# Curl: The Swiss Army Knife for REST API Testing

Curl is a powerful command-line tool that allows developers to transfer data from or to a server using various protocols. It is widely used for testing REST APIs due to its simplicity and versatility. In this blog, we will discuss the most commonly used options of curl for REST API testing.

### **What is REST API?**

REST stands for Representational State Transfer, and it is an architectural style for building web services. RESTful APIs use HTTP methods like GET, POST, PUT, DELETE, etc., to interact with resources (e.g., data) on the server.

### **Installing Curl**

Curl is usually pre-installed on most Unix and Linux systems. If you are using Windows, you can download and install it from the official website ([**https://curl.se/windows/**](https://curl.se/windows/)).

### **Most Used Curl Options for REST API Testing**

#### 1\. GET Request

The GET method is used to retrieve data from the server. To send a GET request using curl, use the following command:

```bash
curl https://example.com/api/data
```

This command sends a GET request to [**https://example.com/api/data**](https://example.com/api/data) and retrieves the data.

#### 2\. POST Request

The POST method is used to create or update data on the server. To send a POST request using curl, use the following command:

```bash
curl -X POST -H "Content-Type: application/json" -d '{"name": "John", "age": 30}' https://example.com/api/data
```

This command sends a POST request to [**https://example.com/api/data**](https://example.com/api/data) with the JSON data {"name": "John", "age": 30}.

The -X option specifies the HTTP method (in this case, POST). The -H option sets the content type of the request to JSON, and the -d option specifies the data to send.

#### 3\. PUT Request

The PUT method is used to update data on the server. To send a PUT request using curl, use the following command:

```bash
curl -X PUT -H "Content-Type: application/json" -d '{"name": "John Doe", "age": 35}' https://example.com/api/data/1
```

This command sends a PUT request to [**https://example.com/api/data/1**](https://example.com/api/data/1) with the JSON data {"name": "John Doe", "age": 35}.

The -X option specifies the HTTP method (in this case, PUT), and the -H and -d options are the same as for the POST request.

#### 4\. DELETE Request

The DELETE method is used to delete data from the server. To send a DELETE request using curl, use the following command:

```bash
curl -X DELETE https://example.com/api/data/1
```

This command sends a DELETE request to [**https://example.com/api/data/1**](https://example.com/api/data/1), which deletes the data with the ID of 1.

The -X option specifies the HTTP method (in this case, DELETE).

#### 5\. Authentication

Many APIs require authentication before you can access them. To send an authenticated request using curl, use the following command:

```bash
curl -u username:password https://example.com/api/data
```

This command sends a GET request to [**https://example.com/api/data**](https://example.com/api/data), authenticating with the username and password.

The -u option specifies the username and password separated by a colon.

#### 6\. Headers

Headers provide additional information about the request or response. To set headers using curl, use the -H option:

```bash
curl -H "Authorization: Bearer TOKEN" https://example.com/api/data
```

This command sends a GET request to [**https://example.com/api/data**](https://example.com/api/data) with an Authorization header set to "Bearer TOKEN".

#### 7\. Query Parameters

Query parameters are used to filter or paginate data on the server. To set query parameters using curl, append them to the URL with a question mark and an ampersand:

```bash
curl https://example.com/api/data?limit=10&page=2
```

This command sends a GET request to [**https://example.com/api/data**](https://example.com/api/data) with a limit of 10 and page 2.

#### 8\. Response Format

APIs can return data in various formats, such as JSON, XML, or CSV. To set the expected response format using curl, use the -H option:

```bash
curl -H "Accept: application/json" https://example.com/api/data
```

This command sends a GET request to [**https://example.com/api/data**](https://example.com/api/data) with an Accept header set to "application/json", indicating that the response should be in JSON format.

#### 9\. Verbose Mode

Verbose mode provides additional information about the request and response. To enable verbose mode using curl, use the -v option:

```bash
curl -v https://example.com/api/data
```

This command sends a GET request to [**https://example.com/api/data**](https://example.com/api/data) and prints additional information about the request and response.

#### 10\. Save Response to File

To save the response to a file, use the -o or -O option:

```bash
curl -o response.json https://example.com/api/data
```

This command sends a GET request to [**https://example.com/api/data**](https://example.com/api/data) and saves the response to a file named "response.json".

The -o option specifies the output file name, while the -O option saves the response to a file with the same name as the requested file.

#### 11\. Certificates

APIs often use SSL/TLS encryption to protect data in transit. To verify the SSL/TLS certificate presented by the server, use the --cacert, --cert, and --key options.

* `--cacert`: Specifies the path to the CA certificate file that verifies the server's SSL/TLS certificate.
    
* `--cert`: Specifies the path to the client's SSL/TLS certificate file.
    
* `--key`: Specifies the path to the client's private key file.
    

```bash
curl --cacert ca.pem --cert client.pem --key client.key https://example.com/api/data
```

This command sends a GET request to [**https://example.com/api/data**](https://example.com/api/data) using the SSL/TLS certificate files ca.pem (for verifying the server's certificate), client.pem (for identifying the client), and client.key (for authenticating the client).

#### 12\. Disable Certificate Verification

In some cases, such as when testing on a local or development environment, it may be necessary to disable SSL/TLS certificate verification. To disable certificate verification using curl, use the -k or --insecure option:

```bash
curl -k https://example.com/api/data
```

This command sends a GET request to [**https://example.com/api/data**](https://example.com/api/data) and disables SSL/TLS certificate verification. Note that this option is not recommended for production environments, as it can leave your requests vulnerable to man-in-the-middle attacks.

### **Conclusion**

These are some options related to certificates that can be useful when testing REST APIs with curl. By using these options, you can ensure that your requests are secure and authenticated, even in SSL/TLS encrypted environments. With curl's flexibility and power, you can easily test and debug your APIs.
