About URL Encoding
URL encoding — also called percent-encoding — converts characters that are not allowed or that carry special meaning in a URL into a safe format. Every unsafe character is replaced by a % sign followed by two hexadecimal digits that represent the character's ASCII value. For example, a space becomes %20 and an ampersand becomes %26.
The rules are defined in RFC 3986. Characters that must always be encoded include spaces, quotation marks, angle brackets, curly braces, pipes, backslashes, and control characters. Characters that are safe to leave unencoded include letters A–Z, digits 0–9, and the symbols - _ . ~.
When do you need URL encoding?
- Query parameters — values after
?key=that may contain&,=, or spaces - Form submissions —
application/x-www-form-urlencodedform data uses percent-encoding - REST API paths — dynamic path segments such as
/users/john%40example.com - OAuth & JWT tokens — signatures often contain
+and/which must be encoded in URLs - Sharing links — URLs embedded in emails or documents that pass through multiple systems
Common character encoding reference
| Character | Encoded | Notes |
|---|---|---|
| Space | %20 | Also written as + in form data |
| ! | %21 | Sub-delimiter |
| " | %22 | Always encode in URLs |
| # | %23 | Fragment separator — encode in query values |
| % | %25 | Must encode the % sign itself |
| & | %26 | Query-string delimiter — encode in values |
| + | %2B | Unencoded + means space in form data |
| / | %2F | Path delimiter — encode in path segments |
| : | %3A | Scheme separator |
| = | %3D | Key=value delimiter — encode in values |
| ? | %3F | Query-string start — encode in query values |
| @ | %40 | Common in email addresses in URLs |
| [ ] | %5B %5D | Used in array query params |
Working with JSON in URLs? Use JSON Formatter first to tidy the data, JSON Validator to ensure it is valid, then paste the minified JSON here to encode it safely for a query parameter.
Frequently Asked Questions
What is URL encoding used for?
URL encoding (percent-encoding) replaces characters that are unsafe or reserved in a URL — such as spaces, ampersands, slashes, and quotes — with a % followed by two hex digits. Browsers, servers, and APIs all rely on this encoding to correctly parse parameters, path segments, and fragments without misinterpreting delimiters.
Should I encode spaces as + or %20?
It depends on context. In the query string of an HTML form (application/x-www-form-urlencoded), spaces are traditionally encoded as +. In all other URL contexts — path segments, fragment identifiers, and modern APIs — use %20. This tool uses %20 (standard percent-encoding via JavaScript's encodeURIComponent), which is safe everywhere.
Can I decode already encoded URLs?
Yes. Paste an encoded string (e.g. hello%20world%21) and click Decode URL to restore the original text. The tool uses decodeURIComponent internally, which handles all standard percent-encoded sequences.
What is the difference between encodeURI and encodeURIComponent?
encodeURI encodes a complete URL — it preserves structural characters like : / ? # & because they have meaning in the URL structure. encodeURIComponent encodes a URL component (a single query value or path segment) — it encodes those structural characters too, since they must not be misread as URL delimiters inside a value. Use encodeURIComponent for individual query parameter values; use encodeURI only for full URLs you want to make safe without breaking their structure.
Why does my API reject characters even after encoding?
Some APIs double-encode or have strict allow-lists. Check that you are not encoding an already-encoded string (which would turn %20 into %2520). Also verify that the API expects %20 for spaces rather than +, and that special characters in the base URL itself (like : and /) are not being encoded — those should only be encoded inside parameter values, not in the URL structure itself.
Is URL encoding the same as Base64?
No. URL encoding converts individual unsafe characters to %XX sequences so the URL stays readable and close to its original form. Base64 encoding converts arbitrary binary data into a fixed set of 64 printable ASCII characters — the output looks nothing like the input. URL encoding is used to pass values in URLs; Base64 is used to embed binary data (images, files) in text formats like JSON or HTML.