Skip to main content
Version: v1.8

hydra serve public

hydra serve public

Serves Public HTTP/2 APIs


This command opens one port and listens to HTTP/2 API requests. The exposed API handles requests coming from the public internet, like OAuth 2.0 Authorization and Token requests, OpenID Connect UserInfo, OAuth 2.0 Token Revokation, and OpenID Connect Discovery.

This command is configurable using the same options available to "serve admin" and "serve all".

It is generally recommended to use this command only if you require granular control over the privileged and public APIs. For example, you might want to run different TLS certificates or CORS settings on the public and privileged API.

This command does not work with the "memory" database. Both services (privileged, public) MUST use the same database connection to be able to synchronize.


ORY Hydra can be configured using environment variables as well as a configuration file. For more information on configuration options, open the configuration documentation: <<

hydra serve public [flags]


  -h, --help   help for public

Options inherited from parent commands

      --config string                                    Config file (default is $HOME/.hydra.yaml)
--dangerous-allow-insecure-redirect-urls strings DO NOT USE THIS IN PRODUCTION - Disable HTTPS enforcement for the provided redirect URLs
--dangerous-force-http DO NOT USE THIS IN PRODUCTION - Disables HTTP/2 over TLS (HTTPS) and serves HTTP instead
--disable-telemetry Disable anonymized telemetry reports - for more information please visit
--skip-tls-verify Foolishly accept TLS certificates signed by unkown certificate authorities
--sqa-opt-out Disable anonymized telemetry reports - for more information please visit


  • hydra serve - Parent command for starting public and administrative HTTP/2 APIs