Commands

10 Must-Know and Powerful cURL Commands

Anil K··4 min read
#curl#http#api-debugging#tls#mtls#dns#networking#commands
Terminal window running a verbose curl request against an HTTPS endpoint

cURL is an essential tool for diagnosing API, TLS, DNS, and HTTP issues. Below are ten practical patterns with the command, a concise explanation of what it reveals, and real-world scenarios where it helps most.

1. Verbose Mode

curl -v https://api.example.com/resource

What it shows: request headers, response headers, redirects, and TLS handshake details. When to use: first step for API failures, authentication problems, or HTTPS misconfigurations.

2. Full Wire-Level Trace

curl --trace-ascii trace.log https://api.example.com/resource
# or
curl --trace trace.log https://api.example.com/resource

What it shows: every byte sent and received, including raw HTTP and binary data. When to use: deep debugging for corrupted payloads, proxy issues, or TLS handshake anomalies.

3. Response Headers Only

curl -s -o /dev/null -D - https://api.example.com/resource

What it shows: only the response headers. When to use: check status codes, caching, redirects, rate limits, and server metadata without the body.

4. Headers and Body Inline

curl -i https://api.example.com/resource

What it shows: response headers followed by the body in one stream. When to use: quick API checks and verifying content type or response formatting.

5. Override DNS Resolution

curl --resolve api.example.com:443:1.2.3.4 https://api.example.com/resource

What it does: forces the hostname to resolve to a specific IP while preserving the Host header. When to use: test new backends, bypass DNS propagation, validate SSL on a particular node, or debug load-balancer routing.

6. Follow and Inspect Redirect Chains

curl -v -L https://api.example.com/redirect

What it shows: each redirect hop and the final response. When to use: debug OAuth flows, CDN redirects, SEO issues, or redirect loops.

7. Debug Request Payloads

curl -v -X POST https://api.example.com/resource \
  -H "Content-Type: application/json" \
  -d '{"name":"test","enabled":true}'

What it shows: the exact request line, headers, and body sent to the server. When to use: validate JSON formatting, content type, authentication headers, and payload encoding.

8. Print Only the HTTP Status Code

curl -s -o /dev/null -w '%{http_code}\n' https://api.example.com/resource

What it shows: only the numeric HTTP status code. When to use: health checks, CI/CD assertions, and simple monitoring scripts.

9. Save Body and Debug Output Separately

curl -s https://api.example.com/resource \
  -o response.json \
  --stderr debug.log \
  -v

What it does: writes the response body to a file and verbose diagnostics to a separate log. When to use: reproducible debugging, sharing logs with teammates, and analysing intermittent failures.

10. Debug TLS, SSL, and Mutual TLS

curl -v https://api.example.com/resource \
  --cacert /path/to/ca.pem \
  --cert /path/to/client.crt \
  --key /path/to/client.key

What it shows: TLS handshake details, certificate chain validation, and client-certificate usage. When to use: diagnose expired certs, CA-bundle issues, or mTLS authentication failures. For a deeper dive into the certificate side, see Certificate Lifecycle Management.

Quick Reference Table

Task Command
Verbose curl -v URL
Wire trace curl --trace-ascii trace.log URL
Headers only curl -s -o /dev/null -D - URL
Headers + body curl -i URL
Custom resolve curl --resolve host:port:ip URL
Follow redirects curl -v -L URL
Payload debug curl -v -X POST -H "Content-Type:..." -d '...' URL
Status code only curl -s -o /dev/null -w '%{http_code}\n' URL
Separate logs curl -s URL -o response.json --stderr debug.log -v
TLS and mTLS curl -v --cacert ca.pem --cert client.crt --key client.key URL

Pro tip: combine flags to match your workflow. For example, use --resolve with -v to test a specific node and inspect the TLS handshake on that node.

Wrap Up

These patterns provide fast, actionable visibility into what happens between your client and server. Use them to isolate DNS and routing issues, validate TLS and mTLS, inspect payloads, and automate health checks. For the full option set, the curl manual is the authoritative reference — but these ten flags will cover most of the debugging you do on a given week.

Found this useful? Give it a like.

Stay in the loop

New articles on AI, Cybersecurity, and PKI — delivered to your inbox.

← Back to Commands