Search Engine Optimization (SEO) is a prerequisite for any digital marketing strategy. To increase online visibility and generate website traffic, businesses […]
By AayushYou can transmit data over different protocols, such as HTTP, using cURL (or curl), a command line tool. Often you need to submit your credentials when accessing protected resources, like a web page that requires registration. Resolve common problems so that you can securely access protected resources.
A quick overview of cURL’s data transfer capabilities.
The main strength of cURL is the execution of HTTP requests, the basis of web communication. It performs excellently handling various requests, including the more sophisticated and flexible POST and PUT requests and the common GET requests. It ensures that web communication capabilities are complete and seamless.
cURL fundamentals of authentication and authorization
Basic authentication is a simple HTTP mechanism in which the client sends a username and password in plain text, Base64 encoded, in the Authorization header. It’s not the most secure way to access, yet it runs rampant for primary access control.
To implement rudimentary authentication, incorporate the –user username: Add password option into your curl command. cURL will then encode in Base64 these credentials and append an Authorization header to the HTTP request. This header helps the server to identify the username and password to verify it. This guide will then provide more practical examples of this process.
Basic authentication has many limitations.
- Security: Credentials are sent to the request reader, which makes them liable to attack.
- Caching: Browsers frequently cache the credentials that might lead to unauthorized access.
- Replay attacks: Credentials intercepted can be reused by hackers.
Basic authentication allows or denies access to entire resources, not individual actions because it is not granular enough.
The brief response
The -u option flag (short for –user) can be employed to perform Basic Access Authentication with cURL in the following manner:
$ curl -u username: password url where a colon character separates username and password (:).
Alternatively, cURL will request a password if you only provide the username:
$ curl -u username url
Under the hood, this command inserts a “Authorization” header. cURL will encode the username:Encode password string by Base64URL encoding scheme, and put that value in the Basic authorization header of the request to the HTTP server. For instance, cURL will transform the johndoe:password string into the HTTP header specified
Use AI Command Search to refresh your memory on the syntax.
The Warp AI Command Search feature enables you to effortlessly retrieve this command if you are utilizing Warp as your terminal:
Upon entering the basic authentication curl in the AI Command Search prompt, the URL is precisely curl -u username:password. You can quickly insert this URL into your shell by pressing CMD+ENTER.
Remove special characters in curl (like your password)
When using cURL for authentication you may need to escape certain characters in your username or password.
If the special characters are to be circumvented, you may use backslash character (\).
$ curl -u johndoe:h\&llo https://example.com
Or, you might use single quotations to surround your string to render all special characters meaningless so that the shell will not expand your text.
$ curl -u johndoe:’h&llo’ https://example.com
The following elements are required to be escaped:
- “Colon” (:): the colon is used to separate the username and the password. This character should not be present in the username, and if there’s a need to show it in the password, we need to escape it.
- The shell uses the ampersand (&) to dispatch a process to the background.
- (%) percent: The percent sign is used to encode special characters in URLs, and may cause encoding errors.
- In particular the shell uses the space character to delimit command line arguments and parameters.
Use HTTPS (not HTTP) for your curl requests.
In general, it is not recommended to transmit your credentials in transparent text over the network with an unsecured protocol, such as HTTP.
When available, we recommend you use the HTTPS endpoint of the service you are trying to authenticate. This can be achieved by incorporating the https scheme into the target URL as follows:
$ curl -u username:password https://example.com
This will add another layer of encryption on top of HTTP, so that if your credentials are compromised, they will be secure.
Store the curl credentials in a .netrc file and ensure they’re protected.
Authenticating by typing in your credentials in explicit text in the command line is a considerable security risk.
This is because the shell keeps an internal history list of all the commands you run, just as your browser keeps the queries you run.
The RAM temporarily stores these commands until you exit your shell session. Upon that, the history list will be physically written to the disk in a file in your home directory (e.g.,.bash_history for Bash,.zsh_history for ZSH ).
Therefore, other users signed up on the system can access this file and steal your credentials.
Suppose you want to remove for example the previous 3 entries of the history before they are written to disk. In that case, you can use the history command.
$ history -d entry_number
However, a better way to protect your credentials is to retrieve them from a file you can access alone.
The.netrc file
To prevent the transmission of your credentials in explicit text to the cURL command, you may store them in a file named.netrc in your home directory:
default login password
For example, the default logon is john@example.com.
password: h3lloJ0hn
Then, to perform an authentication, use the -n option flag (short for –netrc):
$ curl -n url
Note that the –netrc-file option flag can be used to specify the path of the file if you wish to store it in a different directory:
$ curl –netrc path/to/file URI
The following chmod command can be used to ensure that this file is only readable and writable by you, for apparent security reasons:
$ chmod 600 ~/.netrc
We can summarize what you have learned about cURL.
In this guide, we have taught you how to use cURL to send credentials using basic authentication. A foundation for basic authentication using a username and password where whether you are integrating with web services, testing APIs, or accessing web resources, cURL provides a simple, efficient way to do so. A rudimentary level of authentication is easy to add to your cURL requests by using the –user option and the –u shortcut as well as custom headers.