curl and Invoke-RestMethod for APIs

Some obvious stuff here. I need to call various APIs to do various things. Previously I used to use curl but now I want to use Invoke-RestMethod (of PowerShell) too just to spice things up. This blog post is going to be a “running” blog post that I keep updating as I pick up new things on this topic.


One of the sites I am accessing is NS1 for DNS. Their API documentation is here and is quite straightforward. They don’t need me to login with a username/password, but an API key that I send via the headers.

Here’s an example of the curl command I could use with them to list all their zones:

The $API_KEY is a token I generate from their website. The URL keeps changing depending on what I want to do, and sometimes I’d have to POST rather than GET when I want to send data.

For example, to create a new zone:

Usually what I’d do is something like this:

I have to do an eval curl because without it the API call wasn’t working and then I read on some StackOverflow post that running it under eval ensures all the parameters are passed correctly. I think since the body and header variables have spaces or curly braces that is messing things up unless I do an eval.

A better approach that I discovered later is the following:

No need to eval here and since I am using a heredoc I can keep the body more readable.

Another option is to put the body in a JSON file and invoke it via the --data @filename.json switch in curl (replace filename.json with the real filename).

Doing the same via Invoke-RestMethod is similar:

Bit more organized with PowerShell as I can use hash tables and convert them to JSON for the body.

OAuth2 in General

I will tackle OAuth2 in another post but the above method is quite common for most OAuth2 implementations. You get an access/ bearer token and authenticate using it. These are the variations (of the header) I have come across:

Other authentication

Just for my info here’s the switches to do other forms of authentication using curl.

There’s also an --anyauth --user that lets curl try without authentication first.

I will fill in the equivalent or Invoke-RestMethod later.

Mark Monitor

Another one I had to login to was Mark Monitor. They have a very limited API and I ended up not using it, but in their case the authentication was not via headers. I had to send the username and password via the body.

This is similar to the NS1 case above except that I don’t authorize via the headers. Similar technique via Invoke-RestMethod too: