| Field | Value | Copy |
|---|---|---|
| Shell | {{ shellLabel }} | |
| Flag style | {{ flagStyleDisplay }} | |
| Short flag combo | {{ combineShortFlagsDisplay }} | |
| Method | {{ method }} | |
| URL | {{ finalUrl }} | |
| Headers | {{ headerCount }} | |
| User-Agent | {{ userAgentDisplay }} | |
| Referer | {{ refererDisplay }} | |
| Body bytes | {{ bodyBytes }} | |
| Flags | {{ flagsList.join(' ') || '—' }} | |
| Retry policy | {{ retrySummary }} | |
| Limit rate | {{ limitRateDisplay }} | |
| Auth | {{ authSummary || '—' }} |
A curl command is a text recipe for an HTTP request: method, address, headers, body, and transfer flags written in the order a shell can run.
This generator assembles that request for Bash or Zsh, PowerShell, and Windows CMD, then shows the finished command, a summary table, and a structured JSON snapshot. It is useful when you need to build a request from scratch, translate it to another shell, or inspect how headers, authentication, retries, and body formatting combine before you paste anything into a terminal.
One common use case is an API call that needs a bearer token, a JSON payload, and a timeout. Another is a support handoff where someone pastes an existing curl line into the importer and wants a cleaner version with the same intent.
The command preview can look finished while still carrying operational risk. Secrets placed in auth fields or headers become part of the rendered command, and this package also mirrors current form state into the page URL for sharing. Long-lived tokens, passwords, and live API keys therefore deserve the same caution here that they would deserve in shell history, screenshots, or copied chat messages.
The tool generates text only. It does not send the request or verify that the destination server accepts the flags you chose, so the final command should still be tested in a controlled environment before you treat it as a production-ready example.
Start with a preset when the request shape is familiar. JSON POST, Form POST, Basic Auth, and Bearer Token seed the form with common patterns, which is faster and less error-prone than toggling every field from a blank state.
If you already have a command, use the importer first. The parser can reconstruct many supported curl options, separate the URL from its query string, and infer whether the command leans toward short or long flags. It is a practical shortcut, but not a perfect shell emulator, so the imported output should still be compared against the original command.
User-Agent and Referer fields when those headers matter, because they override duplicate values and keep the request summary readable.The summary block is the fastest final check. It tells you which host the request targets, how many headers were emitted, how large the body is, and whether retries or verbose tracing are present before you copy the finished line.
The package models an HTTP request as a deterministic sequence. It validates the base URL as an absolute http or https address, appends any raw query string, resolves authentication, converts headers into curl flags, and then quotes the result for the selected shell.
Body generation supports three modes. JSON bodies are parsed and minified, then emitted with --data-raw and an automatic Content-Type: application/json header when that header is missing. Raw text bodies are passed through unchanged with --data-raw. URL-encoded form bodies are split on newlines or ampersands and emitted as repeated --data-urlencode arguments. Multipart form uploads are outside this generator's scope.
Authentication is handled in the same rule-based way. Basic auth becomes curl's -u or --user credential form, bearer auth becomes an Authorization header, and API-key mode injects a named header. Separate User-Agent and Referer fields overwrite any matching header entries.
Flag assembly covers redirect following, certificate bypass, compression, response-header inclusion, fail-with-body behavior, verbose tracing, optional forced request methods, HTTP/2 or HTTP/3 preference, retry controls, connection timeout, rate limiting, output file naming, and short-flag combination when it is safe to compress single-letter switches. HTTP/2 and HTTP/3 are mutually exclusive in the form because the tool emits one explicit protocol preference at a time.
Rendering changes after the token list is built. Bash or Zsh uses POSIX-style single-quote escaping and optional backslash continuations. PowerShell uses single quotes with doubled apostrophes and optional backtick continuations. Windows CMD uses double quotes and stays single-line. Output-path quoting also adapts to the shell, including tilde expansion to $HOME or %USERPROFILE%.
The importer is quote-aware and can read many common curl patterns, including -H, -u, --data-raw, --data-urlencode, retry flags, and HTTP version flags. Unsupported curl features or ambiguous shell constructs may not round-trip cleanly, so imported commands should be treated as an editable starting point rather than proof of a perfect reverse parse.
Generation happens in the browser and this tool bundle has no server-side function. That local execution model reduces one kind of exposure, but it does not eliminate others: the command output itself contains real secrets if you type them, and the page URL can also reflect current inputs because the package synchronizes form state into query parameters.
| Input or Result | Format | What It Controls or Shows | Why It Matters |
|---|---|---|---|
Method and URL |
HTTP method plus absolute address | Defines the target request | If either is wrong, every header and body flag points at the wrong endpoint. |
Headers, User-Agent, Referer |
Named header values and presets | Controls request metadata sent to the server | Header spelling and override order often decide whether an API accepts the request. |
Auth |
None, Basic, Bearer, or API-key header | Adds credential flags or headers | The summary can show that auth is present, but only a real test proves the credential is valid. |
Body mode |
None, JSON, raw text, or URL-encoded form | Controls how request data becomes curl arguments | This is where quoting, content type, and byte size change quickly. |
Advanced flags |
Redirect, retry, protocol, timeout, rate, and output settings | Shapes transport behavior after the request is built | A command that looks correct can still behave very differently because of one transfer flag. |
Command |
Quoted shell command | Runnable output for the selected shell | This is the artifact you will actually paste into a terminal. |
Fields summary |
Human-readable table | Rows such as URL, flags, body bytes, retries, and auth summary | It is the fastest place to spot a mismatch without reading the full command string. |
JSON export |
Structured input and derived snapshot | Documents the current form state and generated output | Useful for diffing scenarios or handing off request details in machine-readable form. |
| Field or Rule | Accepted Pattern or Boundary | Tool Behavior | Interpretation |
|---|---|---|---|
| URL | Absolute http or https URL |
Invalid values block generation with an error | This tool is narrower than curl itself and intentionally limits the request family. |
| HTTP version selection | At most one of HTTP/2 or HTTP/3 |
Conflicts block generation | The tool emits one explicit protocol preference at a time. |
| Imported headers | Name: value pairs |
Malformed lines are ignored with a warning | A missing colon means the text never becomes a header flag. |
| JSON body | Valid JSON object or array text | Invalid JSON blocks body generation | The package will not emit a malformed JSON payload. |
| Retry delay and retry-all-errors | Meaningful only when retry count is above zero | Settings are kept but warnings explain the mismatch | The tool distinguishes between a legal flag choice and a useful one. |
| GET with body | Allowed but unusual | The command is still built and a warning is shown | Some servers ignore request bodies on GET, so the preview is not proof of semantic support. |
| Limit rate | Whole number with optional k, M, or G suffix |
Unusual text raises a warning but is still emitted | You get flexibility, but the final shell behavior is yours to verify. |
| Secrets in exports | Command and query-string state reflect current inputs | JSON input fields mask some secret values, but the command itself does not | The safest workflow is to use placeholders until the command is ready to run locally. |
User-Agent, and Referer as needed.The generated command is the runnable artifact, but the surrounding summary is what helps you decide whether the command is trustworthy. URL shows the fully assembled address after raw query text is appended, Headers shows how many final header lines survived overrides, Flags shows the emitted transfer options, and Body bytes gives a quick sense of payload size.
Warnings and errors have different jobs. Errors stop the tool from claiming it has a usable command at all. Warnings tell you the command is syntactically buildable but still deserves human review because a setting is unusual, context-dependent, or partially ineffective.
Flags row is not what you expected, trust that row over your memory of which toggles you clicked.Auth row says a bearer token or API-key header is present, assume the final command contains a secret unless you deliberately used placeholders.HTTP/3 appears in the command, read it as a preference request, not as proof that the runtime curl build and server will negotiate that transport.--insecure is present, you are explicitly bypassing certificate verification and should treat the command as a debugging or controlled-environment artifact.Set the method to POST, use a URL such as https://api.example.com/v1/items, choose JSON body mode, add an Accept: application/json header, and enter a bearer token. If you also enable redirect following, add a 15-second timeout, and cap transfer speed at 500k, the command preview becomes a compact API request with auth, body, and transfer controls in one place.
The summary then confirms the final URL, body size, auth mode, and active flags.
Paste a Bash-oriented curl command into the importer, then switch the shell to PowerShell. The package keeps the request method, URL, many supported flags, and most headers, but rewrites quoting and line continuations for the new shell.
That makes the tool practical for cross-platform documentation when the original command came from a Unix-oriented README.
Suppose you set a retry delay of 10 seconds but leave retry attempts at zero, or add a redirect limit while redirect following is off. The command can still be built, yet the warning list explains that those settings are ineffective in context.
A command that is merely valid is not always the same as a command that clearly communicates intent.
No. It only builds command text, summary rows, and exports. The request is not executed until you run the generated command in your own shell.
Not completely. Some JSON input fields are masked in the structured export, but the rendered command still contains real secrets, and current form state can also appear in the page URL. Use placeholders until the last possible moment.
It supports JSON, raw text, and URL-encoded form data. Multipart form uploads are not generated by this package.
The importer rebuilds the curl options this package explicitly understands. Unsupported flags, complex shell constructs, and some ambiguous quoting patterns may not round-trip exactly.
No. The tool can emit curl's HTTP/3 flag, but actual negotiation still depends on the curl build and the remote server.
Accept or Authorization that changes how the server interprets the request.Authorization header to prove access rights for an API request.--data-urlencode arguments.