Skip to content

URI Scheme

The Hysteria 2 URI scheme is designed to provide a compact representation of the necessary information for connecting to a Hysteria 2 server. It captures various parameters such as server address, authentication details, obfuscation type and parameters, TLS settings.





hysteria2 or hy2


The authentication credentials should be specified in the auth component of the URI. A special case is when the server uses the userpass authentication, in which case the auth component should be formatted as username:password.


The hostname and optional port of the server. If the port is omitted, it defaults to 443.

Query parameters

  • obfs: The type of obfuscation to be used. Current only salamander is supported.

  • obfs-password: The password required for the specified obfuscation type, if applicable.

  • sni: Server Name Indication to be used for TLS connections.

  • insecure: Determines if insecure TLS connections are allowed. Accepts boolean values "1" for true and "0" for false.

  • pinSHA256: The pinned SHA-256 fingerprint of the server's certificate.


hysteria2://[email protected]/?insecure=1&obfs=salamander&obfs-password=gawrgura&pinSHA256=deadbeef&

Implementation notes

The URI is intentionally designed to contain only the essential information needed to connect to a Hysteria 2 server. While third-party implementations are free to add additional parameters if necessary, they must not assume that other implementations will understand them.

Furthermore, the parameters should never include client modes (HTTP, SOCKS5, etc.) or bandwidth values. Users should be aware that these things are not meant to be shared and used blindly by others, as they are specific to each user and should be configured accordingly.