# HTTP request translator

> Paste a curl command and get it explained flag by flag, then translated to fetch, a raw HTTP request, HTTPie, and Python requests. Local and offline; the command is decoded in your browser and nothing is sent or run.

- Tool: https://ronutz.com/en/tools/http-request-translator
- Family: Web & HTTP

---

## What it does

Paste a `curl` command and the tool explains it flag by flag, then translates it into four other forms: a browser `fetch` call, a raw HTTP request, an HTTPie command, and Python `requests` code. The command is tokenized and decoded in your browser; nothing is ever sent, and no request is run.

## One parse, five views

Under the hood there is a single step: the tool parses your `curl` command into one request model, capturing the method, the URL, the headers, the body, authentication, and the other options. Everything you see is derived from that one model. Because translating a command correctly already requires understanding every flag, the flag-by-flag explanation is just that same model shown with labels, which is why the explanation and the translations always agree.

## The forms it produces

- **curl explained.** Each option is named and described, so an unfamiliar flag stops being a mystery.
- **fetch.** The browser Fetch API call, following the MDN semantics, ready to drop into JavaScript.
- **Raw HTTP.** The actual request line, headers, and body as they would go on the wire, which is the clearest way to see exactly what a request is.
- **HTTPie.** The equivalent `http` command, for those who prefer that client.
- **Python requests.** The equivalent code using the Requests library.

## Why translate rather than run

The tool deliberately never executes the request. That is a privacy and safety choice: you can decode and convert a command that carries credentials or points at an internal host without any of it leaving your browser, and without triggering whatever the request would do. It is a translator and an explainer, not a client.

## Using it

Paste a `curl` command and read the flag-by-flag explanation and the four translations. The conversion is deterministic and local, so the same command always produces the same output.

## Standards and references

- [curl - man page (command options)](https://curl.se/docs/manpage.html)
- [RFC 9110 - HTTP Semantics](https://www.rfc-editor.org/rfc/rfc9110)
- [MDN - Using the Fetch API](https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch)
- [HTTPie - Documentation](https://httpie.io/docs/cli)
- [Requests - Quickstart](https://requests.readthedocs.io/en/latest/user/quickstart/)

## Related reading

- [curl Data Flags and the Content-Type Trap](https://ronutz.com/en/learn/curl-data-flags-and-content-type.md): curl has several ways to attach a body, and they differ in encoding and default Content-Type. The big surprise is that -d defaults to form encoding, not JSON, so a JSON body can be mislabeled and rejected.
- [curl Flags That Change Security Posture](https://ronutz.com/en/learn/curl-security-flags.md): A few curl flags change how safe a request is: -k disables TLS verification, http sends everything in clear text, and credentials in the URL can leak. None make a request malicious, but each is worth reading before you run or share a command.
- [Headers, Authentication, and Cookies in curl](https://ronutz.com/en/learn/curl-headers-auth-and-cookies.md): Headers, auth, and cookies are how a request identifies and authorizes itself. -H adds headers, -u is HTTP Basic, a bearer token is just a header, and -b/-c handle cookies. All of them are sensitive.
- [How curl Infers the HTTP Method](https://ronutz.com/en/learn/curl-method-inference.md): curl does not always need -X to choose a method. Body data implies POST, -I implies HEAD, -G forces GET, and an explicit -X always wins. Knowing the rules tells you at a glance what a request will do.
- [Reading a curl Command](https://ronutz.com/en/learn/reading-a-curl-command.md): A curl command is a shell command: the word curl, a set of options, and a URL. Reading it means seeing how the shell splits the line first (quotes, backslashes, line continuations) and then how curl reads short, long, and clustered flags.
- [Translating curl to fetch()](https://ronutz.com/en/learn/curl-to-fetch.md): The browser fetch API and curl describe the same request differently. Method, headers, and body map across cleanly, but a couple of differences (implicit form Content-Type, cookies, and TLS verification) need care.
