URL Encode Query Parameters and Redirect URIs
Safely encode redirect_uri values, callback URLs, and nested parameters so your auth or API request stops breaking.
This guide keeps URL encoding practical: redirect flows, query params, scope values, and the difference between encoding a full URL and encoding one component.
Use this when
A callback URL, nested query string, or redirect_uri value keeps getting rejected or truncated.
What to inspect first
Check whether you encoded the whole URL or only the parameter component. That difference usually explains broken redirects.
Common pitfall
Spaces, plus signs, at symbols, and question marks often look harmless in logs but break requests when they are copied raw.
Encode a redirect_uri value
Nested callback URLs should be encoded as a parameter value, not pasted raw into the outer request.
redirect_uri=https%3A%2F%2Fapp.example.com%2Fcallback%3Fnext%3D%252Fsettings
Encode a scope string
OAuth scope values often contain spaces that must be percent-encoded for reliable transmission.
scope=read%3Ausers%20write%3Ausers
Handle search or email values
Characters like +, @, /, and ? are good signals that you are encoding the right component.
email=dev%2Balerts%40example.com
Keep the callback readable
The live tool lets you encode or decode one value at a time, which is useful when redirect logs are hard to read.
https://app.example.com/callback?next=/settings
Use encodeURI for a complete URL you want to preserve structurally. Use encodeURIComponent for one parameter value such as redirect_uri, state, or a search query.
- Most auth and API bugs come from needing encodeURIComponent and accidentally preserving reserved characters.
Signed requests, OAuth redirects, and nested URLs all depend on encoding the correct component at the correct layer. When in doubt, isolate the value and test it by itself first.
- Move into JSON formatting when the problem is really in the request body rather than the query string.