---
title: "Defaults and Limits"
url: "https://docs.caracal.run/reference/defaults-and-limits/"
markdown_url: "https://docs.caracal.run/markdown/reference/defaults-and-limits.md"
description: "Current ports, TTLs, timeouts, limits, and operational defaults."
page_type: "reference"
concepts: []
requires: []
---

# Defaults and Limits

Canonical URL: https://docs.caracal.run/reference/defaults-and-limits/
Markdown URL: https://docs.caracal.run/markdown/reference/defaults-and-limits.md
Description: Current ports, TTLs, timeouts, limits, and operational defaults.
Page type: reference
Concepts: none
Requires: none

---

## Ports

| Component | Port |
| --- | --- |
| API | `3000` |
| STS | `8080` |
| Gateway | `8081` |
| Audit | `9090` |
| Coordinator | `4000` |
| Postgres | `5432` |
| Redis | `6379` |

## Token and Authority Lifetimes

| Limit | Default |
| --- | --- |
| STS resource mandate cap | 15 minutes |
| STS session mandate cap | 60 minutes |
| STS `MAX_GRANT_TTL_SECONDS` | `3600` |
| DCR application lifetime default and maximum | 3600 seconds |
| `caracal run` injected credential TTL | 900 seconds |
| Runtime step-up polling | every 2 seconds for up to 5 minutes |
| Gateway expiring-token preflight window | 35 seconds |

## Service Limits

| Limit | Default |
| --- | --- |
| API body limit | `1_048_576` bytes |
| API request timeout | `30_000` ms |
| Gateway max request bytes | 10 MiB |
| Gateway STS timeout | 5 seconds |
| Gateway upstream timeout | 30 seconds |
| Gateway STS circuit failure limit | 3 failures |
| Gateway STS circuit open window | 10 seconds |
| STS `OPA_POLL_SECONDS` | 60 seconds, max 300 |
| Control body limit | 64 KiB |
| Control rate capacity | 60 per window |
| Control rate window | 60 seconds |
| Control replay TTL | 3600 seconds |

## Agent and Delegation Limits

| Limit | Default |
| --- | --- |
| Concurrent agent sessions per zone | 50 |
| Concurrent agent sessions per application | 200 |
| Child agents per parent session | 10 |
| Delegation depth | 10 |
| Agent labels per session | 32 |
| Agent label length | 64 characters |
| STS request rate per zone, resource, and acting application | 1000 per minute |

## Storage and Stream Defaults

| Default | Value |
| --- | --- |
| Audit retention | 365 days |
| Audit max deliveries before DLQ | 8 |
| Audit claim idle | 30 seconds |
| Audit tamper rolling window | 4 hours |
| Redis audit stream intended max length | 1,000,000 |
| Redis audit DLQ intended max length | 100,000 |
| Redis policy/revocation/key stream intended max length | 10,000 |

## Helm Defaults

| Service | Replicas | Max HPA replicas |
| --- | --- | --- |
| API | 2 | 8 |
| STS | 2 | 8 |
| Gateway | 2 | 16 |
| Audit | 2 | 8 |
| Coordinator | 2 | 8 |
| Control | disabled | 2 when enabled |

## Next Step

Use [CLI Exit Codes](/reference/runtime-exit-codes/) when automating top-level `caracal` runtime commands.