Should path parameters be URL encoded or have reserved chars escaped?

[ajtucker]

We saw that a request made to a Rails app with a valid URI (/cbd-products/products-list/[object%20Object], presumably with the [ and ] chars encoded) ends up having the path parameter [object Object] copied verbatim without any escaping into the URI used to call an API endpoint.

See https://github.com/epimorphics/sapi-client-ruby/blob/main/lib/sapi_client/sapi_endpoint.rb#L86, which is where I think the value is copied into the URL.

This then raises an exception when the request is attempted at e.g. https://github.com/epimorphics/sapi-client-ruby/blob/main/lib/sapi_client/instance.rb#L40 with a URI::InvalidURIError.

Should these values be escaped before being put into the URI?