diff --git a/scripts-available/CDB_Groups_API.sql b/scripts-available/CDB_Groups_API.sql
index 595a5d5..70f185c 100644
--- a/scripts-available/CDB_Groups_API.sql
+++ b/scripts-available/CDB_Groups_API.sql
@@ -23,8 +23,9 @@ FUNCTION cartodb._CDB_Group_DropGroup_API(group_name text)
     RETURNS VOID AS
 $$
     import string
+    import urllib
 
-    url = '/api/v1/databases/%s/groups/%s' % ('%s', group_name)
+    url = '/api/v1/databases/%s/groups/%s' % ('%s', urllib.quote_plus(group_name))
     query = "select cartodb._CDB_Group_API_Request('DELETE', '%s', '', '{200, 404}') as response_status" % url
     plpy.execute(query)
 $$ LANGUAGE 'plpythonu' VOLATILE SECURITY DEFINER;
@@ -34,6 +35,7 @@ FUNCTION cartodb._CDB_Group_RenameGroup_API(old_group_name text, new_group_name
     RETURNS VOID AS
 $$
     import string
+    import urllib
 
     url = '/api/v1/databases/%s/groups/%s' % ('%s', old_group_name)
     body = '{ "name": "%s", "database_role": "%s" }' % (new_group_name, new_group_role)
@@ -46,8 +48,9 @@ FUNCTION cartodb._CDB_Group_AddMember_API(group_name text, username text)
     RETURNS VOID AS
 $$
     import string
+    import urllib
 
-    url = '/api/v1/databases/%s/groups/%s/users' % ('%s', group_name)
+    url = '/api/v1/databases/%s/groups/%s/users' % ('%s', urllib.quote_plus(group_name))
     body = '{ "username": "%s" }' % username
     query = "select cartodb._CDB_Group_API_Request('POST', '%s', '%s', '{200, 409}') as response_status" % (url, body)
     plpy.execute(query)
@@ -58,8 +61,9 @@ FUNCTION cartodb._CDB_Group_RemoveMember_API(group_name text, username text)
     RETURNS VOID AS
 $$
     import string
+    import urllib
 
-    url = '/api/v1/databases/%s/groups/%s/users/%s' % ('%s', group_name, username)
+    url = '/api/v1/databases/%s/groups/%s/users/%s' % ('%s', urllib.quote_plus(group_name), username)
     query = "select cartodb._CDB_Group_API_Request('DELETE', '%s', '', '{200, 404}') as response_status" % url
     plpy.execute(query)
 $$ LANGUAGE 'plpythonu' VOLATILE SECURITY DEFINER;
@@ -77,8 +81,9 @@ FUNCTION cartodb._CDB_Group_Table_GrantPermission_API(group_name text, username
     RETURNS VOID AS
 $$
     import string
+    import urllib
 
-    url = '/api/v1/databases/%s/groups/%s/permission/%s/tables/%s' % ('%s', group_name, username, table_name)
+    url = '/api/v1/databases/%s/groups/%s/permission/%s/tables/%s' % ('%s', urllib.quote_plus(group_name), username, table_name)
     body = '{ "access": "%s" }' % access
     query = "select cartodb._CDB_Group_API_Request('PUT', '%s', '%s', '{200, 409}') as response_status" % (url, body)
     plpy.execute(query)
@@ -97,8 +102,9 @@ FUNCTION cartodb._CDB_Group_Table_RevokeAllPermission_API(group_name text, usern
     RETURNS VOID AS
 $$
     import string
+    import urllib
 
-    url = '/api/v1/databases/%s/groups/%s/permission/%s/tables/%s' % ('%s', group_name, username, table_name)
+    url = '/api/v1/databases/%s/groups/%s/permission/%s/tables/%s' % ('%s', urllib.quote_plus(group_name), username, table_name)
     query = "select cartodb._CDB_Group_API_Request('DELETE', '%s', '', '{200, 404}') as response_status" % url
     plpy.execute(query)
 $$ LANGUAGE 'plpythonu' VOLATILE SECURITY DEFINER;