Link governance
Requires a Team plan or higher.
Link governance lets you set workspace-wide rules that are automatically enforced whenever anyone creates a link. This keeps your link hygiene consistent across the entire team without relying on manual reviews.
Available policies
| Policy | Description |
|---|---|
require_utm | All links must have UTM parameters (at least source and medium) |
require_tags | All links must have at least one tag |
require_title | All links must have a title |
max_expiry_days | Links must have an expiry date, and it must be within N days from now |
blocked_domains | Block links targeting specific domains (including subdomains) |
allowed_domains | Only allow links targeting these specific domains (including subdomains) |
Setting up governance
- Go to Settings > Governance (or use the API)
- Enable the policies you want
- Save
Once set, any link creation that violates a policy is rejected with a clear error message.
How policies work
require_utm
When enabled, every link must include UTM parameters with at least source and medium set. Links created without them are rejected.
require_tags
When enabled, every link must have at least one tag. Keeps your links organized from day one.
require_title
When enabled, every link must have a title. Prevents unnamed links from cluttering the dashboard.
max_expiry_days
When set to a number (e.g. 90), every link must:
- Have an
expires_atdate set - That date must be within N days from now
This prevents links from living forever and ensures cleanup.
blocked_domains
An array of domain names that cannot be used as link targets. Subdomain matching is included - blocking example.com also blocks sub.example.com.
Use this to prevent links to competitors, internal-only domains, or deprecated properties.
allowed_domains
An array of domain names that are the only permitted link targets. Subdomain matching is included - allowing example.com also allows sub.example.com.
Use this when you need strict control over link destinations - for example, restricting links to only your company’s owned properties.
blocked_domains and allowed_domains are mutually exclusive. If you set allowed_domains, the blocklist is ignored. Choose the approach that fits your use case:
- Blocklist - permissive by default, block specific domains. Best for most teams.
- Allowlist - restrictive by default, only approved domains. Best for regulated industries or enterprise compliance.
API
Set governance via PATCH /api/workspaces/:wsId with the governance field. See the Workspaces API reference for details.
{ "governance": { "require_utm": true, "require_tags": true, "max_expiry_days": 90, "blocked_domains": ["competitor.com", "old-site.com"] }}Set governance to null to clear all policies.