Free tool · Runs in your browser

curl Command Builder

Build a curl command from a form - method, headers, auth, and body - or paste one to edit it. Get the curl command plus equivalent JavaScript fetch and Python requests code. Everything stays in your browser.

Method
Query parameters
Headers
Body

GET requests do not support request bodies.

Authentication
Options
curl https://api.example.com/users

Anatomy of a curl command

A curl command is curl [options] URL. The method defaults to GET; add -X POST (or another verb) to change it, -H to add headers, and one of the data flags to send a body. curl figures out most of the rest - it adds the right Content-Type for -d and -F, and switches to POST when you send data.

Sending data: -d, --data-raw, and -F

  • -d / --data - form-urlencoded body; multiple -d are joined with &. curl sets application/x-www-form-urlencoded.
  • --data-raw - sends the body exactly as given (no @file interpretation) - the safe choice for a JSON payload.
  • --data-urlencode - like -d but URL-encodes each value for you.
  • -F / --form - multipart form data; -F "file=@/path" uploads a file.

Headers and content types

Add headers with -H "Name: Value". The most important one is Content-Type: it must match the body you send. A JSON API expects Content-Type: application/json; a form post expects application/x-www-form-urlencoded. This builder adds the JSON Content-Type for you when you choose a JSON body.

Authentication

  • Basic - -u user:password sends the standard Authorization: Basic header.
  • Bearer token - -H "Authorization: Bearer <token>", used by most modern APIs and OAuth.
  • API key - a custom header like -H "X-API-Key: <key>" (name varies by API).

A note on security

-k / --insecure tells curl to skip TLS certificate verification - handy against a local self-signed cert, but never use it in production, since it removes the protection HTTPS provides. This tool only builds command strings in your browser - it does not send the request and does not store anything you type.

Common curl flags

FlagWhat it does
-XSet the HTTP request method.
-HAdd a request header (repeatable).
-dSend a request body (implies POST, form-urlencoded).
--data-rawSend the body verbatim (no @file interpretation) - used for JSON.
-FSend a multipart form field; @file uploads a file.
-uHTTP Basic auth as user:password.
-LFollow redirects.
-kSkip TLS certificate verification (insecure).
-iInclude response headers in the output.
-vVerbose - show the request/response details.
-oWrite the response to a file.
-ASet the User-Agent header.
curl FAQ

Frequently asked questions

Use -X POST, add -H "Content-Type: application/json", and send the payload with --data-raw '{"key":"value"}'. In this builder, choose POST, pick the JSON body type, and paste your JSON - the Content-Type header is added automatically.
Add -H "Authorization: Bearer YOUR_TOKEN" for a bearer token, or -u user:password for HTTP Basic auth. Set the Authentication section to Bearer, Basic, or API key and the correct header/flag is generated.
Add the -L (or --location) flag, which tells curl to follow HTTP 3xx redirects to the final URL. Enable "Follow redirects" in the options.
Add -k (or --insecure) to skip TLS verification. This is fine for testing against a self-signed certificate locally, but never do it in production because it defeats the security of HTTPS.
Use multipart form data: -F "file=@/path/to/file". The @ tells curl to read and upload the file. In this builder, choose the Multipart body type and set a field to "file" with the path.
Build or paste your curl command here, then switch the output tab to Python (requests) or fetch (JavaScript) to get the equivalent code. You can also paste an existing curl command into the import box to load it into the builder first.
Describe it, do not memorize it

Let AI write the command for you.

CtrlOps' AI terminal turns plain English into the exact command - curl, systemctl, anything - with an approve-before-run safety gate, right inside a local-first SSH workspace. Your credentials never leave your machine.

Start instantly· No credit card· No sneaky autorenewals