cURL GET, POST, PUT, DELETE: Complete Guide (2026)

cURL GET, POST, PUT, DELETE: The Complete Guide for 2026

cURL is the universal command-line tool for making HTTP requests. It is pre-installed on macOS and most Linux distributions, and readily available on Windows. Whether you are testing an API, debugging a webhook, or automating requests in a script, cURL is the tool developers reach for first.

This guide covers every HTTP method you will use in practice: GET, POST, PUT, PATCH, and DELETE, with real-world examples, common flags, and patterns you can copy directly into your terminal.

Quick Reference Table

Method	cURL Flag	Purpose	Has Body
GET	Default (no flag needed)	Retrieve data	No
POST	`-X POST` or `--data`	Create data	Yes
PUT	`-X PUT`	Replace data	Yes
PATCH	`-X PATCH`	Partially update data	Yes
DELETE	`-X DELETE`	Remove data	Rarely
HEAD	`-I` or `-X HEAD`	Get headers only	No
OPTIONS	`-X OPTIONS`	Check allowed methods	No

Essential cURL Flags

Before diving into examples, here are the flags you will use constantly:

# Common flags
-X METHOD          # Specify HTTP method (POST, PUT, DELETE, etc.)
-H "Header: Value" # Add a request header
-d "data"          # Send request body data
-i                 # Include response headers in output
-v                 # Verbose mode (show full request/response)
-s                 # Silent mode (hide progress bar)
-o filename        # Save output to a file
-L                 # Follow redirects
-k                 # Allow insecure SSL connections
-u user:pass       # Basic authentication
-b "cookies"       # Send cookies
-c cookie-file     # Save cookies to file
--max-time 30      # Timeout after 30 seconds

GET Requests

GET is the default method. You do not need -X GET.

Basic GET:

curl https://jsonplaceholder.typicode.com/posts/1

GET with response headers:

curl -i https://jsonplaceholder.typicode.com/posts/1

GET with custom headers:

curl -H "Accept: application/json" \
     -H "Authorization: Bearer YOUR_TOKEN" \
     https://api.example.com/users

GET with query parameters:

# Option 1: Include in URL
curl "https://api.example.com/search?q=hello&page=1&limit=10"

# Option 2: Use --data-urlencode with -G flag
curl -G \
  --data-urlencode "q=hello world" \
  --data-urlencode "page=1" \
  https://api.example.com/search

GET and save response to a file:

curl -o response.json https://api.example.com/data

GET with verbose output (great for debugging):

curl -v https://api.example.com/health

# Output shows:
# > GET /health HTTP/2
# > Host: api.example.com
# > User-Agent: curl/8.x
# >
# < HTTP/2 200
# < content-type: application/json
# < ...

POST Requests

POST is used to create new resources or submit data.

POST with JSON body:

curl -X POST https://api.example.com/users \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Alice",
    "email": "alice@example.com",
    "role": "developer"
  }'

POST with form data:

curl -X POST https://api.example.com/login \
  -d "username=alice&password=secret123"

Note: When you use -d, cURL automatically sets Content-Type: application/x-www-form-urlencoded unless you override it.

POST with data from a file:

# Read JSON from a file
curl -X POST https://api.example.com/users \
  -H "Content-Type: application/json" \
  -d @payload.json

# Read from stdin
echo '{"name": "Bob"}' | curl -X POST https://api.example.com/users \
  -H "Content-Type: application/json" \
  -d @-

POST with file upload (multipart form):

curl -X POST https://api.example.com/upload \
  -F "file=@photo.jpg" \
  -F "description=Profile photo" \
  -F "userId=123"

POST with multiple files:

curl -X POST https://api.example.com/upload \
  -F "files=@image1.jpg" \
  -F "files=@image2.png" \
  -F "files=@document.pdf"

PUT Requests

PUT replaces an entire resource. The request body should contain the complete updated resource.

PUT to update a resource:

curl -X PUT https://api.example.com/users/42 \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Alice Updated",
    "email": "alice.new@example.com",
    "role": "senior-developer"
  }'

PUT with authentication:

curl -X PUT https://api.example.com/users/42 \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
  -d '{
    "name": "Alice Updated",
    "email": "alice.new@example.com",
    "role": "senior-developer"
  }'

PATCH Requests

PATCH updates specific fields of a resource without replacing the entire thing.

PATCH to update specific fields:

curl -X PATCH https://api.example.com/users/42 \
  -H "Content-Type: application/json" \
  -d '{
    "role": "tech-lead"
  }'

PUT vs PATCH comparison:

# PUT: Must send the complete resource
curl -X PUT https://api.example.com/users/42 \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Alice",
    "email": "alice@example.com",
    "role": "tech-lead",
    "department": "engineering"
  }'

# PATCH: Only send what you want to change
curl -X PATCH https://api.example.com/users/42 \
  -H "Content-Type: application/json" \
  -d '{"role": "tech-lead"}'

DELETE Requests

DELETE removes a resource. Most DELETE requests do not require a body.

Simple DELETE:

curl -X DELETE https://api.example.com/users/42

DELETE with authentication:

curl -X DELETE https://api.example.com/users/42 \
  -H "Authorization: Bearer YOUR_TOKEN"

DELETE with a request body (less common):

curl -X DELETE https://api.example.com/users/batch \
  -H "Content-Type: application/json" \
  -d '{"ids": [42, 43, 44]}'

DELETE and check the response code:

# -w shows the HTTP status code, -o /dev/null hides the body
curl -X DELETE https://api.example.com/users/42 \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -o /dev/null \
  -w "HTTP Status: %{http_code}\n" \
  -s

Authentication Patterns

Bearer Token (most common for APIs):

curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  https://api.example.com/protected

Basic Auth:

# Option 1: -u flag
curl -u username:password https://api.example.com/data

# Option 2: Header (base64 encoded)
curl -H "Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=" \
  https://api.example.com/data

API Key in header:

curl -H "X-API-Key: your-api-key-here" \
  https://api.example.com/data

API Key in query parameter:

curl "https://api.example.com/data?api_key=your-api-key-here"

Real-World API Examples

GitHub API

# List your repositories
curl -H "Authorization: Bearer ghp_YOUR_TOKEN" \
  -H "Accept: application/vnd.github.v3+json" \
  https://api.github.com/user/repos

# Create a new repository
curl -X POST https://api.github.com/user/repos \
  -H "Authorization: Bearer ghp_YOUR_TOKEN" \
  -H "Accept: application/vnd.github.v3+json" \
  -d '{
    "name": "my-new-repo",
    "private": true,
    "description": "Created via cURL"
  }'

OpenAI API

curl -X POST https://api.openai.com/v1/chat/completions \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer sk-YOUR_API_KEY" \
  -d '{
    "model": "gpt-4o",
    "messages": [
      {"role": "user", "content": "Hello, how are you?"}
    ],
    "max_tokens": 100
  }'

Stripe API

# Create a customer
curl -X POST https://api.stripe.com/v1/customers \
  -u sk_test_YOUR_KEY: \
  -d "email=customer@example.com" \
  -d "name=Jane Doe"

Advanced Patterns

Retry on failure with a bash loop:

MAX_RETRIES=3
RETRY_COUNT=0

while [ $RETRY_COUNT -lt $MAX_RETRIES ]; do
  HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" https://api.example.com/data)

  if [ "$HTTP_CODE" -eq 200 ]; then
    echo "Success"
    curl -s https://api.example.com/data
    break
  fi

  RETRY_COUNT=$((RETRY_COUNT + 1))
  echo "Attempt $RETRY_COUNT failed with $HTTP_CODE. Retrying..."
  sleep $((RETRY_COUNT * 2))
done

Measure response time:

curl -o /dev/null -s -w "
  DNS Lookup:  %{time_namelookup}s
  Connect:     %{time_connect}s
  TLS Setup:   %{time_appconnect}s
  First Byte:  %{time_starttransfer}s
  Total Time:  %{time_total}s
  HTTP Code:   %{http_code}
" https://api.example.com/health

Send requests in parallel:

# Using xargs for parallel requests
seq 1 10 | xargs -P 5 -I {} curl -s "https://api.example.com/item/{}"

Common Pitfalls and Fixes

Problem	Cause	Fix
`curl: (60) SSL certificate problem`	Self-signed cert	Add `-k` flag (dev only)
JSON not being sent	Missing Content-Type header	Add `-H "Content-Type: application/json"`
Special characters in data	Shell interpretation	Use single quotes or escape
Empty response	Server returns 204	Check with `-i` to see status code
`curl: (7) Failed to connect`	Wrong port or host	Verify URL and port

Wrapping Up

cURL is an indispensable tool for any developer working with APIs. The patterns in this guide cover the vast majority of real-world use cases, from simple GET requests to authenticated POST calls with file uploads.

If you are building applications that consume AI APIs for tasks like image generation, video creation, or voice synthesis, cURL is an excellent way to prototype and test API calls before integrating them into your codebase. Hypereal AI provides RESTful API endpoints for dozens of AI models, and every endpoint works perfectly with the cURL patterns shown above.

cURL GET, POST, PUT, DELETE: The Complete Guide for 2026

This guide covers every HTTP method you will use in practice: GET, POST, PUT, PATCH, and DELETE, with real-world examples, common flags, and patterns you can copy directly into your terminal.

Quick Reference Table

Method	cURL Flag	Purpose	Has Body
GET	Default (no flag needed)	Retrieve data	No
POST	`-X POST` or `--data`	Create data	Yes
PUT	`-X PUT`	Replace data	Yes
PATCH	`-X PATCH`	Partially update data	Yes
DELETE	`-X DELETE`	Remove data	Rarely
HEAD	`-I` or `-X HEAD`	Get headers only	No
OPTIONS	`-X OPTIONS`	Check allowed methods	No

Essential cURL Flags

Before diving into examples, here are the flags you will use constantly:

# Common flags
-X METHOD          # Specify HTTP method (POST, PUT, DELETE, etc.)
-H "Header: Value" # Add a request header
-d "data"          # Send request body data
-i                 # Include response headers in output
-v                 # Verbose mode (show full request/response)
-s                 # Silent mode (hide progress bar)
-o filename        # Save output to a file
-L                 # Follow redirects
-k                 # Allow insecure SSL connections
-u user:pass       # Basic authentication
-b "cookies"       # Send cookies
-c cookie-file     # Save cookies to file
--max-time 30      # Timeout after 30 seconds

GET Requests

GET is the default method. You do not need -X GET.

Basic GET:

curl https://jsonplaceholder.typicode.com/posts/1

GET with response headers:

curl -i https://jsonplaceholder.typicode.com/posts/1

GET with custom headers:

curl -H "Accept: application/json" \
     -H "Authorization: Bearer YOUR_TOKEN" \
     https://api.example.com/users

GET with query parameters:

# Option 1: Include in URL
curl "https://api.example.com/search?q=hello&page=1&limit=10"

# Option 2: Use --data-urlencode with -G flag
curl -G \
  --data-urlencode "q=hello world" \
  --data-urlencode "page=1" \
  https://api.example.com/search

GET and save response to a file:

curl -o response.json https://api.example.com/data

GET with verbose output (great for debugging):

curl -v https://api.example.com/health

# Output shows:
# > GET /health HTTP/2
# > Host: api.example.com
# > User-Agent: curl/8.x
# >
# < HTTP/2 200
# < content-type: application/json
# < ...

POST Requests

POST is used to create new resources or submit data.

POST with JSON body:

curl -X POST https://api.example.com/users \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Alice",
    "email": "alice@example.com",
    "role": "developer"
  }'

POST with form data:

curl -X POST https://api.example.com/login \
  -d "username=alice&password=secret123"

Note: When you use -d, cURL automatically sets Content-Type: application/x-www-form-urlencoded unless you override it.

POST with data from a file:

# Read JSON from a file
curl -X POST https://api.example.com/users \
  -H "Content-Type: application/json" \
  -d @payload.json

# Read from stdin
echo '{"name": "Bob"}' | curl -X POST https://api.example.com/users \
  -H "Content-Type: application/json" \
  -d @-

POST with file upload (multipart form):

curl -X POST https://api.example.com/upload \
  -F "file=@photo.jpg" \
  -F "description=Profile photo" \
  -F "userId=123"

POST with multiple files:

curl -X POST https://api.example.com/upload \
  -F "files=@image1.jpg" \
  -F "files=@image2.png" \
  -F "files=@document.pdf"

PUT Requests

PUT replaces an entire resource. The request body should contain the complete updated resource.

PUT to update a resource:

curl -X PUT https://api.example.com/users/42 \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Alice Updated",
    "email": "alice.new@example.com",
    "role": "senior-developer"
  }'

PUT with authentication:

curl -X PUT https://api.example.com/users/42 \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
  -d '{
    "name": "Alice Updated",
    "email": "alice.new@example.com",
    "role": "senior-developer"
  }'

PATCH Requests

PATCH updates specific fields of a resource without replacing the entire thing.

PATCH to update specific fields:

curl -X PATCH https://api.example.com/users/42 \
  -H "Content-Type: application/json" \
  -d '{
    "role": "tech-lead"
  }'

PUT vs PATCH comparison:

# PUT: Must send the complete resource
curl -X PUT https://api.example.com/users/42 \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Alice",
    "email": "alice@example.com",
    "role": "tech-lead",
    "department": "engineering"
  }'

# PATCH: Only send what you want to change
curl -X PATCH https://api.example.com/users/42 \
  -H "Content-Type: application/json" \
  -d '{"role": "tech-lead"}'

DELETE Requests

DELETE removes a resource. Most DELETE requests do not require a body.

Simple DELETE:

curl -X DELETE https://api.example.com/users/42

DELETE with authentication:

curl -X DELETE https://api.example.com/users/42 \
  -H "Authorization: Bearer YOUR_TOKEN"

DELETE with a request body (less common):

curl -X DELETE https://api.example.com/users/batch \
  -H "Content-Type: application/json" \
  -d '{"ids": [42, 43, 44]}'

DELETE and check the response code:

# -w shows the HTTP status code, -o /dev/null hides the body
curl -X DELETE https://api.example.com/users/42 \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -o /dev/null \
  -w "HTTP Status: %{http_code}\n" \
  -s

Authentication Patterns

Bearer Token (most common for APIs):

curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  https://api.example.com/protected

Basic Auth:

# Option 1: -u flag
curl -u username:password https://api.example.com/data

# Option 2: Header (base64 encoded)
curl -H "Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=" \
  https://api.example.com/data

API Key in header:

curl -H "X-API-Key: your-api-key-here" \
  https://api.example.com/data

API Key in query parameter:

curl "https://api.example.com/data?api_key=your-api-key-here"

Real-World API Examples

GitHub API

# List your repositories
curl -H "Authorization: Bearer ghp_YOUR_TOKEN" \
  -H "Accept: application/vnd.github.v3+json" \
  https://api.github.com/user/repos

# Create a new repository
curl -X POST https://api.github.com/user/repos \
  -H "Authorization: Bearer ghp_YOUR_TOKEN" \
  -H "Accept: application/vnd.github.v3+json" \
  -d '{
    "name": "my-new-repo",
    "private": true,
    "description": "Created via cURL"
  }'

OpenAI API

curl -X POST https://api.openai.com/v1/chat/completions \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer sk-YOUR_API_KEY" \
  -d '{
    "model": "gpt-4o",
    "messages": [
      {"role": "user", "content": "Hello, how are you?"}
    ],
    "max_tokens": 100
  }'

Stripe API

# Create a customer
curl -X POST https://api.stripe.com/v1/customers \
  -u sk_test_YOUR_KEY: \
  -d "email=customer@example.com" \
  -d "name=Jane Doe"

Advanced Patterns

Retry on failure with a bash loop:

MAX_RETRIES=3
RETRY_COUNT=0

while [ $RETRY_COUNT -lt $MAX_RETRIES ]; do
  HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" https://api.example.com/data)

  if [ "$HTTP_CODE" -eq 200 ]; then
    echo "Success"
    curl -s https://api.example.com/data
    break
  fi

  RETRY_COUNT=$((RETRY_COUNT + 1))
  echo "Attempt $RETRY_COUNT failed with $HTTP_CODE. Retrying..."
  sleep $((RETRY_COUNT * 2))
done

Measure response time:

curl -o /dev/null -s -w "
  DNS Lookup:  %{time_namelookup}s
  Connect:     %{time_connect}s
  TLS Setup:   %{time_appconnect}s
  First Byte:  %{time_starttransfer}s
  Total Time:  %{time_total}s
  HTTP Code:   %{http_code}
" https://api.example.com/health

Send requests in parallel:

# Using xargs for parallel requests
seq 1 10 | xargs -P 5 -I {} curl -s "https://api.example.com/item/{}"

Common Pitfalls and Fixes

Problem	Cause	Fix
`curl: (60) SSL certificate problem`	Self-signed cert	Add `-k` flag (dev only)
JSON not being sent	Missing Content-Type header	Add `-H "Content-Type: application/json"`
Special characters in data	Shell interpretation	Use single quotes or escape
Empty response	Server returns 204	Check with `-i` to see status code
`curl: (7) Failed to connect`	Wrong port or host	Verify URL and port

Start Building with Hypereal

cURL GET, POST, PUT, DELETE: The Complete Guide for 2026

Quick Reference Table

Essential cURL Flags

GET Requests

POST Requests

PUT Requests

PATCH Requests

DELETE Requests

Authentication Patterns

Real-World API Examples

GitHub API

OpenAI API

Stripe API

Advanced Patterns

Common Pitfalls and Fixes

Wrapping Up

Related Articles

Beginner's Guide to Telegram Bot API (2026)

HTTP Content-Type Header: Complete Guide (2026)

HTTP DELETE Method: Complete Guide (2026)

Start Building Today

Start Building with Hypereal

cURL GET, POST, PUT, DELETE: The Complete Guide for 2026

Quick Reference Table

Essential cURL Flags

GET Requests

POST Requests

PUT Requests

PATCH Requests

DELETE Requests

Authentication Patterns

Real-World API Examples

GitHub API

OpenAI API

Stripe API

Advanced Patterns

Common Pitfalls and Fixes

Wrapping Up

Related Articles

Beginner's Guide to Telegram Bot API (2026)

HTTP Content-Type Header: Complete Guide (2026)

HTTP DELETE Method: Complete Guide (2026)

Start Building Today