HTTP Cheat Sheet
Status Codes
Section titled “Status Codes”Success (2xx)
Section titled “Success (2xx)”| Code | Meaning | When to Use |
|---|---|---|
| 200 | OK | Request succeeded, body has data |
| 201 | Created | Resource created (POST) |
| 204 | No Content | Success, no body (DELETE, PUT) |
Redirection (3xx)
Section titled “Redirection (3xx)”| Code | Meaning | When to Use |
|---|---|---|
| 301 | Moved Permanently | URL changed forever |
| 302 | Found | Temporary redirect |
| 304 | Not Modified | Client cache still valid |
Client Errors (4xx)
Section titled “Client Errors (4xx)”| Code | Meaning | When to Use |
|---|---|---|
| 400 | Bad Request | Malformed syntax, invalid data |
| 401 | Unauthorized | Missing or invalid credentials |
| 403 | Forbidden | Valid credentials, no permission |
| 404 | Not Found | Resource doesn’t exist |
| 409 | Conflict | State conflict (duplicate, etc.) |
| 422 | Unprocessable Entity | Valid syntax, semantic errors |
| 429 | Too Many Requests | Rate limited |
Server Errors (5xx)
Section titled “Server Errors (5xx)”| Code | Meaning | When to Use |
|---|---|---|
| 500 | Internal Server Error | Unexpected server failure |
| 502 | Bad Gateway | Upstream server failed |
| 503 | Service Unavailable | Server overloaded/down |
| 504 | Gateway Timeout | Upstream server timeout |
curl Basics
Section titled “curl Basics”# GET requestcurl https://api.example.com/users
# With headerscurl -H "Authorization: Bearer TOKEN" https://api.example.com/users
# POST JSONcurl -X POST \ -H "Content-Type: application/json" \ -d '{"name": "alice"}' \ https://api.example.com/users
# POST form datacurl -X POST \ -d "name=alice&email=alice@example.com" \ https://api.example.com/users
# Upload filecurl -X POST \ -F "file=@document.pdf" \ https://api.example.com/uploadcurl Options
Section titled “curl Options”| Flag | Purpose |
|---|---|
-X METHOD | HTTP method (GET, POST, PUT, DELETE) |
-H "K: V" | Add header |
-d "data" | Request body |
-F "k=v" | Form field (multipart) |
-o file | Write output to file |
-O | Save with remote filename |
-L | Follow redirects |
-i | Include response headers |
-I | HEAD request (headers only) |
-v | Verbose (debug) |
-s | Silent (no progress) |
-k | Skip TLS verification |
-u user:pwd | Basic auth |
curl + jq Patterns
Section titled “curl + jq Patterns”# Pretty print JSON responsecurl -s https://api.example.com/users | jq
# Extract fieldcurl -s https://api.example.com/users | jq '.[0].name'
# Filter and formatcurl -s https://api.example.com/users | jq '.[] | {name, email}'
# Check status codecurl -s -o /dev/null -w "%{http_code}" https://api.example.com/healthCommon Headers
Section titled “Common Headers”Request Headers
Section titled “Request Headers”| Header | Purpose | Example |
|---|---|---|
| Authorization | Credentials | Bearer eyJhbGc... |
| Content-Type | Body format | application/json |
| Accept | Desired response format | application/json |
| User-Agent | Client identifier | MyApp/1.0 |
| Cache-Control | Caching directives | no-cache |
| If-None-Match | Conditional (ETag) | "abc123" |
| If-Modified-Since | Conditional (date) | Wed, 21 Oct 2024 07:28:00 GMT |
Response Headers
Section titled “Response Headers”| Header | Purpose | Example |
|---|---|---|
| Content-Type | Body format | application/json; charset=utf-8 |
| Cache-Control | Caching instructions | max-age=3600 |
| ETag | Resource version | "abc123" |
| Location | Redirect target / created URL | /users/42 |
| X-RateLimit-* | Rate limit info | X-RateLimit-Remaining: 99 |
REST Conventions
Section titled “REST Conventions”| Action | Method | Path | Success Code |
|---|---|---|---|
| List all | GET | /resources | 200 |
| Get one | GET | /resources/:id | 200 |
| Create | POST | /resources | 201 |
| Full update | PUT | /resources/:id | 200 |
| Partial update | PATCH | /resources/:id | 200 |
| Delete | DELETE | /resources/:id | 204 |
Query Parameters
Section titled “Query Parameters”GET /users?page=2&limit=20 # PaginationGET /users?sort=name&order=desc # SortingGET /users?filter[role]=admin # FilteringGET /users?fields=id,name,email # Sparse fieldsGET /users?include=posts,comments # Related resourcesAuthentication Patterns
Section titled “Authentication Patterns”Bearer Token
Section titled “Bearer Token”curl -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \ https://api.example.com/usersBasic Auth
Section titled “Basic Auth”# With -u flagcurl -u username:password https://api.example.com/users
# Manual headercurl -H "Authorization: Basic $(echo -n user:pass | base64)" \ https://api.example.com/usersAPI Key
Section titled “API Key”# In headercurl -H "X-API-Key: abc123" https://api.example.com/users
# In query string (less secure)curl "https://api.example.com/users?api_key=abc123"Debugging
Section titled “Debugging”# See full request/responsecurl -v https://api.example.com/users
# Time breakdowncurl -w "DNS: %{time_namelookup}sConnect: %{time_connect}sTTFB: %{time_starttransfer}sTotal: %{time_total}s" \ -o /dev/null -s https://api.example.com/users
# Test endpoint availabilitycurl -s -o /dev/null -w "%{http_code}" https://api.example.com/healthSee Also
Section titled “See Also”- Cryptography — TLS, certificates, and HMAC authentication
- jq — Process JSON responses
- Unix — Pipe curl output to other tools
- API Design
- Cryptography Lesson Plan
- Networking Lesson Plan
- Security Lesson Plan