Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to set the authorization header using cURL

How do I pass authorization header using cURL? ( executable in /usr/bin/curl).

like image 221
Vidya Avatar asked Jun 15 '10 10:06

Vidya


People also ask

How do you pass the Authorization bearer in Curl?

Sending the Bearer Token with a Curl POST request is similar to sending the Bearer Token with a Curl GET request. POST data is passed with the -d command-line option, and the authorization header and the bearer token are passed with the -H command-line option.

How do you add a header in Curl?

To send an HTTP header with a Curl request, you can use the -H command-line option and pass the header name and value in "Key: Value" format. If you do not provide a value for the header, this will remove the standard header that Curl would otherwise send. The number of HTTP headers is unlimited.


3 Answers

http://curl.se/docs/httpscripting.html

See part 6. HTTP Authentication

HTTP Authentication

HTTP Authentication is the ability to tell the server your username and password so that it can verify that you're allowed to do the request you're doing. The Basic authentication used in HTTP (which is the type curl uses by default) is plain text based, which means it sends username and password only slightly obfuscated, but still fully readable by anyone that sniffs on the network between you and the remote server.

To tell curl to use a user and password for authentication:

curl --user name:password http://www.example.com

The site might require a different authentication method (check the headers returned by the server), and then --ntlm, --digest, --negotiate or even --anyauth might be options that suit you.

Sometimes your HTTP access is only available through the use of a HTTP proxy. This seems to be especially common at various companies. A HTTP proxy may require its own user and password to allow the client to get through to the Internet. To specify those with curl, run something like:

curl --proxy-user proxyuser:proxypassword curl.haxx.se

If your proxy requires the authentication to be done using the NTLM method, use --proxy-ntlm, if it requires Digest use --proxy-digest.

If you use any one these user+password options but leave out the password part, curl will prompt for the password interactively.

Do note that when a program is run, its parameters might be possible to see when listing the running processes of the system. Thus, other users may be able to watch your passwords if you pass them as plain command line options. There are ways to circumvent this.

It is worth noting that while this is how HTTP Authentication works, very many web sites will not use this concept when they provide logins etc. See the Web Login chapter further below for more details on that.

like image 67
Oli Avatar answered Oct 12 '22 01:10

Oli


Just adding so you don't have to click-through:

curl --user name:password http://www.example.com

or if you're trying to do send authentication for OAuth 2:

curl -H "Authorization: OAuth <ACCESS_TOKEN>" http://www.example.com
like image 436
Tony Avatar answered Oct 12 '22 00:10

Tony


Bearer tokens look like this:

curl -H "Authorization: Bearer <ACCESS_TOKEN>" http://www.example.com
like image 236
Steve Tauber Avatar answered Oct 12 '22 02:10

Steve Tauber