{"@context":"https://obfus.link/schema/tool/v1","tool":{"name":"URL Parser","slug":"url-parser","mcpToolName":"url_parser","tier":"tier_2","tierLabel":"Tier 2 — Differentiated","category":"analyzers","canonicalUrl":"https://obfus.link/tool/url-parser","endpoint":"https://obfus.link/mcp","priceMicros":15000,"tagline":"Parse any URL into components with deep query decoding and security analysis","atomicAnswer":"URL Parser splits any URL into protocol, host, port, path segments, query parameters, and hash fragment. Deep query mode decodes nested JWT tokens, base64 state values, URL-encoded redirects, and JSON strings recursively. Security flags catch credentials in query strings, open redirect risks, plain HTTP, and excessively long parameter values automatically.","description":"Deconstructs URLs into protocol, host, port, path, and query components. Deep query parse mode identifies JWT tokens, base64-encoded state params, nested URLs, and JSON values in query strings. Security flags detect credentials in query strings and open redirect vulnerabilities.","inputSchema":{"type":"object","required":["url","decode","deepQueryParse"],"properties":{"url":{"type":"string","description":"The URL to parse and analyze"},"decode":{"type":"boolean","default":true,"description":"Percent-decode path and query values"},"deepQueryParse":{"type":"boolean","default":false,"description":"Identify nested JWT, base64, URL, and JSON values in query params"}}},"outputSchema":{"type":"object","required":["valid","protocol","host","path","pathSegments","query","hash","securityFlags"],"properties":{"hash":{"type":"string"},"host":{"type":"string"},"path":{"type":"string"},"port":{"type":["string","null"]},"query":{"type":"object"},"valid":{"type":"boolean"},"protocol":{"type":"string"},"deepQuery":{"type":"object"},"pathSegments":{"type":"array","items":{"type":"string"}},"securityFlags":{"type":"array"}}},"agenticReasoning":"USE THIS WHEN: (1) You need to extract structured URL components from a URL string and process them as typed data — protocol, host, port, path segments, query Record — without writing manual parsing code. (2) You are processing OAuth redirect URLs and need to identify JWT tokens in email verification links, base64 state params in authorization callbacks, or nested redirect_uri values. (3) You need a quick security audit of a URL before logging it or passing it to another system — credential detection and open redirect analysis are automatic. DO NOT USE WHEN: you only need basic URL parsing that the native URL() API provides (protocol, hostname, pathname, searchParams). The overhead of this tool is only justified when deep query analysis or security scanning adds value. OVER ALTERNATIVES: prefer this over native URL() — native API does not identify JWT or base64 types in query values, does not detect credentials, and does not flag open redirect risks. Prefer over manual URLSearchParams parsing — this tool returns typed DeepQueryEntry objects with parsed sub-structures ready for immediate use.","mcpDescription":"Parses and analyzes any URL into typed components. Returns protocol, host, port, path, pathSegments, query params as a Record, hash, and security flags. deepQueryParse: true recursively identifies nested query values: JWT tokens (parsed into header + payload), base64-encoded state objects (decoded and typed), nested URL-encoded URLs (decoded), and JSON strings. Security flags catch: credentials in query params (password, token, api_key), open redirect risks (redirect_uri pointing to external domains), excessively long params, and HTTP (non-HTTPS) URLs.","howTo":[{"step":"Paste URL","description":"Enter any URL in the input field — absolute URLs with protocol (https://) are required."},{"step":"Choose options","description":"Enable 'Decode percent-encoding' to see human-readable values. Enable 'Deep query parse' for OAuth URLs, JWT links, and complex redirect chains."},{"step":"Run parser","description":"Click Parse URL or press Ctrl+Enter. Components appear in labeled sections."},{"step":"Review security flags","description":"Check the security flags panel for credentials in query strings, open redirect risks, and HTTP warnings."}],"faqs":[{"question":"What does deep query parse detect?","answer":"JWT tokens (three base64url segments — header and payload are parsed to JSON), base64-encoded state parameters (decoded and identified), nested URL-encoded URLs (decoded to full URL string), and JSON strings embedded in query values."},{"question":"Which security issues are flagged?","answer":"Credentials in query params (password, token, api_key, client_secret, etc.), open redirect risks where redirect_uri points to an external domain, excessively long parameter values, credentials in the URL userinfo component (user:pass@host), and plain HTTP (non-HTTPS) URLs."},{"question":"Does it handle URLs with malformed percent-encoding?","answer":"Yes. Malformed percent sequences (like %ZZ) are handled gracefully — decoding falls back to the raw value rather than throwing an error."},{"question":"What if the URL has no protocol?","answer":"A protocol is required for correct parsing. The tool returns valid:false for URLs without a protocol (e.g. \"example.com/path\"). Prepend https:// before calling the tool."},{"question":"Can I use this tool via the MCP API?","answer":"Yes. The tool is registered on the obfus.link MCP server at https://obfus.link/mcp. Call it from any MCP-compatible agent with a Shared Payment Token. The MCP tool name matches the snake_case slug shown in the integration snippet."}],"workflowChains":{"live":[],"planned":[]},"tags":["url","parse","query","jwt","base64","oauth","redirect","security","deep-decode"],"tddVerified":true,"mcpCostUnits":1}}