Skip to main content
Ink·tab

cURL one-liner to code

Take a cURL one-liner from a backend log and rewrite it as fetch, axios, or HTTPie.

POSThttps://api.example.com/users· 2 headers· body: JSON
Target
JavaScript273 B
const response = await fetch('https://api.example.com/users', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer xxxxx'
  },
  body: '{"name":"홍길동","email":"hong@example.com"}'
});
const data = await response.json();
Everything happens in your browser. Nothing is uploaded.

When to use it

A backend teammate drops a cURL one-liner in Slack ("try this API") — paste it here, switch to fetch, axios, or HTTPie, and copy. Use it during PR review to unpack cURL flags into something easier to read, or to translate a documentation example into your own stack.

Handled options

| Option | Meaning | Effect | |---|---|---| | -X / --request | Method (POST, PUT, DELETE, …) | All targets | | -H / --header | A header line (Name: Value) | All targets | | -d / --data* | Body | fetch / axios body, HTTPie --raw | | -F / --form | multipart | Emits FormData construction | | -u / --user | Basic auth | Header (axios uses the auth option) | | -G / --get | Body becomes query string | Folded into the URL | | -b / --cookie | Cookie header | Becomes a header | | -A · -e | User-Agent · Referer | Become headers | | -k / --insecure | Skip TLS verification | Inline comment with caveats |

Output-only flags (-L, -s, -v, -i, -o, --compressed) are ignored silently.

Shell quoting

The built-in tokenizer handles:

  • Single quotes ('…') — everything inside is literal (even backslash)
  • Double quotes ("…") — backslash escape (\" \\ \$ ```)
  • Line-ending \ + newline — joined into one line (Bash, zsh)
  • Line-ending ^ + newline — Windows shell continuation

Complex JSON bodies wrapped in single quotes survive untouched.

Body policy

The tool does not parse JSON bodies into objects. The most reliable shape is the original string — fetch and axios both transmit a string body correctly when the Content-Type matches. If you want it as an object, JSON.parse(...) it yourself.

fetch vs axios vs HTTPie

  • fetch — Web standard. Built into Node 18+. No imports. Basic auth is encoded directly into the Authorization header (base64).
  • axios — Needs import axios from 'axios'. Has rich options (auth, query, baseURL). The tool emits auth: { username, password } for basic auth — axios fills the header.
  • HTTPie — CLI. The output uses \ continuation across lines so you can paste it straight into a terminal.

Privacy

Auth tokens, API keys, and cookies inside your cURL never leave the page. The shell tokenizer, header parser, and output generators are all client-side JavaScript with zero external calls.

Not the right tool when

  • gRPC, WebSocket, SSE — outside cURL's scope or needing different handling.
  • Automating an OAuth flow — refresh-token rotation and code exchange are separate. This tool converts a single request.
  • Refreshing Bearer tokens — the output is static. The refresh logic is up to you.

cURL commands stay on the page

Auth tokens, API keys, Authorization headers, cookies in your cURL string never leave the browser. The shell tokenizer, header parser, and output generators are all client-side JavaScript — zero external requests.

Frequently asked questions

Which cURL options are handled?
-X / --request, -H / --header, -d / --data / --data-raw / --data-binary / --data-urlencode, -F / --form (multipart), -u / --user, -G / --get, -k / --insecure, --cookie / -b, -A / --user-agent, -e / --referer. Output-only flags (-L, -s, -v, -i, -o, --compressed) are ignored.
Does the JSON body get parsed into an object?
No. The body is passed through as a string — that's the most reliable. fetch and axios both accept a string body when Content-Type matches. If you want it as an object, JSON.parse(...) it in your code.
How is -F (multipart) handled?
fetch and axios outputs include FormData-construction code: `form.append(...)` lines for each part, then the request uses `body: form`. File parts (`@/path/to/file`) become a placeholder `file` for you to fill in. HTTPie just uses `--multipart` plus the raw `key=value` arguments.
What about -u user:pass?
For fetch, the tool adds an Authorization header with base64(user:pass). For axios, it emits the dedicated `auth: '{ username, password }'` option (axios fills the header). For HTTPie, `--auth user:pass`.
And -k / --insecure?
Skips TLS verification. The browser fetch has no equivalent — the tool inserts a comment. Node fetch can use NODE_TLS_REJECT_UNAUTHORIZED=0; axios accepts an httpsAgent. Both are unsafe in production.