Reference — limits
Limits & rate limits
Hard caps that gate agent abuse. Numbers on this page are pulled from Linky itself at build time, so they always match what the API will actually accept.
Per-Linky limits
| Limit | Value |
|---|---|
| URLs per Linky | 25 |
| Max URL length | 2048 characters |
| Supported protocols | http:, https: |
URLs outside these bounds are rejected with 400 INVALID_URLS.
Policy limits
| Limit | Value | When it bites |
|---|---|---|
| Rules per policy | 50 | Checked on every POST and PATCH. |
| Tabs per rule | 20 | Checked on create / edit. |
| Condition nesting depth | 4 | Compound and / or / notbodies can't nest deeper. Checked on create / edit. |
| Condition string value length | 512 characters | Per value in an in list or a scalar op. Checked on create / edit. |
Exceed any of these and the API returns 400 BAD_REQUEST. See Personalize for how the caps interact with the DSL.
Plan defaults
Every account currently uses these defaults.
| Subject | Max Linkies | Max URLs per Linky | Can edit |
|---|---|---|---|
anonymous | 50 | 25 | No (anonymous Linkies are immutable). |
free (signed-in user or org) | 100 | 25 | Yes (per ownership rules). |
Anonymous create rate limit (IP)
Applies to the unauthenticated POST /api/links path and the POST /api/links/:slug/events Open All ping, keyed by client IP. Authenticated callers use the per-key bucket below instead.
| Setting | Default | Self-host override |
|---|---|---|
| Window | 60,000 ms (1 minute) | LINKY_RATE_LIMIT_WINDOW_MS |
| Max requests per window | 30 | LINKY_RATE_LIMIT_MAX_REQUESTS |
Exceeding the limit returns 429 RATE_LIMITED. Back off and retry — a retry-after strategy is recommended for agents running in a loop.
Per-key rate limit (bearer)
Every authenticated request — HTTP, SDK, CLI, or MCP — counts against the API key's per-hour bucket. Keys are minted with a default of 1000 requests per 60-minute rolling window; the dashboard and POST /api/me/keys both accept a custom rateLimitPerHour at mint time.
| Setting | Value | Notes |
|---|---|---|
| Default | 1000 / hour | Sized so no legitimate agent workflow hits it, but a runaway loop 429s within seconds. |
| Minimum | 0 | 0 disables the limit entirely. Reserve for admin / internal keys you control end-to-end. |
| Maximum | 100,000 / hour | Hard cap on POST /api/me/keys. Contact us if you need higher in a hosted deployment. |
| Window | Rolling 60 minutes | Per-key bucket, independent of every other key. Each key burns its own quota. |
Exhausted keys get HTTP 429 with code: "RATE_LIMITED" and retryAfterSeconds in the JSON body (and the Retry-After response header). The MCP surface maps this to JSON-RPC error code -32004with the same payload. The SDK's LinkyApiError exposes retryAfterSeconds directly — switch on the code, sleep the seconds, retry.
Self-hosted instances today share a single in-memory bucket per Node process; the numbers fragment across horizontally-scaled instances. A Redis-backed bucket is a Sprint 3 follow-up for the paid plan tiers.