Share-link parameters
Description of parameters for protocol server links (VLESS, VMess, Trojan, Shadowsocks, Hysteria2, SOCKS5, WireGuard).
VLESS
Core parameters
Parameter
Field
Default
Description
encryptionencryption
"none"Encryption
flowflow
XTLS flow (e.g. xtls-rprx-vision)
typenetwork
"tcp"Transport: tcp, ws, grpc, xhttp, kcp, quic
securitysecurity
"none"Security: none, tls, reality
TLS
Parameter
Field
Description
sniSNI
Server Name Indication
fpfingerprint
uTLS fingerprint (values below)
alpnALPN
Comma-separated protocols (e.g. h2,http/1.1)
Allowed fp values (uTLS from xray-core): chrome, firefox, safari, ios, android, edge, 360, qq, random (a random real browser), randomized (randomized with ALPN), randomizednoalpn. Pinned versions are also accepted: hellochrome_120/131/133, hellofirefox_120/148, helloios_13/14, helloedge_106, hellosafari_26_3, hello360_11_0, helloqq_11_1, hellogolang (Go-default, no impersonation), unsafe. Empty/unset → chrome. The value is passed to xray as-is.
Reality
Parameter
Field
Description
pbkpublicKey
Reality public key
sidshortId
Short ID
spxspiderX
Spider X path
Transport (WebSocket)
Parameter
Field
Description
pathpath
WebSocket path (URL-decoded)
hosthost
Host header
Transport (gRPC)
Parameter
Field
Description
serviceNameserviceName
gRPC service name
authorityauthority
HTTP authority
Transport (xHTTP / SplitHTTP)
Parameter
Field
Description
pathpath
Path
hosthost
Host header
modexhttpMode
Mode: auto, packet, connect
extraxhttpExtra
Additional data (URL-encoded JSON)
type=splithttp is automatically normalized to xhttp.
Transport (mKCP)
Parameter
Field
Description
headerTypeheaderType
Header type (none, srtp, utp, wechat-video, etc.)
seedkcpSeed
KCP seed
mtukcpMtu
MTU (Maximum Transmission Unit), default 1350
ttikcpTti
TTI (Transmission Time Interval) in ms, 10–5000, default 50
Transport (QUIC)
Parameter
Field
Description
quicSecurityquicSecurity
none, aes-128-gcm, chacha20-poly1305
keyquicKey
QUIC key
Advanced security parameters
Parameter
Field
Description
fmfinalmask
uTLS mask (URL-encoded JSON)
pcspinnedPeerCertSha256
SHA-256 certificate pin (URL-encoded)
vcnverifyPeerCertByName
Verify certificate by name (URL-encoded)
echechConfigList
Encrypted Client Hello config (URL-encoded)
pqvmldsa65Verify
Post-quantum ML-DSA-65 verification
TCP fragmentation (per-server)
Fragmentation parameters can be set directly in the share-link, and they apply only to that server (separately from the provider-level fragmentEnabled in Premium API ).
Parameter
Field
Description
fragmentPacketsfragmentPackets
Which packets to apply to: tlshello, 1-3, 1, all
fragmentLengthfragmentLength
Fragment length range in bytes (e.g. 10-30)
fragmentIntervalfragmentInterval
Delay range between fragments in ms (e.g. 10-30)
These same parameters can be passed on any VLESS/VMess/Trojan server — the parser adds them to the VLESSConfig model and xray applies fragmentation when the security check is active (tls/reality).
Fragment (after #)
Everything before the first ? is the server name (URL-decoded)
serverDescription is a base64-encoded description (up to 30 characters)
VMess
Base64-encoded JSON object:
Field
Type
Default
Description
addstring
Server address
portint
Port
idstring
UUID
psstring
Name / remark
scystring
"auto"Encryption
aidint
0Alter ID
netstring
"tcp"Transport
tlsstring
"tls" or empty
snistring
SNI
fpstring
TLS fingerprint
pathstring
WebSocket/gRPC path
hoststring
Host header
typestring
Header type (ignored if "none")
alpnstring
Comma-separated ALPN
Additionally for full xray configs:
Field
Type
Description
meta.serverDescriptionstring
Server description
Trojan
Parameters are similar to VLESS with the following differences:
The password is passed in userInfo (instead of a UUID)
security defaults to "tls" (not "none")Additional parameter peer — fallback for SNI (if sni is not specified)
Supports advanced parameters: fm, pcs, vcn, ech
Shadowsocks
Two formats:
Modern:
SIP002:
Component
Description
methodEncryption method (e.g. aes-256-gcm, chacha20-ietf-poly1305)
passwordPassword
Hysteria2
Parameters
Parameter
Field
Description
insecuresecurity
"1" → no certificate verification
sniSNI
Server Name Indication
fpfingerprint
TLS fingerprint
pinSHA256pinnedPeerCertSha256
SHA-256 certificate pin (URL-encoded)
alpnALPN
Comma-separated protocols
obfshy2Obfs
Obfuscation type
obfs-passwordhy2ObfsPassword
Obfuscation password (URL-encoded)
uphy2UpMbps
Upload speed (Mbps)
downhy2DownMbps
Download speed (Mbps)
The first port (443) is used for connecting
Format: port1,port2-port3 (ranges are supported)
IPv6
SOCKS5
Component
Description
username:passwordSOCKS5 credentials (optional, may be anonymous)
host:portProxy server address
SOCKS5 is a simple proxying protocol; no additional query parameters are required.
Fragment (#): everything before the first ? is the server name (URL-decoded), serverDescription is a base64-encoded description (up to 30 characters).
SOCKS5 example
WireGuard
Component
Description
secretKeyPrivate (secret) key in userInfo
host:portWireGuard endpoint address
WireGuard parameters
Parameter
Required
Description
publickeyYes
Peer public key
addressNo
Local tunnel address (comma-separated for multiple)
mtuNo
MTU (default 1500)
reservedNo
Reserved bytes (comma-separated: 1,22,33)
allowinsecureNo
1 = do not verify certificate (informational)
Fragment (#): everything before the first ? is the server name (URL-decoded), serverDescription is a base64-encoded description (up to 30 characters).
WireGuard example