Some password managers generate unique e-mail addresses for mailing lists and services, in the format user+service@example.com
Ghost API fails when looking up a user with an e-mail containing a “+” sign.
On GitHub user velocity23 found a solution, sharing it here, thank you!
The e-mail first has to be URL-encoded so user+service@example.com
becomes user%2Bservice%40example.com
and then the API call has to be single quoted
/admin/members/?filter=email%3A'user%2Bservice%40example.com'
… or the API call will fail. Claude explains why…
The need to single-quote an email address containing a “+” sign in an API call is related to how special characters are interpreted in URLs and query parameters. Let’s break this down:
-
URL encoding:
The email address is first URL-encoded. This transforms special characters into their percent-encoded equivalents:+
becomes%2B
@
becomes%40
-
Query parameter interpretation:
In many web frameworks and API implementations, the plus sign (+
) in a query string is interpreted as a space character. This is a legacy from early web forms where+
was used to represent spaces. -
Single quotes:
By enclosing the encoded email in single quotes, you’re telling the API to treat everything inside the quotes as a single value. This prevents the%2B
from being misinterpreted as a space or as separate parts of the query.
Without the single quotes, the API might interpret the %2B
as a space or as a separator between different parts of the filter, which would lead to incorrect filtering.
So, the single quotes ensure that the entire encoded email address is treated as a single, literal string value in the filter parameter, preserving the +
sign (as %2B
) in the email address.
This approach allows the API to correctly handle email addresses with special characters while maintaining compatibility with standard URL parsing and query string interpretation.