URL encoding of special characters
The SOAP API is now classed as a legacy system. While we won’t be adding new features or functionality, we will maintain its availability and provide ongoing support. We recommend using our REST API for new calls and when updating existing SOAP calls. For more information, please visit our REST API documentation.
Some characters are utilized by URLs for special use in defining their syntax. When these characters are not used in their special role inside a URL, they must be encoded.
| Character | Code Points (Hexadecimal) | Code Points (Decimal) |
|---|---|---|
| Dollar ("$") | 24 | 36 |
| Ampersand ("&") | 26 | 38 |
| Plus ("+") | 2B | 43 |
| Comma (",") | 2C | 44 |
| Forward slash/Virgule ("/") | 2F | 47 |
| Colon (":") | 3A | 58 |
| Semi-colon (";") | 3B | 59 |
| Equals ("=") | 3D | 61 |
| Question mark ("?") | 3F | 63 |
| 'At' symbol ("@") | 40 | 64 |
Some characters present the possibility of being misunderstood within URLs for various reasons. These characters should also always be encoded.
| Character | Code Points (Hexadecimal) | Code Points (Decimal) | Details |
|---|---|---|---|
| Space | 20 | 32 | Significant sequences of spaces may be lost in some uses (especially multiple spaces) |
| Quotation Marks | 22 | 34 | These characters are often used to delimit URLs in plain text. |
| 'Less Than' symbol ("<") | 3C | 60 | |
| 'Greater Than' symbol (">") | 3E | 62 | |
| 'Pound' Character ("#") | 23 | 35 | This is used in URLs to indicate where a fragment identifier (bookmarks/anchors in HTML) begins. |
| Percent Character ("%") | 25 | 37 | This is used in URLs to encode/escape other characters. It should also be encoded. |
| Miscellaneous Characters | Some systems can possibly modify these characters. | ||
| Left Curly Brace ("{") | 7B | 123 | |
| Right Curly Brace ("}") | 7D | 125 | |
| Vertical Bar/Pipe ("|") | 7C | 124 | |
| Backslash ("\") | 5C | 92 | |
| Caret ("^") | 5E | 94 | |
| Tilde ("~") | 7E | 126 | |
| Left Square Bracket ("[") | 5B | 91 | |
| Right Square Bracket ("]") | 5D | 93 | |
| Grave Accent ("`") | 60 | 96 |
As N-able encourages users to utilize 'special characters' in passwords, the foreseeable problem arises when these values are passed as part of a URL string. There is currently no way to detect this situation after the fact. As a result, the username and password must be encoded before the request is sent to N-able N-central.
Before Encoding:
https://serverName/deepLinkAction.do?userName=[[email protected]](mailto:[email protected])&password=Hello%There&method=defaultDashboard
After Encoding:
https://serverName/deepLinkAction.do?userName=peter%40nable%2Ecom&password=Hello%25There&method=defaultDashboard
There are several ways to accomplish the correct URL-encoding. The easiest method is to submit the information as part of a form:
<form action="https://serverName/deepLinkAction.do" method=get>
<INPUT TYPE="text" NAME="username" VALUE="[email protected]">
<INPUT TYPE="text" NAME="password" VALUE="Hello%There">
<INPUT TYPE="text" NAME="method" VALUE="defaultDashboard">
<INPUT TYPE="submit">
</form>
Another method is to encode these values before you construct the URL string. Javascript, for example, uses 'escape' to do this.
`URL = "https://serverName/deepLinkAction.do?userName=" + escape('[[email protected]](mailto:[email protected])') + "&password=" + escape("Hello%There") + "&method=defaultDashboard";
Updated about 2 months ago