How to Set Authentication with cURL - Full Examples Guide

cURl is a viable tool for requesting and transferring data from web pages. However, an obstacle is often encountered: authentication. In this guide, we'll explain how to set cURL authentication for different types:

  • Basic auth.
  • Bearer tokens.
  • Cookies.

Let's get started!

Basic Auth With cURL

The basic auth method is one of the oldest methods for managing authentication. It requires entering basic credentials data, username and password:

basic auth window
Basic auth example

Authentication in the above image can be found at It requires entering the auth credentials before the request can proceed to the data.

To set basic authentication with cURL, we can use the --user or -u cURL options followed by the --basic option to mark it as basic auth:

curl --user user:passwd --basic

The above cURL command will enter the credentials data (user and passwd) to authorize the request. Here is the response of the above cURL command:

  "authorized": true,
  "user": "user"

Bearer Tokens With cURL

Bearer tokens are popular authentication methods for modern applications. They are tokens generated after the credentials are entered for the first time and used as a header for the requests to authenticate them.

If we go over the previous authentication endpoint on the browser and refresh the page, we'll find the authentication token used with the request headers:

authentication token header on browser developer tools
Authentication token header

To set Bearer authentication with cURL, we'll add the above Authorization header to the cURL command using the -H option:

curl -H "Authorization: Basic dXNlcjpwYXNzd2Q="

From the response, we can see that the cURL request was successfully authenticated:

  "authorized": true,
  "user": "user"

Authentication Cookies With cURL

Another popular method of managing authentication is using cookies, which function similarly to bearer tokens. After the credentials are validated successfully, a cookie value is created and saved to authorize future requests.

For this example, we'll use the login page on

login page on
Login page on

The above page uses a login form for authentication. If we take a look at the cookies for this domain, we'll find a cookie value for authentication:

authentication cookie on browser developer tools

To handle cookie authentication with cURL, we'll pass this cookie value to the cURL command in either two ways:

  • Adding it as a cookie value using the -b cURL option.
  • Adding the cookie value as a header using the -H cURL option.
curl -b "auth=user123-secret-token"
# or
curl -H "cookie: auth=user123-secret-token"

From the response, we can see that the cURL command was authenticated successfully:

  <div class="container text-center">
    <div class="form-text mb-2">Logged in as User123</div>
    <div class="form-text mb-2">The secret message is:<div id="secret-message" class="fw-bold">🤫</div>
    <a href="/api/logout"><button type="submit" class="btn btn-primary"> Logout </button> </a>

For further details on cURL, including configuring its commands and using it for web scraping, refer to our dedicated guide.

How to Use cURL For Web Scraping

Explore sending and configuring HTTP requests with cURL through a step-by-step guide. You will also explore advanced usages of cURL for web scraping, such as scraping dynamic pages and avoiding getting blocked.

curl web scraping article banner
Question tagged: cURL

Related Posts

Sending HTTP Requests With Curlie: A better cURL

In this guide, we'll explore Curlie, a better cURL version. We'll start by defining what Curlie is and how it compares to cURL. We'll also go over a step-by-step guide on using and configuring Curlie to send HTTP requests.

How to Use cURL For Web Scraping

In this article, we'll go over a step-by-step guide on sending and configuring HTTP requests with cURL. We'll also explore advanced usages of cURL for web scraping, such as scraping dynamic pages and avoiding getting blocked.

Use Curl Impersonate to scrape as Chrome or Firefox

Learn how to prevent TLS fingerprinting by impersonating normal web browser configurations. We'll start by explaining what the Curl Impersonate is, how it works, how to install and use it. Finally, we'll explore using it with Python to avoid web scraping blocking.