Curl –Data
curl POST examples – gists · GitHub
Common Options
-#, –progress-bar
Make curl display a simple progress bar instead of the more informational standard meter.
-b, –cookie
Supply cookie with request. If no =, then specifies the cookie file to use (see -c).
-c, –cookie-jar
File to save response cookies to.
-d, –data
Send specified data in POST request. Details provided below.
-f, –fail
Fail silently (don’t output HTML error form if returned).
-F, –form
Submit form data.
-H, –header
-i, –include
Include HTTP headers in the output.
-I, –head
Fetch headers only.
-k, –insecure
Allow insecure connections to succeed.
-L, –location
Follow redirects.
-o, –output
Write output to. Can use –create-dirs in conjunction with this to create any directories
specified in the -o path.
-O, –remote-name
Write output to file named like the remote file (only writes to current directory).
-s, –silent
Silent (quiet) mode. Use with -S to force it to show errors.
-v, –verbose
Provide more information (useful for debugging).
-w, –write-out
available variables. Convenient way to force curl to append a newline to output: -w “\n” (can add
to ~/).
-X, –request
The request method to use.
POST
When sending data via a POST or PUT request, two common formats (specified via the Content-Type header) are:
application/json
application/x-www-form-urlencoded
Many APIs will accept both formats, so if you’re using curl at the command line, it can be a bit easier to use the form urlencoded format instead of json because
the json format requires a bunch of extra quoting
curl will send form urlencoded by default, so for json the Content-Type header must be explicitly set
This gist provides examples for using both formats, including how to use sample data files in either format with your curl requests.
curl usage
For sending data with POST and PUT requests, these are common curl options:
request type
-X POST
-X PUT
content type header
-H “Content-Type: application/x-www-form-urlencoded”
-H “Content-Type: application/json”
data
form urlencoded: -d “param1=value1¶m2=value2” or -d
json: -d ‘{“key1″:”value1”, “key2″:”value2”}’ or -d
Examples
POST application/x-www-form-urlencoded
application/x-www-form-urlencoded is the default:
curl -d “param1=value1¶m2=value2” -X POST localhost:3000/data
explicit:
curl -d “param1=value1¶m2=value2” -H “Content-Type: application/x-www-form-urlencoded” -X POST localhost:3000/data
with a data file
curl -d “” -X POST localhost:3000/data
POST application/json
curl -d ‘{“key1″:”value1”, “key2″:”value2”}’ -H “Content-Type: application/json” -X POST localhost:3000/data
curl -d “” -X POST localhost:3000/data
HTTP POST – Everything curl
POST is the HTTP method that was invented to send data to a receiving web application, and it is how most common HTML forms on the web works. It usually sends a chunk of relatively small amounts of data to the the data is sent by a browser after data have been filled in a form, it will send it URL encoded, as a serialized name=value pairs separated with ampersand symbols (&). You send such data with curl’s -d or –data option like this:curl -d ‘name=admin&shoesize=12’ specifying multiple -d options on the command line, curl will concatenate them and insert ampersands in between, so the above example could also be made like this:curl -d name=admin -d shoesize=12 the amount of data to send is not really fit to put in a mere string on the command line, you can also read it off a file name in standard curl style:curl -d @filename with curl’s -d option will make it include a default header that looks like Content-Type: application/x-www-form-urlencoded. That’s what your typical browser will use for a plain receivers of POST data do not care about or check the Content-Type that header is not good enough for you, you should, of course, replace that and instead provide the correct one. Such as if you POST JSON to a server and want to more accurately tell the server about what the content is:curl -d ‘{json}’ -H ‘Content-Type: application/json’ reading from a file, -d will strip out carriage return and newlines. Use –data-binary if you want curl to read and use the given file in binary exactly as given:curl –data-binary @filename, also known as URL encoding, is technically a mechanism for encoding data so that it can appear in URLs. This encoding is typically used when sending POSTs with the application/x-www-form-urlencoded content type, such as the ones curl sends with –data and –data-binary command-line options mentioned above all require that you provide properly encoded data, data you need to make sure already exists in the right format. While that gives you a lot of freedom, it is also a bit inconvenient at help you send data you have not already encoded, curl offers the –data-urlencode option. This option offers several different ways to URL encode the data you give use it like –data-urlencode data in the same style as the other –data options. To be CGI-compliant, the data part should begin with a name followed by a separator and a content specification. The data part can be passed to curl using one of the following syntaxes:content: This will make curl URL encode the content and pass that on. Just be careful so that the content does not contain any = or @ symbols, as that will then make the syntax match one of the other cases below! =content: This will make curl URL encode the content and pass that on. The initial ‘=’ symbol is not included in the This will make curl URL encode the content part and pass that on. Note that the name part is expected to be URL encoded already. @filename: This will make curl load data from the given file (including any newlines), URL encode that data and pass it on in the POST. [email protected]: This will make curl load data from the given file (including any newlines), URL encode that data and pass it on in the POST. The name part gets an equal sign appended, resulting in name=urlencoded-file-content. Note that the name is expected to be URL encoded an example, you could POST a name to have it encoded by curl:curl –data-urlencode “name=John Doe (Junior)” which would send the following data in the actual request body_name=John%20Doe%20%28Junior%29If you store the string John Doe (Junior) in a file named, you can tell curl to send that contents URL encoded using the field name ‘user’ like this:In both these examples above, the field name is not URL encoded but is passed on as-is. If you want to URL encode the field name as well, like if you want to pass on a field name called user name, you can ask curl to encode the entire string by prefixing it with an equals sign (that will not get sent):curl –data-urlencode “=user name=John Doe (Junior)” little convenience feature that could be suitable to mention in this context is the -G or –get option, which takes all data you have specified with the different -d variants and appends that data to the inputted URL e. g. separated with a ‘? ‘ and then makes curl send a GET option makes it easy to switch between POSTing and GETing a form, for has no proper way to stop an ongoing transfer (in any direction) and still maintain the connection. So, if we figure out that the transfer had better stop after the transfer has started, there are only two ways to proceed: cut the connection and pay the price of reestablishing the connection again for the next request, or keep the transfer going and waste bandwidth but be able to reuse the connection next example of when this can happen is when you send a large file over HTTP, only to discover that the server requires authentication and immediately sends back a 401 response mitigation that exists to make this scenario less frequent is to have curl pass on an extra header, Expect: 100-continue, which gives the server a chance to deny the request before a lot of data is sent off. curl sends this Expect: header by default if the POST it will do is known or suspected to be larger than just minuscule. curl also does this for PUT a server gets a request with an 100-continue and deems the request fine, it will respond with a 100 response that makes the client continue. If the server does not like the request, it sends back response code for the error it thinks it is. Unfortunately, lots of servers in the world do not properly support the Expect: header or do not handle it correctly, so curl will only wait 1000 milliseconds for that first response before it will continue are 1000 wasted milliseconds. You can then remove the use of Expect: from the request and avoid the waiting with -H:curl -H Expect: -d “payload to send” some situations, curl will inhibit the use of the Expect header if the content it is about to send is small (like below one kilobyte), as having to waste such a small chunk of data is not considered much of a talking to a HTTP 1. 1 server, you can tell curl to send the request body without a Content-Length: header upfront that specifies exactly how big the POST is. By insisting on curl using chunked Transfer-Encoding, curl will send the POST chunked piece by piece in a special style that also sends the size for each such chunk as it goes send a chunked POST with curl like this:curl -H “Transfer-Encoding: chunked” -d “payload to send” chapter has explained how sending a post with -d is the equivalent of what a browser does when an HTML form is filled in and bmitting such forms is a common operation with curl; effectively, to have curl fill in a web form in an automated you want to submit a form with curl and make it look as if it has been done with a browser, it is important to provide all the input fields from the form. A common method for web pages is to set a few hidden input fields to the form and have them assigned values directly in the HTML. A successful form submission, of course, also includes those fields and in order to do that automatically you may be forced to first download the HTML page that holds the form, parse it, and extract the hidden field values so that you can send them off with curl. A common shortcut is to simply fill in the form with your browser and submit it and check in the browser’s network development tools exactly what it sent. A slightly different way is to save the HTML page containing the form, and then edit that HTML page to redirect the ‘action=’ part of the form to your own server or a test server that just outputs exactly what it gets. Completing that form submission will then show you exactly how a browser sends it. A third option is, of course, to use a network capture tool such as Wireshark to check exactly what is sent over the wire. If you are working with HTTPS, you cannot see form submissions in clear text on the wire but instead you need to make sure you can have Wireshark extract your TLS private key from your browser. See the Wireshark documentation for details on doing that. A common mitigation against automated agents or scripts using curl is to have the page with the HTML form use JavaScript to set values of some input fields, usually one of the hidden ones. Often, there’s some JavaScript code that executes on page load or when the submit button is pressed which sets a magic value that the server then can verify before it considers the submission to be can usually work around that by just reading the JavaScript code and redoing that logic in your script. Using the above mentioned tricks to check exactly what a browser sends is then also a good help.
What is the cURL command-line syntax to do a POST request?
If you are lazy, you can get google-chrome or firefox to do all the work for you.
Right-click the form you want to submit and select Inspect (or Inspect Element for Firefox). This will open the DevTools panel.
Select the Network tab in devtools and tick the Preserve log checkbox (Persist Logs for firefox).
Submit the form and locate the entry with method POST (right-click on any column header and make sure Method is checked).
Right click the line with POST, and select Copy > Copy as cURL.
Chrome will copy all the request data in cURL syntax.
Chrome uses –data ‘param1=hello¶m2=world’ which you can make more readable by using a single -d or -F per parameter depending on which type of POST request you want to send, which can be either application/x-www-form-urlencoded or multipart/form-data accordingly.
This will be POST-ed as application/x-www-form-urlencoded (used for the majority of forms that don’t contain file uploads):
curl \
-H “User-Agent: Mozilla/2. 2” \
-d param1=hello \
-d name=dinsdale
For a multipart/form-data POST use -F (typically used with forms that contain file uploads, or where order of fields is important, or where multiple fields with the same name are required):
-F param1=hello \
-F name=dinsdale \
-F name=piranha
The User-Agent header is not normally needed, but I’ve thrown it in just in case. If you need a custom agent then you can avoid having to set it on every request by creating the ~/ file which contains e. g. User-Agent: “Mozilla/2. 2”
Frequently Asked Questions about curl –data
What is — data in curl?
-d, –data <data> (HTTP) Sends the specified data in a POST request to the HTTP server, in the same way that a browser does when a user has filled in an HTML form and presses the submit button. This will cause curl to pass the data to the server using the content-type application/x-www-form-urlencoded.Sep 16, 2013
What does curl stand for?
cURL, which stands for client URL, is a command line tool that developers use to transfer data to and from a server. At the most fundamental, cURL lets you talk to a server by specifying the location (in the form of a URL) and the data you want to send.Feb 23, 2021
What is curl and why it is used?
cURL is a command-line tool that you can use to transfer data via network protocols. The name cURL stands for ‘Client URL’, and is also written as ‘curl’. This popular command uses URL syntax to transfer data to and from servers. Curl is powered by ‘libcurl’, a free and easy-to-use client-side URL transfer library.Dec 23, 2020