Currently right now, user with an email such as test+test@email.com are not getting through are API because of the (+) sign. When making a database call with such a user ID, it brings results. However, when making an api call such as this.

api.hq.org/user?token=1234567&username=test+test@email.com

it does not bring any results. I am trying to find a way to allow such users to return results. I know its an URL encoding but I am wondering if anyone has encounter this at one point?

The + is a metacharacter in a URL and is converted to a space.

This isn't quite right.

RFC 3986 standardizes URI, and includes in appendix-A the Augmented Bachus-Naur Form description of the URI syntax. + (U+002B) is a member of sub-delims which means that it is a member of pchar and therefore a candidate to be included in a query.

It is historically more likely that the problem you are encountering is that some part of stack is assuming that your query is application/x-www-form-urlencoded, which is one of the options for submitting form data in HTML. The rules for this type include a serializing step which replaces space (U+0020) with plus (U+002B), and plus with its percent encoded form.

A deserializer would, naturally, replace the plus in the URL with a space when extracting the data from it.

But the basic sketch is correct - if your serializers and deserializers aren't correctly balanced, you are in for a bad day.

The + is a metacharacter in a URL and is converted to a space.

If you want an actual + you need to escape it, likely using rawurlencode().