cURL Command Generator

Generated cURL Command

{{ method }} request targeting {{ hostDisplay }}

{{ method }} {{ hostBadge }} {{ headerCount }} headers {{ bodyBytes }} B body {{ flagsCount }} flags Retry ×{{ retry_count }} Verbose Trace time

{{ e }}

{{ w }}

Preset:

Shell:

Method:

Multi-line:

URL:

Query string:

Headers:

Header name:

Custom name:

Header value:

Editing {{ headers[editingIndex]?.name || 'header' }}

Header	Value	Actions
{{ header.name }}	{{ header.value }} —

User-Agent and Referer fields override headers with the same name.

No headers added yet. Use the controls above to add one header at a time.

User-Agent:

Custom agent:

Referer:

Body mode:

Body:

Import existing curl command:

Command imported successfully.

Field	Value	Copy
Shell	{{ shellLabel }}
Flag style	{{ flagStyleDisplay }}
Short flag combo	{{ combineShortFlagsDisplay }}
Method	{{ method }}
URL	{{ finalUrl }}
Headers	{{ headerCount }}
User-Agent	{{ userAgentDisplay }}
Referer	{{ refererDisplay }}
Body bytes	{{ bodyBytes }}
Flags	{{ flagsList.join(' ') \|\| '—' }}
Retry policy	{{ retrySummary }}
Limit rate	{{ limitRateDisplay }}
Auth	{{ authSummary }}

Tags: Devtools , HTTP , Shell

Export to PDF Fullscreen

Embed:

Web request commands capture the target address, the method, headers, and any payload so you can repeat a call exactly and share it with a team. A single command line recipe is simple to run and easy to compare across environments.

This generator helps you assemble that recipe in clear steps and returns a ready to run command you can copy or save. Start with the address and method, then add headers or a small body when needed so the intent stays readable.

For example you might create a request to add a new item, supply a bearer token, choose a short timeout, and enable retries so a temporary glitch does not stop your run. The output shows the host and neatly quotes your values so the command survives copy and paste.

Protect tokens and passwords and avoid sharing them. Replace secrets with safe test strings whenever you post examples or hand off a script.

To get reliable results use complete addresses, keep header names consistent, and try small sample payloads while you iterate. Compare runs by turning on verbose output after the first request succeeds.

Technical Details:

An HTTP request is represented by a method, an absolute URL, a set of headers, and an optional body. The tool transforms those parts into a portable command string targeted to one of three shells: Bash/Zsh, PowerShell, or Windows CMD. Quoting and line breaking follow the conventions of the selected shell.

The command string includes any selected behaviors such as following redirects, retry policy, compression hints, response header inclusion, verbose traces, protocol preference (HTTP/2 or HTTP/3, mutually exclusive), timeouts, connection reuse policy, and bandwidth limiting. When a body is provided, the body size in bytes is derived and shown for quick checks.

Results are accompanied by warnings when a choice is unusual or has no effect in context. Errors only appear when generation would be ambiguous or unsafe, such as an invalid address or conflicting protocol options.

Processing pipeline

Validate the address as absolute http/https, then merge any raw query text.
Parse headers from Name: value lines, recording warnings for malformed entries.
Resolve authentication: Basic via user and password, Bearer via Authorization header, or API key via a named header.
Build the body:
- JSON — parse and minify; add Content-Type: application/json if missing.
- Form URL‑encoded — split into key=value pairs and append --data-urlencode for each; add Content-Type: application/x-www-form-urlencoded if missing.
- Raw — pass as --data-raw without transformation.
Inject convenience overrides for User-Agent and Referer, replacing headers with the same names.
Assemble flags from booleans and numeric inputs, optionally combining short flags that carry no values.
Quote arguments for the target shell, respecting its string and path rules.
Render a single‑line command or a readable multi‑line variant for Bash/Zsh or PowerShell.

Worked example

Goal: Create an item with a small JSON body, include a bearer token, follow redirects, and limit bandwidth.

Method: POST
URL: https://api.example.com/v1/items
Header: Accept: application/json
Auth: Bearer YOUR_TOKEN
Body (JSON): {"name":"Ada"}
Flags: follow redirects, max time 15 s, limit rate 500k

curl \
  --request POST \
  --header 'Accept: application/json' \
  --header 'Authorization: Bearer YOUR_TOKEN' \
  --data-raw '{"name":"Ada"}' \
  --location --max-time 15 --limit-rate '500k' \
  'https://api.example.com/v1/items'

Interpretation: The request sends JSON to the endpoint, follows any redirect, and caps transfer speed; the content type header is added automatically for JSON bodies.

I/O formats & encoding

Inputs and outputs
Input	Accepted Families	Output	Encoding/Precision	Notes
Address	Absolute `http` or `https`	Command argument	Quoted per shell	Optional raw query appended as typed
Method	GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS	Flag or implicit	Upper case	For GET with a body a warning is shown
Headers	`Name: value` lines	`-H`/`--header` entries	One line per header	`User-Agent` and `Referer` inputs override duplicates
Body	JSON, Raw text, Form URL‑encoded	`--data-raw` or `--data-urlencode`	JSON minified	Content‑Type set when needed
Shell	Bash/Zsh, PowerShell, CMD	Single or multi‑line	Shell‑specific quoting	CMD output is always single‑line
Exports	Fields CSV, JSON summary, DOCX table	Clipboard or file	UTF‑8	JSON masks secret values in summaries

Validation & bounds

Validation rules and messages
Field	Type	Min	Max	Step/Pattern	Error/Warning Text
Address	Absolute URL	—	—	`^https?://`	Enter a valid http(s) URL.
Protocol choice	Booleans	—	—	HTTP/2 vs HTTP/3 exclusive	Enable either HTTP/2 or HTTP/3, not both.
Headers	Text lines	—	—	`Name: value`	Ignored header line N: expected “Name: value”.
Body (JSON)	Object/array	—	—	Valid JSON	Invalid JSON body.
Retry delay	Integer seconds	0	∞	Only with retries	Retry delay is ignored unless retry attempts are greater than zero.
Retry all errors	Boolean	—	—	Only with retries	Retry all errors only applies when retry attempts are greater than zero.
Max redirects	Integer	0	∞	Applies with follow	Max redirects only applies when Follow redirects is enabled.
Limit rate	String	—	—	`^\d+(?:[kKmMgG]?)$`	Limit rate should look like 500k, 2M, or a plain byte value.
Auth: Basic	Text	—	—	User required	Basic auth: username required.
Auth: Bearer	Text	—	—	Token required	Bearer token is required.
Auth: API key	Text	—	—	Header and value	API key header name and value required.
GET with body	N/A	—	—	Advisory	A request body with GET is unusual; many servers will ignore it.

Networking & storage

Processing is client‑only; the page does not transmit inputs to a server.
Clipboard, CSV, JSON, and DOCX outputs are created locally.

Security considerations

Avoid pasting long‑lived tokens or passwords on shared machines.
Prefer short‑lived tokens when testing and remove secrets before sharing commands.
JSON summaries mask secret fields, but command lines include them verbatim.

Assumptions & limitations

Only absolute http/https addresses are accepted.
Protocol options are exclusive: enable HTTP/2 or HTTP/3.
Multipart form data is not generated; URL‑encoded forms are supported.
Limit rate accepts whole numbers with optional k, M, or G suffix.
Combining short flags skips flags that require values.
Heads‑up JSON bodies are minified; whitespace is not preserved.
Heads‑up User-Agent and Referer inputs override same‑named headers.
Tilde expansion applies to output file paths (~ to home).
CMD output is single‑line; multi‑line formatting applies to Bash/Zsh and PowerShell.
Max redirects has effect only when following redirects is enabled.

Edge cases & error sources

Unclosed quotes in imported commands prevent parsing.
Backslash line continuations inside double quotes import as literal characters.
Header lines without a colon are ignored.
Duplicate header names keep the latest value in the list.
Invalid JSON bodies block generation.
Retries set to zero disable retry delay and “retry all errors.”
Limit rate with unsupported units is ignored with a warning.
GET with a body may be dropped by servers and is flagged as unusual.
HTTP/2 and HTTP/3 enabled together stop generation with an error.
Output paths with unusual characters may require quoting per shell rules.
Very long commands can exceed terminal line limits on older systems.
Importing -F (multipart) maps to a raw body; multipart is not emitted.

Standards & references

Uniform Resource Identifier syntax (RFC 3986), HTTP Semantics (RFC 9110), HTTP/2 (RFC 9113), HTTP/3 (RFC 9114), and common shell quoting conventions inform the behavior described here.

How‑to · Step‑by‑Step Guide

Build a reproducible web request as a shell command you can run and share.

Choose your shell target Bash/Zsh, PowerShell, or CMD.
Enter the full address and pick a method GET/POST/PUT/….
Add headers as Name: value; set User‑Agent or Referer if needed.
Select a body mode and paste the payload; fix any JSON errors if shown.
Set flags such as redirects, timeouts, retries, and bandwidth limits.
Pick an auth option and supply the smallest safe token or password.
Copy the command, or download a script suited to the chosen shell.

If no address is provided, generation is blocked to avoid producing a misleading command.

Example: POST {"name":"Ada"} with a bearer token and --location shows a multi‑line command for Bash; switch the shell to see quoting change automatically.

Tip: For readability, prefer long flags when sharing commands in docs.
Tip: Use a small timeout and retries while testing unreliable endpoints.

FAQ

Is my data stored?

No. All processing and exports happen in the browser; nothing is sent to a server. Clipboard and downloads use local capabilities.

How accurate is command import?

Most common flags, headers, methods, data options, and user credentials are recognized. Unclosed quotes or unusual constructs can block or alter parsing; fix the source command and try again.

Which units can I use for limit rate?

Plain bytes, or a whole number with k, M, or G suffix, for example 500k or 5M. Other units are not accepted.

Can I send a body with GET?

You can, but many servers ignore it. The generator warns about this choice so you can switch to a method that expects a body.

How do I send a JSON POST?

Choose a POST method, select the JSON body mode, paste valid JSON, and the content type header is added automatically. Fix any parsing error before generating.

Why does Max redirects have no effect?

It only applies when following redirects is enabled. Turn on redirect following to activate the limit.

Can I include an API key header?

Yes. Choose the API key option, name the header, and paste the value. The header is added to the command and shown in summaries.

Is there a cost or license?

No license text is embedded in this package. If you need terms, consult the distribution source where you obtained the tool.

Troubleshooting

“Enable either HTTP/2 or HTTP/3” — turn off one of the protocol switches.
“Invalid JSON body” — format the payload as valid JSON and try again.
“Unable to parse curl command” — close all quotes and remove stray backslashes at line ends.
Header ignored — ensure each line uses Name: value with a colon.
Limit rate warning — use whole numbers with k, M, or G suffix.
Retry delay ignored — set retry attempts above zero.

No command is produced without a valid address. Enter a complete http/https URL.

Advanced Tips

Tip Prefer long flags for readability in shared snippets and docs.
Tip Combine short flags for compact scripts when all flags are single letters without values.
Tip Use trace timing to correlate client events with server logs.
Tip Save output to a file with an explicit path; use ~ for home expansion.
Tip Add Accept: application/json to clarify response expectations in APIs that serve multiple formats.
Tip When testing new endpoints, start with small payloads and increase complexity gradually.

Glossary

Method: Action verb for a request such as GET or POST.
Absolute URL: Full address including scheme and host.
Header: Name and value metadata line sent with the request.
Body: Optional payload such as JSON, text, or form data.
Bearer token: Credential placed in the Authorization header.
Basic authentication: Username and password sent via a dedicated flag.
Retry policy: Attempts and optional delay to recover from errors.
Limit rate: Bandwidth cap in bytes, k, M, or G units.
Verbose output: Extra details about the request and response.
User‑Agent: Header string that identifies the client.