cURL to Code Converter

cURL Command

Output Language

Generated Code

About the cURL to Code Converter

The cURL Converter parses a curl command and emits idiomatic, copy-ready HTTP-client code in 21 languages and library variants — Python (requests), JavaScript (fetch), Node.js (axios, got, native http), Go, Java (HttpClient, OkHttp, HttpURLConnection), Kotlin, C (libcurl), Rust, C#, PHP (native, Guzzle), Ruby, Swift, Dart, R, plus structured JSON and raw HTTP/1.1 wire output. Paste the curl command from your shell history, an API doc, or a Postman export; switch the target language tab and the generated code updates live. The parser handles headers, query strings, request bodies (-d, --data-raw, --data-binary), basic and bearer auth, cookies, multipart form data (-F), and follow-redirects (-L). Everything runs in your browser via the curlconverter package — your command, including any API keys baked into Authorization headers, never leaves the tab.

Updated: May 7, 2026

Related Tools

cURL BuilderBuild a curl command interactively from method, URL, headers, and body fields.Try it HTTP Header CheckerAudit the response headers returned by your converted request.Try it JSON ViewerFormat and validate the JSON request body or response payload.Try it JWT DecoderDecode JWTs that appear in Authorization: Bearer headers.Try it HTTP Request TesterSend the actual request live and inspect the response without leaving the browser.Try it Hash GeneratorGenerate HMAC-SHA-256 signatures for AWS, Stripe, GitHub, or Slack request authentication.Try it

How to use the cURL converter

  • Paste a curl command into the input area. Multi-line continuations with backslash work; trailing whitespace is tolerated; both single and double quotes around argument values parse correctly per the curl manual.
  • Pick a target language from the tab strip. The output panel shows syntax-highlighted, copy-ready code that matches the conventions of the most popular client library for that language (requests for Python, fetch for browser JavaScript, axios for Node.js by default, OkHttp for Kotlin, etc.).
  • Inspect the Request Inspector below the grid to see the parsed structure — method, URL, headers, query parameters, body — separated from any language-specific rendering. This is the canonical view of "what curl actually meant" before any library translation.
  • Copy the generated code with the Copy button on the output panel. The clipboard receives the exact string you see, including imports and any auth-handling boilerplate.
  • Switch tabs to compare side-by-side how different languages express the same request — useful when porting test suites between Python and Go, or migrating a webhook-receiver from Node.js to Rust.

Common use cases

  • API exploration to client SDK. You found a working API call by pasting curl into your terminal; now you need to embed it in a service. One paste, pick the language, the boilerplate is done.
  • Learning HTTP semantics across languages. The same curl command rendered side-by-side in Python requests, JavaScript fetch, and Go net/http highlights the conceptual mapping (method, URL, headers, body) the libraries share — helpful for engineers picking up a new stack.
  • Bug repro for support tickets. Convert your curl that demonstrates the bug into the customer's preferred language, paste both into the ticket, and the support engineer can run the failing case in their IDE without parsing curl flags.
  • Migration between client libraries. Your team is moving from axios to native fetch, or from requests to httpx — generate both versions of a known-good curl call to cross-check that header handling, redirect behavior, and body encoding survive the migration.
  • Documentation and tutorials. Auto-generate code samples for an OpenAPI spec or developer-portal page by piping each example curl through the converter for every supported language. Faster than maintaining 21 hand-written snippets per endpoint.

Privacy and security

Parsing happens entirely in your browser via the curlconverter package — the same library that powers curlconverter.com, but here the code runs locally rather than on a remote server. Your command, including any tokens in -H "Authorization: Bearer ..." or basic-auth credentials in -u user:pass, is never transmitted. The page also avoids URL-syncing the command body by default; only the language tab and a hash of the input may be persisted, and even those can be disabled. Your secrets stay in your tab.

Tips and pitfalls

  • -X PATCH and -X PUT have idiomatic differences across libraries. Python requests has a top-level requests.patch() helper; native http in Node.js requires you to set method: "PATCH" explicitly. Go's net/http makes you build the *Request manually for any method other than GET or POST. The converter picks the most idiomatic form per language; review the output if you have library-version constraints.
  • Cookie jar semantics differ. curl --cookie-jar persists cookies across requests; Python requests needs a Session object; native fetch in Node.js needs cookie handling code that the language did not ship until very recently. The converter emits the most common pattern but cannot fully replicate persistent cookie behavior across multiple converted commands.
  • Multipart -F has edge cases. -F "file=@path" reads the file at request time; the converter cannot embed the file contents because it runs in the browser without filesystem access. Generated code uses the language's native file-handle pattern (open(path, "rb") in Python, fs.createReadStream in Node.js) and you fill in the path.
  • Redirect handling differs across libraries. Python requests follows redirects by default; Python httpx does not; Go's net/http follows by default but only for safe methods. The converter respects -L and adds the equivalent flag, but the per-library default is worth double-checking against your specific scenario, especially for auth-bearing redirects.
  • -d vs --data-raw vs --data-binary differ in newline handling. -d (alias --data) strips newlines from input; --data-raw preserves them; --data-binary preserves and disables URL-encoding entirely. The converter respects whichever form you pasted.
  • Some curl flags are advisory rather than translated. -k (skip TLS verify), --resolve (DNS override), --insecure, and --cert have library-specific equivalents that may be insecure or unavailable on a given language. The converter emits warnings rather than silently dropping these flags so you know what was not translated.

Frequently Asked Questions

How many languages and libraries are supported?
21 outputs in total: Python (requests), JavaScript (fetch), Node.js (axios, got, native http), Go (net/http), Java (HttpClient, OkHttp, HttpURLConnection), Kotlin, C (libcurl), Rust (reqwest), C#, PHP (native, Guzzle), Ruby (Net::HTTP), Swift (URLSession), Dart, R (httr), plus a structured JSON view and a raw HTTP/1.1 wire format. The list is the same as curlconverter.com because the underlying parser is the same.
Is this the same as curlconverter.com?
Same parser (the open-source curlconverter package by Nick Carneiro), different runtime: curlconverter.com runs the conversion server-side; this page runs it in your browser. Functionally identical, privacy-different — your curl command, including any API keys in headers, never leaves your tab here.
Does it handle multipart form data (-F)?
Yes. -F "name=value" generates the correct form-data structure in each target library, and -F "file=@path/to/file" generates the language-native file-handle pattern (open() in Python, fs.createReadStream in Node.js, NSFileHandle in Swift). The converter cannot embed the file contents itself because it has no filesystem access from the browser.
Are authenticated requests supported?
Yes. Basic auth (-u user:pass) renders to the language-native auth helper (HTTPBasicAuth in Python requests, the auth tuple in axios, etc.). Bearer tokens in -H "Authorization: Bearer ..." pass through verbatim. Digest, NTLM, and Kerberos auth are not in the curlconverter scope; the converter warns if they appear.
How does -k or --insecure translate?
Each library has a different mechanism: Python requests takes verify=False, Node.js fetch needs an https.Agent with rejectUnauthorized: false, Go needs InsecureSkipVerify: true on a *tls.Config. The converter emits the correct flag but also warns that disabling TLS verification is dangerous outside test environments — production code should never carry these flags.
Does it follow -L (redirects)?
Yes — the converter respects -L and produces the language-specific equivalent: Python requests follows by default; Node.js fetch needs redirect: "follow" (the default); Go's net/http follows for safe methods automatically. Note that some libraries strip Authorization headers across redirects to different hosts; if your auth needs to survive a redirect, review the generated code carefully.
What is the difference between -d and --data-raw?
-d (alias --data, --data-ascii) URL-encodes the input and strips newlines. --data-raw preserves newlines but still URL-encodes. --data-binary preserves and does not URL-encode at all. The converter respects whichever you used; if your curl works correctly, the generated code will too.
Why do I see warnings in the output?
Warnings appear when curlconverter encounters a flag with no clean equivalent in the target language (--cert, --resolve, --interface), an unusual quoting situation (mixed nested quotes, backslash-escaped values), or a dependency on filesystem state at request time (--upload-file, multipart with @file references). Read each warning — most are advisory, some require you to fill in a value the parser could not determine.
Does it handle GraphQL or JSON-RPC endpoints?
Yes — those are just regular HTTP requests with JSON bodies. The converter renders them like any POST with -H "Content-Type: application/json" and -d {...}. No special handling is needed and the output is idiomatic for each language's preferred JSON-encoding pattern.
Can I convert without a network connection?
Yes. Conversion runs entirely in the browser via WebAssembly-compiled curlconverter. Once the page is loaded, you can disable the network and the converter continues to work. No outbound HTTP requests are made during conversion.