |
| PUT | curl -X PUT "https://api.example.com/users/1" -d '{"name":"John Updated"}' -H "Content-Type: application/json" |
Update existing data | Update user profile, replace a resource |
| DELETE | curl -X DELETE "https://api.example.com/users/1" |
Remove data | Delete a user account, remove a post |
| PATCH | curl -X PATCH "https://api.example.com/users/1" -d '{"status":"active"}' -H "Content-Type: application/json" |
Partially update data | Update specific fields only |
Adding Request Headers
Headers provide additional information to the API server. Use the -H flag to include headers:
curl -X GET "https://api.example.com" -H "Authorization: Bearer your_token" -H "Accept: application/json"
Common API Request Headers
| Header | Purpose | Example |
|---|---|---|
| Authorization | Authenticate requests | -H "Authorization: Bearer token123" |
| Content-Type | Specify request body format | -H "Content-Type: application/json" |
| Accept | Specify desired response format | -H "Accept: application/json" |
| User-Agent | Identify client application | -H "User-Agent: MyApiClient/1.0" |
Sending Query Parameters
To filter or sort data, include query parameters in your URL:
curl -X GET "https://api.example.com/users?limit=10&sort=desc&status=active"
Working with Request Data
Sending JSON Data
Use the -d flag to send JSON data in POST, PUT, or PATCH requests:
curl -X POST "https://api.example.com/users" \
-d '{"name":"John Doe","email":"john@example.com","role":"admin"}' \
-H "Content-Type: application/json"
Sending Form Data
For form submissions, use --data-urlencode to properly handle special characters:
curl -X POST "https://api.example.com/login" \
--data-urlencode "username=johndoe" \
--data-urlencode "password=s3cure!p@ss"
Authentication Methods with cURL
| Authentication Type | cURL Command | When to Use |
|---|---|---|
| API Key | curl -H "Authorization: ApiKey your_api_key" "https://api.example.com" |
Simple API authentication |
| Bearer Token | curl -H "Authorization: Bearer your_token" "https://api.example.com" |
OAuth or JWT authentication |
| Basic Auth | curl -u username:password "https://api.example.com" |
Username/password authentication |
| OAuth 2.0 | curl -H "Authorization: Bearer oauth_token" "https://api.example.com" |
Third-party API access |
File Operations with cURL
Uploading Files
The -F flag allows you to upload files using multipart form data:
curl -X POST "https://api.example.com/upload" \
-F "file=@/path/to/myfile.jpg" \
-F "description=My vacation photo" \
-H "Authorization: Bearer your_token"
Downloading Files
Save API responses directly to files:
# Save with original filename
curl -O "https://api.example.com/files/document.pdf"
# Save with custom filename
curl -o custom_name.pdf "https://api.example.com/files/document.pdf"
Debugging API Calls
Viewing Response Headers
Use the -i flag to see both the headers and the response body:
curl -i "https://api.example.com/users/1"
Using Verbose Mode
The -v flag shows the complete request and response flow, perfect for debugging:
curl -v "https://api.example.com/users/1"
Example output:
> GET /users/1 HTTP/1.1
> Host: api.example.com
> User-Agent: curl/7.68.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: application/json
< Content-Length: 234
<
{"id":1,"name":"John Doe","email":"john@example.com"}
Silent Mode
For scripting, use -s to suppress progress meters and error messages:
curl -s "https://api.example.com/users/1" | jq
Advanced cURL Features
| Feature | Flag | Example | Purpose |
|---|---|---|---|
| Follow Redirects | -L |
curl -L "https://api.example.com/redirect" |
Automatically follow HTTP redirects |
| Request Timeout | --connect-timeout |
curl --connect-timeout 10 "https://api.example.com" |
Set connection timeout in seconds |
| Max Time | --max-time |
curl --max-time 30 "https://api.example.com" |
Set maximum time allowed for operation |
| Retry Requests | --retry |
curl --retry 3 "https://api.example.com" |
Retry failed requests |
| Custom Request Method | -X |
curl -X PATCH "https://api.example.com" |
Use specific HTTP method |
Practical cURL Examples for API Documentation
1. Fetching resources with authentication
curl -X GET "https://api.example.com/users" \
-H "Authorization: Bearer your_token" \
-H "Accept: application/json"
2. Creating a new resource
curl -X POST "https://api.example.com/products" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer your_token" \
-d '{
"name": "New Product",
"price": 29.99,
"description": "This is a new product",
"category": "electronics"
}'
3. Updating a resource
curl -X PUT "https://api.example.com/products/123" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer your_token" \
-d '{
"name": "Updated Product Name",
"price": 39.99,
"description": "This product has been updated",
"category": "electronics"
}'
4. Deleting a resource
curl -X DELETE "https://api.example.com/products/123" \
-H "Authorization: Bearer your_token"
Putting It All Together
cURL is an incredibly powerful tool for:
- Testing APIs before implementing them in code
- Documenting API endpoints with clear examples
- Debugging API issues with detailed request/response information
- Automating API workflows with shell scripts
- Validating API responses against expected results
Key Takeaways
- cURL allows you to interact with APIs directly from the command line
- Use different HTTP methods with the -X flag (GET, POST, PUT, DELETE, PATCH)
- Add request headers with -H for authentication and content type specification
- Send data payloads with -d for JSON or --data-urlencode for form data
- Upload files using -F and download using -O or -o
- Debug API calls using the -v (verbose) and -i (include headers) flags
Next Steps
Congratulations! You’re now fluent in cURL, ready to test APIs like a pro. You’re fully prepared for intermediate and advanced-level API documentation challenges.
In the next chapter, we’ll put your skills to the test with expert REST API exercises that combine everything you’ve learned so far.
API Testing Resources
Explore more tools and resources for API testing and documentation.
Found value in the course?
Your support fuels my work!
Have an issue?
Help improve the course by reporting an issue
