mjhjmtu

I have read the man pages of Curl, but I can't understand what those parameters (k, i and X) mean. I see it used in a REST API call, but can someone please explain what those three parameters do? It's not clear in the documentation.

Thank you in advance.

-k, --insecure: If you are doing curl to a website which is using a self-signed SSL certificate then curl will give you an error as curl couldn't verify the certificate. In that case, you could use -k or --insecure flag to skip certificate validation.

Example:

[root@arif]$ curl --head https://xxx.xxx.xxx.xxx/login

curl: (60) Peer's Certificate issuer is not recognized. 
More details here: http://curl.haxx.se/docs/sslcerts.html 
curl performs SSL certificate verification by default, using a 
"bundle" of Certificate Authority (CA) public keys (CA certs).
If the default bundle file isn't adequate, you can specify an 
alternate file using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented 
in the bundle, the certificate verification probably failed 
due to a problem with the certificate (it might be expired, 
or the name might not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate,
use the -k (or --insecure) option.

[root@arif]$ curl -k --head https://xxx.xxx.xxx.xxx/login

HTTP/1.1 302 Moved Temporarily
Date: Thu, 07 Dec 2017 04:53:44 GMT
Transfer-Encoding: chunked
Location: https://xxx.xxx.xxx.xxx/login 
X-FRAME-OPTIONS: SAMEORIGIN
Set-Cookie: JSESSIONID=xxxxxxxxxxx; path=/; HttpOnly

-i, --include: This flag will include http header. Usually http header are consist of server name, date, content type etc.

Example:

[root@arif]$ curl https://google.com

<HTML><HEAD><meta http-equiv="content-type" content="text/html charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="https://www.google.com/">here</A>.
</BODY></HTML>

[root@arif]$ curl -i https://google.com

HTTP/1.1 301 Moved Permanently
Location: https://www.google.com/
Content-Type: text/html; charset=UTF-8
Date: Thu, 07 Dec 2017 05:13:44 GMT
Expires: Sat, 06 Jan 2018 05:13:44 GMT
Cache-Control: public, max-age=2592000
Server: gws
Content-Length: 220
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339;
quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000;
v="41,39,38,37,35"
<HTML><HEAD><meta http-equiv="content-.....

-X, --request: This flag will used to send custom request to the server. Most of the time we do GET, HEAD, and POST. But if you need specific request like PUT, FTP, DELETE then you can use this flag. Following example will send a delete request to the google.com

Example:

[root@arif]$ curl -X DELETE google.com

..........................
<p><b>405.</b> <ins>That’s an error.</ins>
<p>The request method <code>DELETE</code> is inappropriate for the URL
<code>/</code>. <ins>That’s all we know.</ins>`

It is clearly documented here. Not sure why you cannot find them in your man pages.

Edit

From the man page

-k, --insecure

(TLS) By default, every SSL connection curl makes is verified to be
secure. This option allows curl to proceed and operate even for server
connections otherwise considered insecure.

The server connection is verified by making sure the server's
certificate contains the right name and verifies successfully using
the cert store.

This means that with -k, curl will accept connections to HTTPS even if there are certificate errors (outdated certificate, self-issued certificate, etc.)

-i, --include

Include the HTTP response headers in the output. The HTTP response
headers can include things like server name, cookies, date of the
document, HTTP version and more...

To view the request headers, consider the -v, --verbose option.

See also -v, --verbose

There are not much I can say about this in layman language. If you are not familiar with HTTP response headers, this is where you can find more information.

-X, --request

(HTTP) Specifies a custom request method to use when communicating
with the HTTP server. The specified request method will be used
instead of the method otherwise used (which defaults to GET). Read the
HTTP 1.1 specification for details and explanations. Common additional
HTTP requests include PUT and DELETE, but related technologies like
WebDAV offers PROPFIND, COPY, MOVE and more.

Normally you don't need this option. All sorts of GET, HEAD, POST and
PUT requests are rather invoked by using dedicated command line
options.

This option only changes the actual word used in the HTTP request, it
does not alter the way curl behaves. So for example if you want to
make a proper HEAD request, using -X HEAD will not suffice. You need
to use the -I, --head option.

The method string you set with -X, --request will be used for all
requests, which if you for example use -L, --location may cause
unintended side-effects when curl doesn't change request method
according to the HTTP 30x response codes - and similar.

(FTP) Specifies a custom FTP command to use instead of LIST when doing
file lists with FTP.

(POP3) Specifies a custom POP3 command to use instead of LIST or RETR.
(Added in 7.26.0)

(IMAP) Specifies a custom IMAP command to use instead of LIST. (Added
in 7.30.0)

(SMTP) Specifies a custom SMTP command to use instead of HELP or VRFY.
(Added in 7.34.0)

If this option is used several times, the last one will be used.

When you use curl to access a web page it is actually sending the GET request to the server. There are other kinds of request that can be used and -X is the way to specify this. As noted above, this command is usually not needed. For example, if you need a POST request you can use -d rather than using -X. Without further information it's hard to say why you need -X in your API call.

I hope these help.