Skip to content

Set Auth Header Using cURL

If it comes to testing REST APIs I’m a big fan of Postman. But for quick and command line testing I always prefer to use cURL. For developing and testing protected endpoints we need to pass an authorization header. How can we do this with cURL?

Example of using Bearer tokens:

$ curl -H "Authorization: Bearer <ACCESS_TOKEN>" http://www.example.com

Example request (invalid token):

$ curl -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6Impha3ViQHdwLnBsIiwiaXNzIjoiY291cnNlIn0.wwRWNypw0tLkhnyKPQZ7RSIOlGuwZx3eFEIz2A7r6Ji" http://localhost:8000/protected

Response:

{"message":"signature is invalid","status":401}

Example request (valid token):

$ curl -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6Impha3ViQHdwLnBsIiwiaXNzIjoiY291cnNlIn0.wwRWNypw0tLkhnyKPQZ7RSIOlGuwZx3eFEIz2A7r6JI" http://localhost:8000/protected

Test (debug) log from dev server:

Success!

More information about jwt tokens and authentication mechanism: