ActivityPub

Federated Protocols

W3C Recommendation for decentralized social networking based on ActivityStreams 2.0, providing standardized client-to-server (C2S) and server-to-server (S2S) APIs for creating, updating, and deleting content as well as federating social activities across independently operated servers

Federated Open Standard Low capture risk
Links
Visit Community

Details

License AGPL / GPL-3.0 / MIT
Dev Status Released
Owner W3C Social Web Working Group (original authors: Christopher Lemmer Webber, Jessica Tallon, Erin Shepherd, Amy Guy, Evan Prodromou); now maintained by W3C Social Web Community Group
Country International
Start Year 2016
Stack Ruby on Rails, Node.js, Pleroma/Akkoma: Elixir, PHP/Laravel, Rust, TypeScript/Node.js
Funding Donations
Last Investigated Jan 15, 2026

Use Case Domains

Communication Group Formation & Governance Events & Coordination

Affordances

Protocol federation Cross-instance federation Consent-based audiences

Federated Protocol Attributes

Content Addressing No (location-based via HTTP URIs; not content-addressed)
E2EE N/A (not part of the ActivityPub standard; some implementations exploring E2EE for direct messages)
Signature HTTP Signatures (server-to-server authentication; signing HTTP requests with RSA or Ed25519 keys for federation; Linked Data Signatures also used by some implementations)
Federation Model Server-to-Server (S2S) via HTTP POST to Actor inboxes; servers deliver Activity objects to followers' inboxes and shared inboxes; Client-to-Server (C2S) API also specified but less commonly implemented
Instance / Server Requirements Moderate (can run on VPS; Mastodon: ~2GB RAM, ~20GB storage minimum; scales with user count and federation breadth)
Account Portability Partial (follower migration supported via Move activity; content/posts stay on origin server; Mastodon supports account redirect and follower transfer)
Discovery / Relay Architecture Instance-based discovery (WebFinger for user lookup; Actor URIs for profile resolution) + optional relays for content distribution across instances
Server Authority Model Full server authority (instance admins control users, content moderation, federation policy; can defederate from other instances; to/cc/bcc addressing for audience targeting)
Protocol Maturity / Standardization W3C Recommendation (January 23, 2018; formal W3C standard; ActivityStreams 2.0 also a W3C Recommendation)
Data Sovereignty Server-controlled (users' data stored on home instance; server admin has full access; user depends on instance operator)