FEDERATION.md

# Federation

## Supported federation protocols and standards

- [ActivityPub](https://www.w3.org/TR/activitypub/) (Server-to-Server)
- [WebFinger](https://webfinger.net/)
- [Http Signatures](https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures)
- [NodeInfo](https://nodeinfo.diaspora.software/)

## Supported FEPs

- [FEP-67ff: FEDERATION.md](https://codeberg.org/fediverse/fep/src/branch/main/fep/67ff/fep-67ff.md)
- [FEP-f1d5: NodeInfo in Fediverse Software](https://codeberg.org/fediverse/fep/src/branch/main/fep/f1d5/fep-f1d5.md)
- [FEP-8fcf: Followers collection synchronization across servers](https://codeberg.org/fediverse/fep/src/branch/main/fep/8fcf/fep-8fcf.md)
- [FEP-5feb: Search indexing consent for actors](https://codeberg.org/fediverse/fep/src/branch/main/fep/5feb/fep-5feb.md)
- [FEP-044f: Consent-respecting quote posts](https://codeberg.org/fediverse/fep/src/branch/main/fep/044f/fep-044f.md)
- [FEP-3b86: Activity Intents](https://codeberg.org/fediverse/fep/src/branch/main/fep/3b86/fep-3b86.md): offer handlers for `Object` and `Create` (with support for the `content` parameter only), has support for the `Follow`, `Announce`, `Like` and `Object` intents

## ActivityPub in Mastodon

Mastodon largely follows the ActivityPub server-to-server specification but it makes uses of some non-standard extensions, some of which are required for interacting with Mastodon at all.

- [Supported ActivityPub vocabulary](https://docs.joinmastodon.org/spec/activitypub/)

### Required extensions

#### WebFinger

In Mastodon, users are identified by a `username` and `domain` pair (e.g., `Gargron@mastodon.social`).
This is used both for discovery and for unambiguously mentioning users across the fediverse. Furthermore, this is part of Mastodon's database design from its very beginnings.

As a result, Mastodon requires that each ActivityPub actor uniquely maps back to an `acct:` URI that can be resolved via WebFinger.

- [WebFinger information and examples](https://docs.joinmastodon.org/spec/webfinger/)

#### HTTP Signatures

In order to authenticate activities, Mastodon relies on HTTP Signatures, signing every `POST` and `GET` request to other ActivityPub implementations on behalf of the user authoring an activity (for `POST` requests) or an actor representing the Mastodon server itself (for most `GET` requests).

Mastodon requires all `POST` requests to be signed, and MAY require `GET` requests to be signed, depending on the configuration of the Mastodon server.

- [HTTP Signatures information and examples](https://docs.joinmastodon.org/spec/security/#http)

### Optional extensions

- [Linked-Data Signatures](https://docs.joinmastodon.org/spec/security/#ld)
- [Bearcaps](https://docs.joinmastodon.org/spec/bearcaps/)

### Additional documentation

- [Mastodon documentation](https://docs.joinmastodon.org/)

## Size limits

Mastodon imposes a few hard limits on federated content.
These limits are intended to be very generous and way above what the Mastodon user experience is optimized for, so as to accommodate future changes and unusual or unforeseen usage patterns, while still providing some limits for performance reasons.
The following table summarizes those limits.

| Limited property                                              | Size limit | Consequence of exceeding the limit |
| ------------------------------------------------------------- | ---------- | ---------------------------------- |
| Serialized JSON-LD                                            | 1MB        | **Activity is rejected/dropped**   |
| Profile fields (actor `PropertyValue` attachments) name/value | 2047       | Field name/value is truncated      |
| Number of profile fields (actor `PropertyValue` attachments)  | 50         | Fields list is truncated           |
| Poll options (number of `anyOf`/`oneOf` in a `Question`)      | 500        | Items list is truncated            |
| Account username (actor `preferredUsername`) length           | 2048       | **Actor will be rejected**         |
| Account display name (actor `name`) length                    | 2048       | Display name will be truncated     |
| Account note (actor `summary`) length                         | 20kB       | Account note will be truncated     |
| Account `attributionDomains`                                  | 256        | List will be truncated             |
| Account aliases (actor `alsoKnownAs`)                         | 256        | List will be truncated             |
| Custom emoji shortcode (`Emoji` `name`)                       | 2048       | Emoji will be rejected             |
| Media and avatar/header descriptions (`name`/`summary`)       | 1500       | Description will be truncated      |
| Collection name (`FeaturedCollection` `name`)                 | 256        | Name will be truncated             |
| Collection description (`FeaturedCollection` `summary`)       | 2048       | Description will be truncated      |
docs: update FEDERATION.md to more closely follow FEP conventions. (#28838) 2024-01-22 11:11:47 +00:00			`# Federation`

			`## Supported federation protocols and standards`

			`- [ActivityPub](https://www.w3.org/TR/activitypub/) (Server-to-Server)`
			`- [WebFinger](https://webfinger.net/)`
			`- [Http Signatures](https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures)`
			`- [NodeInfo](https://nodeinfo.diaspora.software/)`

			`## Supported FEPs`

			`- [FEP-67ff: FEDERATION.md](https://codeberg.org/fediverse/fep/src/branch/main/fep/67ff/fep-67ff.md)`
			`- [FEP-f1d5: NodeInfo in Fediverse Software](https://codeberg.org/fediverse/fep/src/branch/main/fep/f1d5/fep-f1d5.md)`
			`- [FEP-8fcf: Followers collection synchronization across servers](https://codeberg.org/fediverse/fep/src/branch/main/fep/8fcf/fep-8fcf.md)`
			`- [FEP-5feb: Search indexing consent for actors](https://codeberg.org/fediverse/fep/src/branch/main/fep/5feb/fep-5feb.md)`
Add fallback to `Object` intent for FEP-3b86 in remote interaction helper (#38130) 2026-03-11 10:42:24 +01:00			`- [FEP-044f: Consent-respecting quote posts](https://codeberg.org/fediverse/fep/src/branch/main/fep/044f/fep-044f.md)`
			- [FEP-3b86: Activity Intents](https://codeberg.org/fediverse/fep/src/branch/main/fep/3b86/fep-3b86.md): offer handlers for `Object` and `Create` (with support for the `content` parameter only), has support for the `Follow`, `Announce`, `Like` and `Object` intents
docs: update FEDERATION.md to more closely follow FEP conventions. (#28838) 2024-01-22 11:11:47 +00:00
			`## ActivityPub in Mastodon`
Add FEDERATION.md (#17029) Some ActivityPub projects have a FEDERATION.md which is used to describe the various extensions they use. Everything here is also documented elsewhere, but it's a concise starting point with links to that documentation. 2021-11-23 00:15:31 +01:00
			`Mastodon largely follows the ActivityPub server-to-server specification but it makes uses of some non-standard extensions, some of which are required for interacting with Mastodon at all.`

docs: update FEDERATION.md to more closely follow FEP conventions. (#28838) 2024-01-22 11:11:47 +00:00			`- [Supported ActivityPub vocabulary](https://docs.joinmastodon.org/spec/activitypub/)`
Add FEDERATION.md (#17029) Some ActivityPub projects have a FEDERATION.md which is used to describe the various extensions they use. Everything here is also documented elsewhere, but it's a concise starting point with links to that documentation. 2021-11-23 00:15:31 +01:00
			`### Required extensions`

docs: update FEDERATION.md to more closely follow FEP conventions. (#28838) 2024-01-22 11:11:47 +00:00			`#### WebFinger`
Add FEDERATION.md (#17029) Some ActivityPub projects have a FEDERATION.md which is used to describe the various extensions they use. Everything here is also documented elsewhere, but it's a concise starting point with links to that documentation. 2021-11-23 00:15:31 +01:00
			In Mastodon, users are identified by a `username` and `domain` pair (e.g., `Gargron@mastodon.social`).
			`This is used both for discovery and for unambiguously mentioning users across the fediverse. Furthermore, this is part of Mastodon's database design from its very beginnings.`

			As a result, Mastodon requires that each ActivityPub actor uniquely maps back to an `acct:` URI that can be resolved via WebFinger.

docs: update FEDERATION.md to more closely follow FEP conventions. (#28838) 2024-01-22 11:11:47 +00:00			`- [WebFinger information and examples](https://docs.joinmastodon.org/spec/webfinger/)`
Add FEDERATION.md (#17029) Some ActivityPub projects have a FEDERATION.md which is used to describe the various extensions they use. Everything here is also documented elsewhere, but it's a concise starting point with links to that documentation. 2021-11-23 00:15:31 +01:00
			`#### HTTP Signatures`

			In order to authenticate activities, Mastodon relies on HTTP Signatures, signing every `POST` and `GET` request to other ActivityPub implementations on behalf of the user authoring an activity (for `POST` requests) or an actor representing the Mastodon server itself (for most `GET` requests).

			Mastodon requires all `POST` requests to be signed, and MAY require `GET` requests to be signed, depending on the configuration of the Mastodon server.

docs: update FEDERATION.md to more closely follow FEP conventions. (#28838) 2024-01-22 11:11:47 +00:00			`- [HTTP Signatures information and examples](https://docs.joinmastodon.org/spec/security/#http)`
Add FEDERATION.md (#17029) Some ActivityPub projects have a FEDERATION.md which is used to describe the various extensions they use. Everything here is also documented elsewhere, but it's a concise starting point with links to that documentation. 2021-11-23 00:15:31 +01:00
			`### Optional extensions`

docs: update FEDERATION.md to more closely follow FEP conventions. (#28838) 2024-01-22 11:11:47 +00:00			`- [Linked-Data Signatures](https://docs.joinmastodon.org/spec/security/#ld)`
			`- [Bearcaps](https://docs.joinmastodon.org/spec/bearcaps/)`

			`### Additional documentation`

			`- [Mastodon documentation](https://docs.joinmastodon.org/)`
Merge commit from fork * Add limit on inbox payload size The 1MB limit is consistent with the limit we use when fetching remote resources * Add limit to number of options from federated polls * Add a limit to the number of federated profile fields * Add limit on federated username length * Add hard limits for federated display name and account bio * Add hard limits for `alsoKnownAs` and `attributionDomains` * Add hard limit on federated custom emoji shortcode * Highlight most destructive limits and expand on their reasoning 2026-01-20 15:14:45 +01:00
			`## Size limits`

			`Mastodon imposes a few hard limits on federated content.`
Typo fix in federation document (#37564) 2026-01-22 08:59:36 -05:00			`These limits are intended to be very generous and way above what the Mastodon user experience is optimized for, so as to accommodate future changes and unusual or unforeseen usage patterns, while still providing some limits for performance reasons.`
			`The following table summarizes those limits.`
Merge commit from fork * Add limit on inbox payload size The 1MB limit is consistent with the limit we use when fetching remote resources * Add limit to number of options from federated polls * Add a limit to the number of federated profile fields * Add limit on federated username length * Add hard limits for federated display name and account bio * Add hard limits for `alsoKnownAs` and `attributionDomains` * Add hard limit on federated custom emoji shortcode * Highlight most destructive limits and expand on their reasoning 2026-01-20 15:14:45 +01:00
			`\| Limited property \| Size limit \| Consequence of exceeding the limit \|`
			`\| ------------------------------------------------------------- \| ---------- \| ---------------------------------- \|`
			`\| Serialized JSON-LD \| 1MB \| Activity is rejected/dropped \|`
			\| Profile fields (actor `PropertyValue` attachments) name/value \| 2047 \| Field name/value is truncated \|
			\| Number of profile fields (actor `PropertyValue` attachments) \| 50 \| Fields list is truncated \|
			\| Poll options (number of `anyOf`/`oneOf` in a `Question`) \| 500 \| Items list is truncated \|
			\| Account username (actor `preferredUsername`) length \| 2048 \| Actor will be rejected \|
			\| Account display name (actor `name`) length \| 2048 \| Display name will be truncated \|
			\| Account note (actor `summary`) length \| 20kB \| Account note will be truncated \|
			\| Account `attributionDomains` \| 256 \| List will be truncated \|
			\| Account aliases (actor `alsoKnownAs`) \| 256 \| List will be truncated \|
			\| Custom emoji shortcode (`Emoji` `name`) \| 2048 \| Emoji will be rejected \|
Add backend support for storing remote actors profile pic and header descriptions (#37634) 2026-01-28 10:32:59 +01:00			\| Media and avatar/header descriptions (`name`/`summary`) \| 1500 \| Description will be truncated \|
Ingestion of remote collections (#38144) 2026-03-11 15:29:00 +01:00			\| Collection name (`FeaturedCollection` `name`) \| 256 \| Name will be truncated \|
			\| Collection description (`FeaturedCollection` `summary`) \| 2048 \| Description will be truncated \|