A practical guide to HTTP authentication schemes and how curl handles each one. Covers how to identify the auth scheme from the server's WWW-Authenticate header, then use the correct curl flag for Basic, Digest, NTLM, Bearer token, and API key authentication. Includes protocol-level explanations, curl command examples, JWT payload decoding, default credential testing loops, and a quick reference cheat sheet. Security implications are noted throughout, such as Basic Auth over plain HTTP being a vulnerability finding and API keys in query strings appearing in logs.
Sort: