cURL Command Parser

Paste a curl command and break it into its HTTP method, URL, query parameters, headers, body, auth, cookies and flags — or rebuild a clean, canonical curl command. Runs entirely in your browser; nothing is uploaded.

Try:
Result

About this tool

A curl command is the line you copy from API docs, a README, or your browser's DevTools "Copy as cURL" — a shell command that fires off an HTTP request. This tool reads one apart into its pieces so you can see exactly what it does, or rebuilds a clean, canonical version. Everything happens in your browser; nothing you paste is uploaded.

Parse mode

Paste a curl command and get back every component, decoded:

The tokenizer understands single quotes, double quotes (with \", \\, \$ escapes), backslash-escaped characters, and \-at-end-of-line continuations, so multi-line commands pasted straight from docs parse cleanly. A leading curl is optional.

Rebuild mode

Switch the mode to rebuild and the same command comes back tidied: one -H per line, values correctly shell-quoted, the method shown only when it isn't a plain GET, and flags in a stable order — a canonical form that's easy to read and diff.

Privacy

Everything runs locally in WebAssembly. No command, URL, header, token, or password ever leaves your device, and there is no sign-up.

FAQ

How does it decide the HTTP method when there's no -X?

It follows curl's own rules. An explicit -X/--request always wins. Otherwise the method is inferred: it's POST when the command carries a body (-d, --data-raw, --data-binary, --data-urlencode) or a form field (-F), it's HEAD when -I/--head is present, and it's GET in every other case (including -G/--get, which sends any -d data as the query string instead of a body).

Which curl flags are recognised?

The common HTTP ones: -X/--request, -H/--header, -d/--data, --data-ascii, --data-raw, --data-binary, --data-urlencode, -F/--form, -b/--cookie, -u/--user, -A/--user-agent, -e/--referer, --url, -G/--get, -I/--head, -k/--insecure, -L/--location and --compressed. Other options that curl accepts (like -s, -v, --fail, --connect-timeout) are recognised and listed under "Other flags" rather than dropped, so nothing in your command goes unaccounted for.

Does it read the files referenced by @filename?

No. Arguments such as -d @body.json or -F [email protected] tell curl to read a local file at run time, and that file isn't part of the command text you paste. The tool reports each one as a file reference so you know a file is involved, but it can't (and doesn't) read anything from your disk.

What does rebuild mode change about my command?

It doesn't change what the request does — it just normalises the presentation. The command is re-emitted with each header on its own -H line, values wrapped in single quotes only where a shell needs them, the method printed only when it isn't GET, and the flags in a fixed order. It's handy for turning a one-line command copied from DevTools into something readable, or for producing a consistent form you can commit and diff.

Is a basic-auth password shown in plain text?

Yes — -u user:password is split into its username and password exactly as written, because that's what the command already contains. Nothing is sent anywhere (the whole tool runs in your browser), but bear in mind that a curl command with -u embeds the credentials in plain text, so treat such commands as secrets and avoid pasting them into tools you don't trust.

Developer & Automation Access

Run it from the terminal

Same engine as this page, headless — via the gizza CLI:

gizza tool curl-command-parser "..."

New to the CLI? Get gizza →

Open it by URL

Pre-fill and auto-run this tool with query parameters — the names match the API/CLI:

https://gizza.ai/tools/curl-command-parser/?mode=parse&command=curl%20-X%20POST%20%27https%3A%2F%2Fapi.example.com%2Fv1%2Fitems%27%20-H%20%27Content-Type%3A%20application%2Fjson%27%20-d%20%27%7B%22name%22%3A%22gizza%22%7D%27

Machine-readable descriptor: tool.json — title + parameters JSON Schema for agents.