In cURL, the -X or --request parameter is used to specify the HTTP request method. While cURL can automatically infer the method based on other parameters, explicitly specifying the method makes requests more explicit and controllable.
-X Parameter Basics
# Basic syntax curl -X METHOD URL # Common usage curl -X GET https://api.example.com/users curl -X POST https://api.example.com/users curl -X PUT https://api.example.com/users/1 curl -X DELETE https://api.example.com/users/1 curl -X PATCH https://api.example.com/users/1
HTTP Methods Explained
GET Request
# GET request (default, usually don't need -X GET) curl https://api.example.com/users # Explicit GET curl -X GET https://api.example.com/users # GET with query parameters curl -X GET "https://api.example.com/users?page=1&limit=10" # GET with headers curl -X GET \ -H "Authorization: Bearer token123" \ https://api.example.com/users
POST Request
# POST request (automatically uses POST with -d) curl -X POST \ -H "Content-Type: application/json" \ -d '{"name":"John"}' \ https://api.example.com/users # Form data POST curl -X POST \ -d "username=admin&password=123456" \ https://api.example.com/login # File upload POST curl -X POST \ -F "file=@document.pdf" \ https://api.example.com/upload
PUT Request
PUT is used for complete updates to resources, typically requiring all fields of the resource.
# Basic PUT request curl -X PUT \ -H "Content-Type: application/json" \ -H "Authorization: Bearer token123" \ -d '{"id":1,"name":"John","email":"john@example.com","age":25}' \ https://api.example.com/users/1 # PUT to update file content curl -X PUT \ -H "Content-Type: application/octet-stream" \ --data-binary @updated-file.txt \ https://api.example.com/files/document.txt # PUT upload file (REST API style) curl -X PUT \ -T local-file.pdf \ https://api.example.com/documents/123
DELETE Request
DELETE is used to delete resources.
# Basic DELETE request curl -X DELETE \ -H "Authorization: Bearer token123" \ https://api.example.com/users/1 # DELETE with request body (some APIs require) curl -X DELETE \ -H "Content-Type: application/json" \ -H "Authorization: Bearer token123" \ -d '{"reason":"inactive user"}' \ https://api.example.com/users/1 # Batch delete curl -X DELETE \ -H "Content-Type: application/json" \ -d '{"ids":[1,2,3]}' \ https://api.example.com/users/batch
PATCH Request
PATCH is used for partial updates to resources, only providing fields to be modified.
# Basic PATCH request curl -X PATCH \ -H "Content-Type: application/json" \ -H "Authorization: Bearer token123" \ -d '{"email":"newemail@example.com"}' \ https://api.example.com/users/1 # JSON Patch format (RFC 6902) curl -X PATCH \ -H "Content-Type: application/json-patch+json" \ -d '[{"op":"replace","path":"/email","value":"new@example.com"}]' \ https://api.example.com/users/1 # Merge Patch format (RFC 7386) curl -X PATCH \ -H "Content-Type: application/merge-patch+json" \ -d '{"email":"new@example.com","settings":{"theme":"dark"}}' \ https://api.example.com/users/1
HTTP Methods Comparison
| Method | Purpose | Idempotent | Safe | Typical Scenario |
|---|---|---|---|---|
| GET | Retrieve resource | ✅ | ✅ | Query data |
| POST | Create resource | ❌ | ❌ | Submit form, create |
| PUT | Complete update | ✅ | ❌ | Replace resource |
| PATCH | Partial update | ❌ | ❌ | Modify partial fields |
| DELETE | Delete resource | ✅ | ❌ | Delete operation |
| HEAD | Get metadata | ✅ | ✅ | Check resource exists |
| OPTIONS | Get supported methods | ✅ | ✅ | CORS preflight |
Other HTTP Methods
# HEAD request (get headers only) curl -X HEAD https://api.example.com/users/1 # Or use -I curl -I https://api.example.com/users/1 # OPTIONS request (CORS preflight) curl -X OPTIONS \ -H "Origin: https://example.com" \ -H "Access-Control-Request-Method: POST" \ https://api.example.com/users # TRACE request (debugging, usually disabled) curl -X TRACE https://api.example.com/debug # CONNECT request (establish tunnel) curl -X CONNECT http://proxy.example.com:8080
Complete RESTful API Example
#!/bin/bash # Complete RESTful API operations example API_BASE="https://api.example.com/v1" TOKEN="your_bearer_token" # 1. Create resource (POST) echo "Creating user..." CREATE_RESPONSE=$(curl -s -X POST \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $TOKEN" \ -d '{"name":"John","email":"john@example.com"}' \ "$API_BASE/users") USER_ID=$(echo $CREATE_RESPONSE | jq -r '.id') echo "Created user ID: $USER_ID" # 2. Get resource (GET) echo "Getting user..." curl -s -X GET \ -H "Authorization: Bearer $TOKEN" \ "$API_BASE/users/$USER_ID" | jq # 3. Complete update (PUT) echo "Updating user (PUT)..." curl -s -X PUT \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $TOKEN" \ -d "{\"id\":$USER_ID,\"name\":\"John\",\"email\":\"updated@example.com\",\"age\":26}" \ "$API_BASE/users/$USER_ID" | jq # 4. Partial update (PATCH) echo "Updating user (PATCH)..." curl -s -X PATCH \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $TOKEN" \ -d '{"age":27}' \ "$API_BASE/users/$USER_ID" | jq # 5. Delete resource (DELETE) echo "Deleting user..." curl -s -X DELETE \ -H "Authorization: Bearer $TOKEN" \ "$API_BASE/users/$USER_ID" echo "User deleted"
Important Notes
-
Automatic method inference:
- With
-d, cURL defaults to POST - With
-T, cURL defaults to PUT - Explicit
-Xcan override default behavior
- With
-
Idempotency considerations:
- GET, PUT, DELETE should be idempotent
- POST, PATCH are usually not idempotent
-
Content-Type:
- Must set correct Content-Type when sending data
- JSON:
application/json - Form:
application/x-www-form-urlencoded - File:
multipart/form-data
-
Security:
- GET should not have side effects
- DELETE operations should be careful
- Sensitive operations require authentication