Practice: HTTPBin
About HTTPBin
HTTP request & response testing service. Echoes back what you send.
-
Base URL:
httpbin.org -
Documentation: httpbin.org/
Perfect for:
-
Testing curl flags
-
Debugging headers
-
Understanding HTTP methods
-
Learning request/response structure
Request Inspection
See What You Send
# GET - see headers, args, origin
curl -s https://httpbin.org/get | jq
# POST - see form data
curl -s -X POST -d "name=John&age=30" https://httpbin.org/post | jq
# POST JSON - see json field
curl -s -X POST \
-H "Content-Type: application/json" \
-d '{"name": "John", "age": 30}' \
https://httpbin.org/post | jqInspect Specific Parts
# Just see your headers
curl -s https://httpbin.org/get | jq '.headers'
# Just see query params
curl -s "https://httpbin.org/get?foo=bar&baz=qux" | jq '.args'
# Your IP
curl -s https://httpbin.org/get | jq -r '.origin'HTTP Methods
All Methods Supported
# GET
curl -s https://httpbin.org/get | jq
# POST
curl -s -X POST https://httpbin.org/post | jq
# PUT
curl -s -X PUT https://httpbin.org/put | jq
# PATCH
curl -s -X PATCH https://httpbin.org/patch | jq
# DELETE
curl -s -X DELETE https://httpbin.org/delete | jqExercise: Method Comparison
# Compare what each method returns
for method in GET POST PUT PATCH DELETE; do
echo "=== $method ==="
curl -s -X "$method" "https://httpbin.org/$(echo $method | tr '[:upper:]' '[:lower:]')" | jq -r '.url'
doneStatus Codes
Force Specific Status
# Get specific HTTP status
curl -s -o /dev/null -w '%{http_code}\n' https://httpbin.org/status/200
curl -s -o /dev/null -w '%{http_code}\n' https://httpbin.org/status/404
curl -s -o /dev/null -w '%{http_code}\n' https://httpbin.org/status/500
# Random status from list
curl -s -o /dev/null -w '%{http_code}\n' "https://httpbin.org/status/200,201,204"Exercise: Status Code Handling
# Test your error handling
test_status() {
local code="$1"
local http_code
http_code=$(curl -s -o /dev/null -w '%{http_code}' "https://httpbin.org/status/$code")
case "$http_code" in
2*) echo "$code: Success" ;;
4*) echo "$code: Client Error" ;;
5*) echo "$code: Server Error" ;;
esac
}
for code in 200 201 400 401 403 404 500 503; do
test_status "$code"
doneAuthentication Testing
Basic Auth
# Correct credentials
curl -s -u "user:passwd" https://httpbin.org/basic-auth/user/passwd | jq
# Wrong credentials (401)
curl -s -u "wrong:wrong" https://httpbin.org/basic-auth/user/passwdBearer Token
# Test bearer auth (always accepts)
curl -s -H "Authorization: Bearer my-token-here" https://httpbin.org/bearer | jqHidden Basic Auth
# Returns 404 instead of 401 (hide auth endpoint)
curl -s -u "user:passwd" https://httpbin.org/hidden-basic-auth/user/passwd | jqRequest Data
Headers
# Send custom headers, see them echoed
curl -s \
-H "X-Custom-Header: my-value" \
-H "X-Another: test" \
https://httpbin.org/headers | jq
# Just see specific header
curl -s -H "X-My-Header: hello" https://httpbin.org/headers | jq '.headers["X-My-Header"]'Response Headers
# Get custom response headers
curl -sI "https://httpbin.org/response-headers?X-Custom=value&X-Another=test"Cookies
# Set cookies
curl -s https://httpbin.org/cookies/set/sessionid/abc123 -c - | jq
# See cookies you send
curl -s -b "session=xyz; user=john" https://httpbin.org/cookies | jqResponse Formats
Different Content Types
# JSON (default for most)
curl -s https://httpbin.org/json | jq
# HTML
curl -s https://httpbin.org/html | head -20
# XML
curl -s https://httpbin.org/xml | head -10
# Robots.txt
curl -s https://httpbin.org/robots.txt
# UTF-8 encoded
curl -s https://httpbin.org/encoding/utf8Binary Data
# Generate random bytes
curl -s https://httpbin.org/bytes/100 | xxd | head
# Stream bytes
curl -s https://httpbin.org/stream-bytes/100
# Image (PNG)
curl -s https://httpbin.org/image/png -o test.pngTiming and Delays
Delayed Response
# 2 second delay
time curl -s https://httpbin.org/delay/2 | jq -r '.url'
# Test timeout handling
curl -s --max-time 1 https://httpbin.org/delay/5 || echo "Timeout!"Drip Data
# Slow stream: 5 bytes over 5 seconds
time curl -s "https://httpbin.org/drip?duration=5&numbytes=5&code=200"Redirects
Follow Redirects
# 302 redirect (need -L to follow)
curl -s https://httpbin.org/redirect/1
curl -sL https://httpbin.org/redirect/1 | jq
# Multiple redirects
curl -sL https://httpbin.org/redirect/3 | jq
# Absolute redirect
curl -sL https://httpbin.org/absolute-redirect/2 | jqRedirect to URL
# Redirect to specific URL
curl -sL "https://httpbin.org/redirect-to?url=https://httpbin.org/get" | jqDebugging
Anything Endpoint
# Echoes everything - great for debugging
curl -s -X POST \
-H "Content-Type: application/json" \
-H "X-Debug: true" \
-d '{"test": "data"}' \
"https://httpbin.org/anything/my/path?foo=bar" | jqUser Agent
# See your User-Agent
curl -s https://httpbin.org/user-agent | jq
# Custom User-Agent
curl -s -A "MyApp/1.0" https://httpbin.org/user-agent | jqIP Address
# Your public IP
curl -s https://httpbin.org/ip | jq -r '.origin'Shell Function
httpbin() {
local endpoint="${1:-get}"
shift
curl -sS "https://httpbin.org/${endpoint}" "$@" | jq
}
# Usage:
# httpbin get
# httpbin post -d "data=test"
# httpbin status/418
# httpbin headers -H "X-Test: value"Exercises Checklist
-
Send a POST with JSON body, verify it’s echoed in response
-
Test basic auth with correct and incorrect credentials
-
Force a 503 status and handle it in a script
-
Measure response time for delayed endpoint
-
Follow a 3-redirect chain and show final URL
-
Send 5 custom headers and extract them from response
-
Compare what GET vs POST returns for same data