Example
Options
URL: https://api.yutils.dev/tools
Method: POST
Headers: Content-Type: application/json
Body: { "name": "new-tool" }Output (curl command)
curl -X POST 'https://api.yutils.dev/tools' \
-H 'Content-Type: application/json' \
-d '{ "name": "new-tool" }'Note
JSON Content-Type is auto-detected when the body looks like JSON. Single quotes are preferred for shell safety.
Usage / FAQ
When to use
- Quick API calls without firing up Postman / Insomnia
- Attach reproducible API examples to issues and docs
- Share "try this" curl snippets with teammates
- Verify curl commands before pasting into a CI script
- Lay out headers / body cleanly for a complex API call
FAQ
- Q.Does this work in Windows PowerShell?
- A.The output targets bash / zsh (single quotes). In PowerShell, `curl` is an alias for `Invoke-WebRequest` — use `curl.exe` explicitly or translate to native PowerShell syntax.
- Q.How should I handle secrets in the Authorization header?
- A.Use environment variables — `-H "Authorization: Bearer $TOKEN"`. Don't paste commands with raw tokens into issues.
- Q.What about non-ASCII bodies?
- A.UTF-8 is passed through. Shell escaping can bite, though — `--data-binary` or a file (`curl -d @body.json`) is safer for complex payloads.
Fun facts
curl was created in 1996 by Sweden's Daniel Stenberg — initially named 'httpget', then 'urlget', then 'curl'. For nearly 30 years it's been maintained by essentially one person, and it became the universal HTTP tool across every OS, language, and device.
Wikipedia — curl'curl in everything' — curl ships in iOS, macOS, Windows, Linux, car infotainment systems, IoT devices, planes, NASA's Curiosity Mars rover, even the ISS. 'When Stenberg's laptop crashes the internet shakes' is only half a joke.
curl — Companies usingcurl 7.66 (2019) added HTTP/3 (QUIC) support — Stenberg himself is an active member of the IETF QUIC working group, so curl effectively doubles as the reference implementation for HTTP standards. Spec and implementation by the same hands is a rare luxury.
curl — HTTP/3
Related guides
- HTTP Status Codes — When to Use 401, 403, 422, 500 and the Rest
Definitive reference for HTTP status codes — class meanings, the most common codes in REST APIs, frequently confused pairs (401 vs 403, 400 vs 422), and how to pick the right one.
- CORS Explained — What Triggers Preflight, Common Errors, and How to Fix Them
Cross-Origin Resource Sharing in plain language — same-origin policy, simple vs preflight requests, the right Access-Control-* headers, credentials, and the most common debugging traps.
- Idempotency Keys — How Stripe Makes Retries Safe and How to Implement Them
Why retries cause duplicate charges, how Stripe and PayPal use idempotency keys, the server-side state machine, key generation strategies, and storage TTL.
- HTTP Caching — Cache-Control, ETag, and the Right Headers for Every Asset
max-age vs s-maxage, immutable, stale-while-revalidate, ETag vs Last-Modified, CDN vs browser cache, and the headers your static assets, HTML, and API responses each need.
- Rate Limiting Strategies — Token Bucket, Sliding Window, and the 429 Retry-After Contract
Why rate limit, the four classic algorithms (fixed window, sliding window, token bucket, leaky bucket), how to scope by IP/user/API key, and the headers clients expect.
- What's Actually Inside an HTTP Request
Open the wire — request line, headers, body, and the conversation patterns that hide behind GET and POST. Content negotiation, conditional requests, cookies, preflight, and the underrated headers everyone forgets.
- How TLS Handshake Actually Works
What happens between ClientHello and the first encrypted byte — certificates, cipher suites, key exchange, SNI, and why TLS 1.3 dropped the handshake from two round trips to one.
- How Network Programming Actually Works
Sockets, TCP vs UDP, the C10K problem and why epoll/kqueue/IOCP were invented, blocking vs non-blocking vs async, the file-descriptor abstraction, and why Node.js is single-threaded yet can serve 10,000 connections.
- How REST Actually Works
Roy Fielding's actual REST — resources, representations, statelessness, the uniform interface, Richardson Maturity levels 0-3, HATEOAS, and why most APIs called 'REST' are really just JSON over HTTP.
- How gRPC Actually Works
gRPC under the hood — HTTP/2 multiplexing, protobuf wire format, the four RPC modes (unary, server / client / bidirectional streaming), code generation, why it beats REST for internal services, and why browsers still need gRPC-Web.
Related tools
- Base64 Encode / Decode
Encode text to Base64 or decode Base64 back to text. Runs entirely in your browser, no data sent to any server.
- URL Encode / Decode
Percent-encode text for safe use in URLs, or decode percent-encoded URLs back to text. Runs entirely in your browser.
- UUID / ULID Generator
Generate UUID v4 (random), UUID v7 (time-ordered, RFC 9562), or ULID identifiers — all client-side via crypto.
- JWT Decoder
Decode the header and payload of a JSON Web Token. Signature is not verified (a public key is required). The token is processed entirely in your browser.
- JWT Encoder (HMAC)
Generate a signed JSON Web Token with HS256/HS384/HS512 (HMAC-SHA). Payload and secret stay in your browser — Web Crypto API based.
- SHA Hash
Compute SHA-1, SHA-256, SHA-384, or SHA-512 hash of text. Uses the browser's Web Crypto API; no data is sent to any server.
- Hex Encode / Decode
Encode text to hexadecimal or decode hex back to text. Supports UTF-8 multi-byte characters and tolerates whitespace.
- HTML Entity Encode / Decode
Encode HTML special characters (&, <, >, ", ') to entities, or decode named/numeric entities back to text.
- Password Generator
Generate cryptographically strong passwords, tokens, random strings, and passphrases with entropy display.
- Number Base Converter
Convert numbers between bases (binary/octal/decimal/hex/base36) using BigInt for large integers. Auto-detects 0b/0o/0x prefixes.
- URL Parser
Decompose a URL into protocol, host, path, query parameters, and hash — read-only inspection.
- HMAC Generator
Compute HMAC (Hash-based Message Authentication Code) with SHA-1/256/384/512 using the Web Crypto API.
- HMAC Verify
Verify whether a given HMAC signature matches the message + secret. Constant-time comparison via Web Crypto API.
- MD5 Hash
Compute MD5 hash for text. Note: MD5 is broken for security — checksums and legacy compatibility only.
- Punycode (IDN)
Convert international domain names to/from Punycode (xn-- encoded ASCII). Uses native URL parser.
- HTTP Status Codes
Browse and search HTTP status codes (1xx-5xx) with descriptions and common usage.
- User-Agent Parser
Parse User-Agent strings into browser, OS, device, and engine fields.
- Bcrypt Hash
Hash passwords with Bcrypt or verify a plaintext against an existing hash. Configurable salt rounds.
- Cookie Parser
Parse Cookie or Set-Cookie strings into a table. Decode percent-encoded values. Supports Set-Cookie attributes (Path/Domain/Max-Age/SameSite/HttpOnly/Secure).
- IP / CIDR Calculator
Compute network address, broadcast, host range, mask, and host count from an IPv4 + CIDR.