JSON URL Decode Online — Decode URL-Encoded JSON

Decode percent-encoded JSON from query strings, redirect URIs, and logs. Auto re-formats valid JSON with 2-space indent — instantly, 100% in your browser.

Input (encoded JSON)

Output (formatted JSON)

What is JSON URL decoding?

JSON URL decoding reverses the two-step encoding process: it percent-decodes the input back to a JSON string, then parses and re-formats that string as readable JSON. It is the right tool for inspecting OAuth state objects, deep-link payloads, analytics event blobs, or any JSON that was packed into a URL parameter.

Validation runs at both layers — a malformed percent sequence raises a URIError, and decoded text that is not real JSON raises a SyntaxError. Both are surfaced clearly so you can tell the encoding from the content.

How to decode JSON from a URL — 4 steps

Copy the parameter value. Find the JSON-bearing query parameter in your URL and copy just the part after the equals sign — not the whole URL.
Paste into the input. Drop the percent-encoded string into the Input panel.
Click Decode. The tool decodes the percent-encoding, parses as JSON, and pretty-prints the result with 2-space indentation.
Inspect or chain. Read the structure, copy the formatted JSON, or paste it into the JSON Formatter for further processing.

Side-by-side example

Encoded value

%7B%22id%22%3A42%2C%22tags%22%3A%5B%22a%22%5D%7D

Decoded & formatted

{
  "id": 42,
  "tags": [
    "a"
  ]
}

Two-Layer Decode

Reverses percent-encoding with decodeURIComponent, then parses the result as JSON. Errors at either layer surface separately.

Auto Pretty-Print

Decoded JSON is re-formatted with 2-space indentation. The compact form that travelled in the URL becomes readable for inspection.

Client-Side Only

All decoding and parsing run in JavaScript inside your browser. Sensitive query parameters never leave the page.

Common use cases

check_circleInspecting OAuth state objects from authorization callback URLs
check_circleReading filter and sort parameters from dashboard share-links
check_circleDecoding analytics event payloads captured in pixel-tracking URLs
check_circleExtracting webhook callback parameters from third-party services
check_circleRecovering form submission data from URL-encoded GET requests
check_circleReading deep-link configuration JSON from mobile app intents
check_circleInspecting GraphQL operation variables passed through GET URLs
check_circleDebugging URL-based session tokens and signed JSON parameters

Decoded but not JSON — what then?

If you see a SyntaxError, the percent-encoding decoded fine but the underlying value is not JSON. Most often this means: (a) you pasted the whole URL instead of a single parameter value, (b) the parameter contains a different format like base64 or a query string fragment, or (c) the original was form-encoded with + for spaces. Try the URL Decode tool first to see the raw text, then identify the actual format.

Need to encode instead?

Build a URL-safe JSON parameter, or chain with our other JSON tools — all browser-side.

JSON URL Encode JSON Formatter All JSON Tools

Frequently Asked Questions

What does this tool do exactly?

It decodes a percent-encoded string with decodeURIComponent, runs the result through JSON.parse to confirm it is real JSON, then pretty-prints it with 2-space indentation. Two failure modes are reported separately: a URIError means the percent-encoding is malformed, and a SyntaxError means the decoded text is not valid JSON.

I only have a query string — what should I paste?

Paste the value of one parameter, not the whole URL. If your URL is /api?state=%7B%22id%22%3A42%7D, copy %7B%22id%22%3A42%7D — the part after state=. Pasting the full URL leaves & and = untouched, which then breaks JSON parsing.

Why does the decoder say invalid JSON when I pasted a URL?

Because the percent-decoded URL still contains URL syntax — slashes, equals signs, and ampersands — that JSON.parse rejects. The tool decodes percent-encoding correctly, but the underlying value is not JSON. Extract just the JSON parameter value and try again.

Does this handle double-encoded values?

Run it twice. The first decode produces a string that still contains %XX sequences (because %25 became %, restoring the inner encoding). Paste that result back and decode again. If you only see %XX in the first output, that is the signal a second pass is needed.

How are Unicode characters reconstructed?

Multi-byte percent sequences (like %E4%BD%A0 for 你 or %F0%9F%9A%80 for the rocket emoji) are interpreted as UTF-8. The decoded string contains the original Unicode characters, then JSON.parse handles any \uXXXX escapes that were inside the JSON itself.

Does + decode as a space here?

No. decodeURIComponent treats + as a literal plus sign. If your value came from a form-encoded body (application/x-www-form-urlencoded), replace + with space first, then paste it here. URLs built with encodeURIComponent never produce + so this only matters for form bodies.

Why pretty-print after decoding?

Encoded JSON is always compact (single line, no whitespace) because JSON.stringify produces a canonical form before encoding. Pretty-printing makes the decoded value readable so you can see structure at a glance — useful for debugging analytics events, OAuth state, or webhook payloads.

Is the decoded JSON sent to a server?

No. Decoding and parsing run entirely in your browser. Open DevTools → Network and click Decode — no requests leave the page. Safe for OAuth states, signed parameters, or any sensitive structured data captured in URLs.