When do I need to URL encode?

URL encode when passing special characters in query strings, form data, API parameters, or any URL component that contains spaces or symbols.

Can I decode URL-encoded strings?

Yes. Paste a percent-encoded string and click Decode to convert it back to readable text.

Does it handle UTF-8 characters?

Yes. The encoder correctly handles all UTF-8 characters including international text and emoji.

URL Encoder & Decoder Free Online

Free online URL encoder and decoder. Encode special characters for use in URLs or decode percent-encoded strings instantly.

Full URL mode

Input:

Result

Output will appear here...

URLs can only safely contain a restricted set of ASCII characters - letters, digits, and a small number of reserved characters. When a URL needs to include spaces, special characters, non-ASCII letters, emoji, or any other character outside that safe set, those characters must be percent-encoded (also called URL encoding or URI encoding) before they can be used in a URL. This free URL encoder and decoder converts any text to its percent-encoded form or decodes a percent-encoded URL back to readable text, instantly in your browser.

How to Use the URL Encoder & Decoder

Paste your text or URL

Type or paste the text or URL you want to process into the input field. For encoding, paste the raw text that contains spaces or special characters. For decoding, paste the percent-encoded string (which will contain % signs followed by hexadecimal pairs like %20 for a space or %3A for a colon).

Click Encode or Decode

Click Encode to convert all special and non-ASCII characters to their percent-encoded equivalents. Click Decode to convert percent-encoded sequences back to their original characters. The result appears instantly in the output panel.

Copy and use the result

Click Copy to copy the encoded or decoded URL to your clipboard. Use the encoded URL in API requests, query parameters, href attributes, redirect URIs, or any other context where URLs are used. Use the decoded URL for human-readable display or debugging.

What Is URL Encoding and Why Is It Needed?

The URL specification (RFC 3986) defines a set of "unreserved characters" that can appear in a URL without any encoding: A-Z, a-z, 0-9, hyphen (-), underscore (_), period (.), and tilde (~). All other characters - including spaces, ampersands, equals signs, question marks, slashes (in certain contexts), and non-ASCII characters - must be encoded.

URL encoding works by replacing each character that needs encoding with a % sign followed by two hexadecimal digits representing the character's ASCII (or UTF-8) byte value. A space becomes %20, an ampersand becomes %26, an equals sign becomes %3D, a colon becomes %3A, a forward slash becomes %2F, and a question mark becomes %3F. For non-ASCII characters like é, the character is first encoded as UTF-8 bytes and then each byte is percent-encoded - é becomes %C3%A9.

Common Use Cases for URL Encoding

Search query parameters - when you type a search query into a form, the browser URL-encodes the query before submitting it. "Hello World" becomes "Hello%20World" or "Hello+World" in the URL. Any spaces, symbols, or international characters in search queries are encoded automatically by the browser.

API request parameters - when building API requests programmatically, query parameters must be URL-encoded. If you pass an email address like user@example.com as a query parameter, the @ sign must be encoded as %40: /api/users?email=user%40example.com. If unencoded, the @ might be misinterpreted by the server.

Redirect URIs in OAuth - when implementing OAuth authentication (signing in with Google, GitHub, etc.), the redirect_uri parameter in the OAuth request must be URL-encoded. If the redirect URI contains query parameters itself, those add extra encoding complexity that this tool handles automatically.

File names in URLs - if a file or page name contains spaces or special characters, the URL must encode them. A file named "My Report 2024.pdf" becomes "My%20Report%202024.pdf" in a URL.

Debugging API responses - when you receive a URL or query string that contains percent-encoded sequences, decoding it helps you read the actual content. This tool decodes any percent-encoded URL back to human-readable form for inspection.

encodeURI vs encodeURIComponent

In JavaScript (and conceptually in URL encoding generally), there are two levels of URL encoding:

encodeURI encodes a complete URL while preserving the structural characters that have special meaning in URLs - the colon (:), slash (/), question mark (?), ampersand (&), equals sign (=), and hash (#) are NOT encoded because they are part of the URL structure. Use encodeURI when you have a complete URL that you want to encode for safe use.

encodeURIComponent encodes everything including the structural characters - colons, slashes, ampersands, equals signs, and question marks ARE all encoded. Use encodeURIComponent when encoding a value that will be used as a query parameter value, since the value must not contain unescaped structural characters that would break the URL parsing.

For example: the URL https://example.com/search?q=hello world should be encoded as https://example.com/search?q=hello%20world using encodeURI (preserving the ?, =, and :), while the query value "hello world" would be encoded as "hello%20world" using encodeURIComponent.

Building Safe API Request URLs Programmatically

When constructing API request URLs in code, proper encoding of query parameters is essential to prevent bugs and security vulnerabilities. Here are best practices for different programming contexts:

JavaScript/Node.js - URLSearchParams (recommended):

const params = new URLSearchParams({
  email: 'user@example.com',
  query: 'search term with spaces',
  redirect: 'https://site.com/path?existing=param'
});
const url = `https://api.example.com/search?${params}`;
// https://api.example.com/search?email=user%40example.com&query=search+term...

Python - urllib.parse.urlencode:

from urllib.parse import urlencode, quote_plus

params = {
    'email': 'user@example.com',
    'query': 'search term with spaces'
}
query_string = urlencode(params, quote_via=quote_plus)
url = f'https://api.example.com/search?{query_string}'

PHP - http_build_query:

$params = [
    'email' => 'user@example.com',
    'query' => 'search term with spaces'
];
$queryString = http_build_query($params);
$url = 'https://api.example.com/search?' . $queryString;

Common mistake - manual string concatenation: Never build query strings by manually concatenating parameters with & and = without encoding. This creates bugs when parameter values contain special characters and opens security vulnerabilities (URL injection).

OAuth and Redirect URI Encoding

OAuth authentication flows require redirect URIs to be encoded when passed as query parameters. This creates a double-encoding scenario that trips up many developers:

The scenario: Your application's redirect URI is https://yourapp.com/callback?session=abc123. When initiating OAuth with Google or GitHub, you must pass this redirect URI as a parameter in the OAuth request URL.

Correct encoding:

const redirectUri = 'https://yourapp.com/callback?session=abc123';
const encodedRedirect = encodeURIComponent(redirectUri);
const oauthUrl = `https://oauth.provider.com/authorize?client_id=xxx&redirect_uri=${encodedRedirect}`;
// Result: redirect_uri=https%3A%2F%2Fyourapp.com%2Fcallback%3Fsession%3Dabc123

The redirect URI itself contains a query parameter (?session=abc123), so when it becomes a parameter value in the OAuth URL, all its special characters (including the ? and =) must be percent-encoded. This is a common source of OAuth errors - if the redirect URI is not correctly encoded, the OAuth provider will reject it or misinterpret it.

URL Encoding in Different Contexts - HTML, JavaScript, and HTTP

URL encoding requirements differ slightly depending on context:

In HTML anchor href attributes: Browsers automatically encode most special characters when users click links, but & ampersands in query strings must be written as & in the HTML source to avoid HTML parsing issues. Example: <a href="/search?q=hello&lang=en">Search</a> (the HTML shows & but the browser sends & in the actual request).

In JavaScript strings for fetch/XHR: Use encodeURIComponent for parameter values and construct the full URL programmatically. Never paste user input directly into URL strings - always encode it first.

In HTTP headers (Location, Referer): URLs in HTTP headers must be percent-encoded. The Location header for redirects especially must have a properly encoded URL.

In form data (application/x-www-form-urlencoded): Form submissions encode data using URL encoding rules, but spaces become + instead of %20 (a convention from the HTML form specification). Modern APIs should accept both, but be aware that + and %20 are both valid space representations in query strings.

Debugging URL Encoding Issues

When URLs are not working as expected, encoding problems are a frequent cause. Here is how to debug them:

Symptom: 404 Not Found errors despite the path appearing correct. Check if spaces or special characters in the URL are not encoded. A space in a URL path without %20 encoding will break the URL.

Symptom: Query parameters are not received by the API. Check if & ampersands separating parameters are correctly placed and not double-encoded. Also verify that = signs are not encoded when they are parameter separators (they should only be encoded inside parameter values).

Symptom: OAuth redirect_uri mismatch errors. The redirect URI sent in the OAuth request must exactly match the one registered with the OAuth provider. Even a difference in encoding (https://site.com/callback vs https://site.com/callback/) will cause a mismatch.

Symptom: International characters display as garbage. Ensure the URL is UTF-8 encoded before percent-encoding. For example, the Japanese character 日 should become %E6%97%A5 (its UTF-8 byte sequence), not a different encoding.

Tool for debugging: Use this decoder to decode percent-encoded URLs back to readable form. Compare the decoded result to what you expected - discrepancies reveal encoding errors.

Frequently Asked Questions

What is URL encoding (percent encoding)?

URL encoding (officially called percent encoding) replaces unsafe or reserved characters in a URL with a percent sign followed by two hexadecimal digits representing the character's byte value. For example, a space becomes %20, an at sign becomes %40, and an ampersand becomes %26. This is necessary because URLs can only safely contain a limited set of ASCII characters - all others must be encoded before being used in a URL.

When should I URL encode a string?

URL encode whenever you are: (1) passing user-entered text as a query parameter value in a URL, (2) building API request URLs programmatically, (3) creating redirect URIs for OAuth flows, (4) including email addresses, file names with spaces, or any text with special characters in a URL, or (5) constructing form action URLs. Browsers automatically encode user input in form submissions, but when building URLs programmatically in code or tools, you must encode manually.

What does %20 mean in a URL?

%20 is the URL-encoded representation of a space character. The hexadecimal value 20 is the ASCII code for a space. You will also sometimes see spaces encoded as + in query strings (a convention from HTML form encoding where + is interpreted as a space). Both %20 and + represent spaces in URLs, though %20 is more universally correct and + is specifically a form encoding convention.

Does the encoder handle international and non-ASCII characters?

Yes. International characters, accented letters, Chinese, Japanese, Arabic, Korean, and any other non-ASCII text are correctly handled. Non-ASCII characters are first converted to UTF-8 bytes and then each byte is percent-encoded. For example, the French é character becomes %C3%A9 (because é is represented as the two UTF-8 bytes 0xC3 and 0xA9). Emoji are also correctly encoded as their multi-byte UTF-8 sequences.

What is the difference between URL encoding and HTML encoding?

URL encoding uses % followed by hex digits (%20 for space, %26 for &) and is used for URLs. HTML encoding uses named entities or numeric entities (& for &, < for <) and is used for HTML document content to prevent special characters from being interpreted as HTML. They serve different purposes and are used in different contexts - URL encoding for URL components, HTML encoding for text inside HTML elements and attributes.

Is my data sent to a server?

No. All URL encoding and decoding happens entirely in your browser. Your input text is never transmitted to any server. The tool uses JavaScript's built-in encodeURIComponent() and decodeURIComponent() functions which run locally. This makes it completely safe to use for encoding sensitive information like passwords, API tokens, or private data that appears in URLs during development and debugging.

Why do spaces become %20 instead of +?

In URL paths and query parameters, spaces should be encoded as %20 (the percent-encoded form of the space character). However, in application/x-www-form-urlencoded data (HTML form submissions), spaces are encoded as + by convention. Modern APIs and URL processing libraries accept both %20 and + as spaces in query strings for compatibility. This tool uses %20 as it is the more universally correct encoding for general URL use.

Can I encode international characters and emoji in URLs?

Yes. This tool encodes all Unicode characters including Chinese, Arabic, Hebrew, emoji, and any other UTF-8 characters. The characters are first converted to UTF-8 bytes, then each byte is percent-encoded. For example, the emoji 🌍 (UTF-8: F0 9F 8C 8D) becomes %F0%9F%8C%8D. Most modern browsers and APIs handle UTF-8 encoded URLs correctly, but very old systems may have issues with non-ASCII characters.

How do I debug "Invalid URL" or "Bad Request" errors?

First, use the decode function in this tool to decode the problematic URL and inspect the decoded output - does it match what you intended? Common issues: forgetting to encode special characters before building the URL (always encode parameter values before adding them to the URL string), double-encoding (encoding an already encoded string), missing or extra & separators between parameters, or using the wrong encoding function (encodeURI when you needed encodeURIComponent).

Related Tools

🔐

Base64 Encoder

Encode text and data to Base64 format for safe transmission in URLs and APIs

🔑

Hash Generator

Generate MD5, SHA-1, SHA-256, and SHA-512 hashes for data integrity verification

{ }

JSON Formatter

Format, validate, and beautify JSON data for debugging APIs and configuration files

🎫

JWT Decoder

Decode and inspect JSON Web Tokens used in authentication and authorization