DevToolsHub

URL Encoder & Decoder

Percent-encode query values and paths for OAuth redirects, deep links, and API clients that require strict URL syntax.

Decode to inspect parameters that arrived double-encoded from mobile apps or proxies.

How to use

  1. Encode: Enter text or a URL and click Encode URL. Special characters are converted to percent-encoded form (e.g. space → %20).
  2. Decode: Paste a URL-encoded string and click Decode URL to get the original text.
  3. Use Share URL to create a link with your input (?text= for encode, ?encoded= for decode).
  4. Use Copy to copy the result to the clipboard.

1URLs are strict about which characters are “safe”

Reserved characters like ?, &, /, and # have structural meaning in URLs; encoding converts other bytes into percent-escaped sequences so data does not break parsing.

Query parameters must encode spaces, unicode, and symbols that would prematurely terminate a parameter value.

  • Double-encoding is a common bug: decode once at the boundary where you trust the string, then treat the result as data.
  • Different specs (application/x-www-form-urlencoded vs path segments) sometimes disagree on whether a space is + or %20—match what your server expects.

2Debugging integrations

When an OAuth redirect fails, inspecting the encoded state parameter separately from the raw JSON can show whether the problem is serialization or transport.

Deep links copied from mobile apps often arrive partially encoded; round-tripping through encode and decode can reveal stray characters.

3Internationalization

UTF-8 bytes in non-English paths and query values should be percent-encoded for maximum compatibility across older proxies and log pipelines.

Modern browsers display decoded text in the address bar even when the wire format remains encoded—tools like this make the wire format visible again.

4OAuth and redirect URLs

Authorization servers require exact redirect URI matches. Encoding mistakes in `state` or `redirect_uri` cause intermittent login failures that are hard to reproduce without inspecting encoded bytes.

Fragment identifiers (`#`) are not sent to the server; encode query parameters only in the portion before `#`.

5application/x-www-form-urlencoded

HTML forms often submit with `+` for spaces. APIs expecting `%20` may disagree—know your consumer’s rules when building query strings manually.

6Quick checklist for URL encoding

Encode each query value separately when building URLs programmatically. Decode once at trust boundaries to avoid double-encoding bugs.

  • Prefer %20 or + consistently with your server framework.
  • Encode non-ASCII paths when linking across older proxies.

Examples

Query parameter with spaces

Encode values before appending to URLs.

Key: q
Value: json formatter
Encoded: json%20formatter

Decode OAuth state

Inspect state parameters from redirect URLs during integration debugging.

Encoded: redirect%3D%2Fhome%26lang%3Den
Decoded: redirect=/home&lang=en

Frequently asked questions

Should I encode the entire URL?
Usually encode only query parameter values or path segments that contain special characters—not the scheme, host, or delimiters like ? and &.
What is the difference between encode and decode?
Encode converts reserved characters to percent-escaped bytes. Decode reverses that for inspection or debugging.
Why is space encoded as %20 or +?
In query strings, application/x-www-form-urlencoded often uses + for space. RFC 3986 uses %20. Match your server’s expectation.
Can I encode Unicode characters?
Yes. Non-ASCII characters encode as UTF-8 bytes in percent-escaped form.
Is my text sent to a server?
Encoding and decoding run in the browser.

Related tools & guides