- cURL / curl
- Open-source command-line tool and libcurl library for sending HTTP/HTTPS/FTP and other protocol requests via URLs on the command line - the most common tool for developers debugging APIs.
- HTTP Method
- HTTP request action, common ones: GET (read), POST (create), PUT (full update), PATCH (partial update), DELETE (remove), HEAD (get headers), OPTIONS (query server capabilities).
- Request Header
- Metadata key-value pairs in HTTP requests, such as Content-Type, Authorization, User-Agent, Cookie, Accept, etc.; specified via -H/--header in curl.
- Request Body
- The data portion of an HTTP request, commonly used with POST/PUT/PATCH; specified via -d/--data/--data-binary/-F in curl; common formats: JSON, form-urlencoded, multipart/form-data.
- Content-Type
- Request/response header indicating body media type. application/json for JSON, application/x-www-form-urlencoded for URL-encoded forms, multipart/form-data for file upload forms.
- Basic Auth
- HTTP basic authentication, passing username/password via Authorization: Basic base64(user:pass) header; specified with -u user:pass in curl.
- Bearer Token
- Token-based authentication method, passed via Authorization: Bearer <token> header; commonly used with JWT/OAuth2.
- User-Agent
- Request header identifying client type (browser/crawler/script); curl sends "curl/version" by default, many websites block non-browser UAs, commonly set with -A.
- Cookie
- Key-value pairs sent by servers via Set-Cookie and returned by browsers in subsequent Cookie headers for session persistence. curl -b sends cookies, -c saves cookies.
- Referer
- Request header indicating the source page URL of the current request; checked by some anti-hotlink/CSRF protections; set with -e in curl.
- Redirect (3xx)
- When server returns 301/302/303/307/308 status codes telling browsers to redirect to a new URL. curl doesn't follow by default, add -L/--location to follow.
- --compressed
- curl option that automatically adds Accept-Encoding: deflate, gzip header and decompresses responses. Without this, responses may be garbled compressed data.
- -k/--insecure
- curl option that skips HTTPS certificate verification; only for self-signed cert test environments, forbidden in production.
- fetch API
- Browser native JavaScript HTTP request API returning Promise, supported by all modern browsers.
- Axios
- Popular Promise-based HTTP client library for browsers and Node.js; automatic JSON serialization, interceptors, timeout cancellation.
- OkHttp
- Java/Android HTTP client library from Square; high-performance, HTTP/2 support, connection pooling, transparent GZIP.
- HttpClient (.NET)
- Recommended C#/.NET HTTP client in the System.Net.Http namespace; standard API for .NET Core/.NET 5+.
- Invoke-RestMethod
- PowerShell 3.0+ built-in HTTP request cmdlet that auto-parses JSON/XML responses to PowerShell objects.