Every day, millions of digital interactions happen quietly in the background. Your browser fetches a page. An app checks for updates. A weather widget refreshes its data. A deployment pipeline pulls from an API. Behind a surprising number of these interactions sits a single command-line tool: cURL.
You might not realize it, but cURL is working on billions of devices worldwide — Linux servers, Windows desktops, Raspberry Pis, smartphones, IoT sensors, Docker containers. Outside tech circles, it’s largely unknown. Inside them, it’s one of those tools that experienced developers reach for so reflexively they barely think about it.
This guide covers cURL from the ground up — installation, basic syntax, working with different protocols, proxy configuration, authentication, and debugging. By the end, you’ll understand not just how to use cURL, but when it’s the right tool and why it’s held its place at the center of network development work for nearly 30 years. For context on how proxies fit into this picture, our guide on proxy authentication methods covers the credential side in depth, and the forward proxy server guide explains the infrastructure cURL often connects through.
cURL stands for Client URL. It’s a command-line tool that transfers data between your local machine (the client) and a remote server, using a URL to identify the destination. The thing that makes it remarkable isn’t any single feature — it’s the combination of broad protocol support, tiny footprint, scriptability, and the fact that it runs identically on virtually every platform.
Daniel Stenberg created cURL in 1997. The original purpose was fetching currency exchange rates from the internet — a narrow task that turned into something far more general. Today cURL supports over 25 protocols: HTTP, HTTPS, FTP, SFTP, SCP, SMTP, POP3, IMAP, LDAP, and more. It handles authentication, cookies, custom headers, SSL certificates, proxy routing, HTTP/2, and HTTP/3. All from a single command.
The comparison to GUI tools like Postman is apt but misses something. Postman is great for interactive API testing. cURL is great for everything — and it can be automated. Drop it in a bash script, a CI/CD pipeline, a cron job, or a Dockerfile. Postman can’t do that.
Some tools age out as the ecosystem moves on. cURL does the opposite — it gets more relevant as APIs proliferate and automation becomes central to how software is built and deployed.
Most modern systems already have cURL. Verify it with:
curl --versionIf it’s installed, you’ll see version information along with the supported protocols and features. The output looks something like curl 8.5.0 (x86_64-pc-linux-gnu) libcurl/8.5.0 OpenSSL/3.0.2. If you don’t see HTTP/2 or SFTP in the list, your build may not include those — which matters if you need them.
cURL is included in Windows 10 and later. Open Command Prompt (Win + R, type cmd) and run curl --version. If it’s not found, install Git for Windows — it bundles cURL. Alternatively, enable it via Settings → Apps → Optional Features.
cURL comes pre-installed on macOS. Open Terminal (Command + Space, type “Terminal”) and run curl --version. To get the latest version with newer features, use Homebrew:
brew install curl
brew upgrade curlsudo apt update
sudo apt install curlsudo yum install curl
# or on newer versions:
sudo dnf install curlSlim container images often don’t include cURL. Add it in your Dockerfile or run it manually:
# Debian/Ubuntu base:
apt update && apt install curl -y
# Alpine base:
apk add --no-cache curlAlways verify after installing with curl --version.
The simplest cURL command sends a GET request to a URL and prints the response:
curl https://example.comThat’s typically HTML. For APIs, the response is usually JSON. A few flags you’ll use constantly:
curl -o homepage.html https://example.comcurl -L https://bit.ly/some-linkWithout -L, cURL stops at the first redirect response and doesn’t follow through to the final URL.
curl -I https://example.comUseful for quickly checking server type, cache headers, redirect chains, or whether a page returns 200 vs. 301.
curl -s -o /dev/null -w "%{http_code}" https://example.comThis is the cURL idiom you’ll see everywhere in CI/CD health checks — it prints just the HTTP status code and nothing else.
curl -X POST -d "name=Jane&[email protected]" https://api.example.com/submitcurl -X POST https://api.example.com/create \
-H "Content-Type: application/json" \
-d '{"name": "Alice", "email": "[email protected]"}'curl -H "X-Custom-Header: value" https://api.example.com/datacurl -v https://example.comThis is invaluable for debugging — it shows the SSL handshake, all sent headers, the redirect chain, and the full response headers before the body.
cURL’s protocol support is one of its most underappreciated strengths. Most developers use it primarily for HTTP/HTTPS, but it handles much more.
curl https://jsonplaceholder.typicode.com/posts/1This is the default. No additional flags needed for standard web requests.
curl ftp://ftp.example.com/file.txt -o file.txtcurl -T upload.txt ftp://ftp.example.com --user user:passcurl --url smtp://smtp.example.com \
--mail-from [email protected] \
--mail-rcpt [email protected] \
--upload-file message.txt \
--user [email protected]:yourpasswordcurl --url imaps://imap.example.com/INBOX/ --user user:passProtocol-specific tests like these are useful for verifying email server configurations, firewall rules, or service availability without needing a full mail client or FTP application.
Proxy support is one of cURL’s most practically useful features, and it’s worth understanding properly. Proxies let you route requests through a different IP address — useful for testing geo-specific responses, bypassing network restrictions, simulating how a site appears in different regions, or running requests through your own proxy infrastructure.
curl -x http://proxyserver:8080 https://example.comcurl -x http://proxyserver:8080 --proxy-user username:password https://example.comTo route a cURL request through SpyderProxy’s residential proxy network:
curl -x http://gate.spyderproxy.com:7777 \
--proxy-user YOUR_USERNAME:YOUR_PASSWORD \
https://target-site.comReplace the hostname, port, username, and password with the credentials from your SpyderProxy dashboard. For country-specific IPs, the proxy endpoint format typically includes a location parameter — your dashboard will show the exact format for the product you’re using.
curl --socks5 proxyserver:1080 https://example.comSOCKS5 proxies operate at the transport layer rather than the application layer, which means they handle any protocol (not just HTTP) and don’t intercept SSL in the way HTTP proxies can. For more on SOCKS5 behavior, see our guide on SOCKS5 proxies for maximum privacy.
If a proxy uses a self-signed certificate or doesn’t support SSL inspection, you may see SSL errors. For testing only (never in production), you can bypass SSL verification:
curl --insecure -x http://proxyserver:8080 https://example.comFor a proper production setup, configure the proxy to use SSL passthrough or install its certificate. Our SSL error fix guide covers proxy-related SSL issues in detail.
cURL handles all the common authentication patterns you’ll encounter in API and web development work.
curl -u username:password https://api.example.com/datacurl -H "Authorization: Bearer YOUR_TOKEN" https://api.example.com/datacurl -H "X-API-Key: YOUR_KEY" https://api.example.com/endpointcurl --digest -u username:password https://api.example.com/secure--config to store credentials in a separate config file, or read them from environment variablescURL in a bash script enables powerful automation:
#!/bin/bash
curl -s -o report.json https://api.example.com/status
echo "Status check complete"Schedule this with cron for uptime monitoring, add conditional logic to alert on non-200 responses, or chain multiple API calls in sequence.
curl -F "[email protected]" https://upload.example.comcurl -C - -O https://example.com/largefile.zipThe -C - flag tells cURL to automatically detect where to resume. Saves time when downloading large files over unreliable connections.
curl -s https://api.example.com/users | jq '.[] | .name'Combining cURL with jq (a JSON processor) turns cURL into an ad-hoc data extraction tool. Common in DevOps workflows for parsing API responses in scripts.
cURL is how most CI/CD pipelines communicate with external services — triggering Jenkins builds, sending Slack notifications, pulling configuration from APIs, validating endpoint availability before deployment. It’s small enough to be available in minimal build containers and doesn’t require any configuration beyond the command itself.
Even straightforward requests sometimes fail. Here’s how to debug the common ones.
curl --max-time 10 https://example.comAborts after 10 seconds. Without this flag, cURL will wait indefinitely for a response that may never come.
If you see errors like SSL certificate problem: unable to get local issuer certificate, the issue is usually a missing intermediate certificate on the server side. Check with:
curl -v https://example.comThe verbose output shows where the SSL handshake fails. For testing only:
curl --insecure https://example.comNever use --insecure in production scripts. Fix the underlying certificate issue instead — our SSL error guide covers the diagnostic steps.
Usually means the server isn’t listening on the port you’re connecting to. Verify the port and that the service is running. Use -v to confirm whether the TCP connection is even being established.
If you get Failed to connect to proxy, confirm the proxy host, port, and credentials. Most proxy errors are authentication issues or firewall blocks between your machine and the proxy server. Test the proxy with a simpler request first to isolate the variable.
curl --trace trace.txt https://example.comWrites the complete binary data exchange to a file. Useful for debugging unusual protocol behavior or when verbose mode isn’t giving enough detail.
curl --versionLists supported protocols and features. If you need HTTP/2, SFTP, or LDAP and don’t see them listed, your cURL build doesn’t include those — you’ll need to install a different package or compile from source with the appropriate options.
One of the most practical uses of cURL for developers and data teams is testing proxy behavior. Before integrating a proxy into a scraping framework or automation tool, it’s worth verifying exactly how it behaves at the HTTP level.
A typical workflow with SpyderProxy:
curl -x http://[proxy_endpoint] --proxy-user [user]:[pass] https://httpbin.org/ipThis kind of cURL-based verification takes minutes and confirms that everything is working before you invest time building a more complex integration. It also makes debugging much easier — if the cURL test works but your scraping framework doesn’t, the issue is in the framework, not the proxy.
The proxy authentication methods guide covers the different credential formats (username/password, IP whitelisting, token-based) that you’ll encounter when configuring proxy auth in cURL commands.
cURL’s longevity isn’t an accident. It solves a problem that never goes away — communicating with remote servers — and it does it in the most flexible, scriptable, portable way possible. Whether you’re testing a REST API, automating file transfers, verifying a server’s SSL certificate, or routing requests through a proxy network for data collection, the commands are consistent and the behavior is predictable.
Learn the basics and you’ll find yourself reaching for it constantly. The proxy and authentication patterns in particular become second nature once you’ve used them a few times. And in 2026, with APIs at the center of virtually everything in software, that’s a skill that pays dividends every week.
Take your cURL requests further. Use SpyderProxy to route cURL commands through residential or datacenter IPs worldwide — test geo-specific responses, simulate different network conditions, and debug APIs in real-world proxy environments. Start free with 1 GB of residential proxy bandwidth. Full pricing details here.