JSON URL Decode
Decode percent-encoded JSON from a URL or query string back into readable JSON.
Example
Input
%7B%22q%22%3A%22a%20b%20%26%20c%22%7D
How it works
The decoder reverses percent-encoding (like decodeURIComponent), turning sequences such as %20 and %22 back into spaces and quotes so you get usable JSON.
Good to know
JSON URL Decode takes percent-encoded text — the kind you find pasted into a browser address bar, a query-string parameter, an API log, or a webhook payload — and reverses the encoding so you get the original JSON back. Characters like %7B, %22, and %20 become {, ", and a space, exactly as decodeURIComponent would do. It's aimed at developers, QA testers, and anyone debugging an HTTP request who has a blob of escaped JSON and just wants to read it.
Reach for it whenever JSON has been stuffed into a URL: a ?data=... or ?filter=... parameter, a redirect URL, an OAuth state value, a tracking pixel, or a copy-pasted curl command where the body got encoded. Decoding by hand is error-prone because a single missed % sequence changes the meaning, and this tool does the whole pass instantly in your browser without sending the payload anywhere.
Read the output as plain decoded text, not as validated JSON. The decoder only undoes percent-encoding — it does not check that the result is well-formed or pretty-print it. So if the decoded string still looks like one long line, that's expected; the structure is correct even though it isn't indented.
- If you see a clear error, the input contains a malformed percent sequence (for example a stray
% or %G1) — fix or trim that part and decode again. - Watch for double-encoding: a value escaped twice will show leftover
%25 sequences after one pass, meaning you need to decode the result a second time. + signs are left as literal plus characters, so if your source used form-style encoding where + means a space, replace them before decoding.
Frequently asked questions
What if the input isn't fully encoded?
Plain characters pass through unchanged; only percent-sequences are decoded. Malformed sequences produce a clear error.
Can I then format the result?
Yes — paste the decoded output into the JSON Parser or Reader to pretty-print it.
Is my JSON uploaded anywhere?
No — everything runs in your browser with JavaScript. Your data never leaves your device, so it's safe for sensitive payloads and works offline once loaded.
Is this tool free?
Yes, completely free with no sign-up and no limits.
More JSON tools
People also ask
What is the difference between URL decoding and JSON decoding?
URL decoding reverses percent-encoding so escaped characters like %22 become readable text, while JSON decoding (parsing) interprets that text as a data structure of objects, arrays, and values. This tool only does the URL-decoding step; you would parse or pretty-print the result separately.
What does %7B mean in a URL?
%7B is the percent-encoded form of the opening curly brace { , which marks the start of a JSON object. Likewise %7D is the closing brace } , %22 is a double quote, and %20 is a space.
Why is my JSON percent-encoded in a URL?
JSON contains characters such as braces, quotes, spaces, and ampersands that are not safe to place directly in a URL, so they get percent-encoded to travel safely as a query parameter or path segment. Decoding reverses that so you can read the original JSON.
Does + decode to a space?
Standard percent-decoding (decodeURIComponent) treats + as a literal plus character, not a space. Only application/x-www-form-urlencoded form data uses + to mean a space, so if your source is form data you should convert + to spaces before decoding.
How do I decode a value that was encoded twice?
Double-encoded input still shows percent sequences such as %2522 or %257B after one decode pass. Run the decoder again on that output to fully recover the original JSON.
Is it safe to decode sensitive data like tokens or API payloads?
This tool runs entirely in your browser using JavaScript, so the data is never uploaded to a server and never leaves your device. That makes it safe for sensitive payloads and it continues to work offline once the page has loaded.
Why did decoding produce an error instead of JSON?
An error means the input has an invalid percent sequence, such as a lone % not followed by two valid hex digits. Remove or correct the malformed part and try again; plain characters that are not percent-encoded pass through unchanged.