I have read the man pages of Curl, but I can't understand what those parameters (k, i and X) mean. I see it used in a REST API call, but can someone please explain what those three parameters do? It's not clear in the documentation.
Thank you in advance.
-k, --insecure: If you are doing curl to a website which is using a self-signed SSL certificate then curl will give you an error as curl couldn't verify the certificate. In that case, you could use -k or --insecure flag to skip certificate validation.
Example:
[root@arif]$ curl --head https://xxx.xxx.xxx.xxx/login
curl: (60) Peer's Certificate issuer is not recognized. More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. [root@arif]$ curl -k --head https://xxx.xxx.xxx.xxx/login
HTTP/1.1 302 Moved Temporarily Date: Thu, 07 Dec 2017 04:53:44 GMT Transfer-Encoding: chunked Location: https://xxx.xxx.xxx.xxx/login X-FRAME-OPTIONS: SAMEORIGIN Set-Cookie: JSESSIONID=xxxxxxxxxxx; path=/; HttpOnly -i, --include: This flag will include http header. Usually http header are consist of server name, date, content type etc.
Example:
[root@arif]$ curl https://google.com
<HTML><HEAD><meta http-equiv="content-type" content="text/html charset=utf-8"> <TITLE>301 Moved</TITLE></HEAD><BODY> <H1>301 Moved</H1> The document has moved <A HREF="https://www.google.com/">here</A>. </BODY></HTML>
[root@arif]$ curl -i https://google.com
HTTP/1.1 301 Moved Permanently Location: https://www.google.com/ Content-Type: text/html; charset=UTF-8 Date: Thu, 07 Dec 2017 05:13:44 GMT Expires: Sat, 06 Jan 2018 05:13:44 GMT Cache-Control: public, max-age=2592000 Server: gws Content-Length: 220 X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35" <HTML><HEAD><meta http-equiv="content-..... -X, --request: This flag will used to send custom request to the server. Most of the time we do GET, HEAD, and POST. But if you need specific request like PUT, FTP, DELETE then you can use this flag. Following example will send a delete request to the google.com
Example:
[root@arif]$ curl -X DELETE google.com
.......................... <p><b>405.</b> <ins>That’s an error.</ins> <p>The request method <code>DELETE</code> is inappropriate for the URL <code>/</code>. <ins>That’s all we know.</ins>` 
curl -X DELETE google.com. Didn't work at all. google.com still exists. It is clearly documented here.
Edit
From the man page
-k, --insecure
(TLS) By default, every SSL connection curl makes is verified to be secure. This option allows curl to proceed and operate even for server connections otherwise considered insecure.
The server connection is verified by making sure the server's certificate contains the right name and verifies successfully using the cert store.
This means that with -k, curl will accept connections to HTTPS even if there are certificate errors (outdated certificate, self-issued certificate, etc.)
-i, --include
Include the HTTP response headers in the output. The HTTP response headers can include things like server name, cookies, date of the document, HTTP version and more...
To view the request headers, consider the -v, --verbose option.
See also -v, --verbose
There are not much I can say about this in layman language. If you are not familiar with HTTP response headers, this is where you can find more information.
-X, --request
(HTTP) Specifies a custom request method to use when communicating with the HTTP server. The specified request method will be used instead of the method otherwise used (which defaults to GET). Read the HTTP 1.1 specification for details and explanations. Common additional HTTP requests include PUT and DELETE, but related technologies like WebDAV offers PROPFIND, COPY, MOVE and more.
Normally you don't need this option. All sorts of GET, HEAD, POST and PUT requests are rather invoked by using dedicated command line options.
This option only changes the actual word used in the HTTP request, it does not alter the way curl behaves. So for example if you want to make a proper HEAD request, using -X HEAD will not suffice. You need to use the -I, --head option.
The method string you set with -X, --request will be used for all requests, which if you for example use -L, --location may cause unintended side-effects when curl doesn't change request method according to the HTTP 30x response codes - and similar.
(FTP) Specifies a custom FTP command to use instead of LIST when doing file lists with FTP.
(POP3) Specifies a custom POP3 command to use instead of LIST or RETR. (Added in 7.26.0)
(IMAP) Specifies a custom IMAP command to use instead of LIST. (Added in 7.30.0)
(SMTP) Specifies a custom SMTP command to use instead of HELP or VRFY. (Added in 7.34.0)
If this option is used several times, the last one will be used.
When you use curl to access a web page it is actually sending the GET request to the server. There are other kinds of request that can be used and -X is the way to specify this. As noted above, this command is usually not needed. For example, if you need a POST request you can use -d rather than using -X. Without further information it's hard to say why you need -X in your API call.
