cURL

Auth Commands

Handle authentication with cURL across different methods including Basic, Bearer tokens, OAuth, and client certificates. Learn to securely pass credentials when testing protected APIs.

8 commands

Pro Tips

Use 'curl -u user:pass' for Basic auth. Omit the password to get an interactive prompt that won't show in history.

Use 'curl -H "Authorization: Bearer $TOKEN"' for Bearer token auth — store the token in an env var.

Use 'curl --netrc-file ~/.netrc' to store credentials securely outside your shell history.

Common Mistakes

Credentials passed via '-u user:pass' appear in process lists and shell history. Use --netrc or env vars in production.

Always use HTTPS when sending credentials. HTTP sends them in plaintext over the network.

Commands

API key in header

$ curl -H "X-API-Key: your-api-key" https://api.example.com/resource

Make request with API key header

Basic authentication

$ curl -u username:password https://api.example.com/resource

Make request with basic auth

Bearer token auth

$ curl -H "Authorization: Bearer TOKEN" https://api.example.com/resource

Make request with bearer token

Client certificate

$ curl --cert cert.pem --key key.pem https://api.example.com

Make request with client certificate

Send cookies

$ curl -b "session=abc123" https://example.com

Send cookies with request

Ignore SSL errors

$ curl -k https://self-signed.example.com

Allow insecure SSL connections

Save cookies to file

$ curl -c cookies.txt https://example.com/login

Save response cookies to file

Use cookies from file

$ curl -b cookies.txt https://example.com/protected

Load cookies from file for request