Friday, Nov 14, 2025
(reading time: I am guessing about 10 minutes?)
Friday, November 7, 2025, I added my 39th library to my Libby (via iOS application) not realizing the chain reaction it would cause. Adding that 39th library triggered a cascading failure (for just me) that prevented me from continuing with my Libby saved state. I was unable to export existing tags. I was unable to remove or add libraries. I was unable to add holds or borrow books. I was unable to recover using the Passkey feature. I was unable to Copy Data To Another device. I was unable to use any other existing instance (Safari on macOS) to do any of the above actions. All that was left for me to do was Reset Everything.
I’ve mourned what I’ve lost and I moved on. I spent the past week learning more about the Libby service in the hopes of understanding what went wrong and how to avoid this in the future. Below is my post-mortem analysis.
A serious Libby user, you ask? In 2024, I listened to over 400 audiobooks via Libby.
I had 2,512 titles tagged across 22 tags that I had accumulated over the past few years, including a 600+ TBR tag. For a brief period of time, I considered this the start of my villian origin story… 🤬
Luckily, I got better.
Those tags are “lost”. “lost” (in quotes) because while I can no longer access that data, the data is still resident on the Libby infrastructure until such time as it is reaped/removed by the Libby service. I had several borrowed audiobooks and 60-ish holds across 41-ish libraries that use Libby (Overdrive). The loans and holds are not lost. The timeline from the past several years is lost/not-lost. If I re-add those libraries to Libby, Libby will import that data from Overdrive re-creating my timeline. The timeline is contingent on adding all the appropriate libraries where I’ve borrowed content. Obviously, due to the issue I’ve alluded to, there is a “sekret” trap waiting. Finally, I have lost some of my obsession with audiobooks and chasing down libraries. I’ve gained insight into how the Overdrive and Libby systems work together.
This is a sanitized version of what I’ve learned. I hope that this improves your experience with Libby and helps prevent some dedicated Libby fans from experiencing the same failure I did.
I am not affiliated with Libby or Overdrive. I do not have anymore access to the Libby and Overdrive infrastructure than you do. I am a software engineer. Some of what I relate below are facts, some are educated guesses based on observation. I am not infallible. If I communicate inaccurate information, I apologize in advance and I will attempt to correct this source as I become aware of mistakes.
The what, where, why, when or how so many libraries. If that is all you were hoping to get from this post then you can stop here. 🛑
I won’t disparage Libby, Overdrive or anyone who works for Libby or Overdrive. I won’t engage in comment wars. If you doubt or disbelieve or dislike, you are free to do so. And please, always caveat emptor.
Background information is needed before you can understand how I broke my Libby.
To use Libby, you never created an account. You did not register a username and password at libbyapp.com. When you first started using Libby, Libby asked you for your library info. You found your library in their interface then input your library card number and your PIN. Once you provided that info to Libby, you were granted access to that library’s catalog! 📚
You can create holds, borrow, read or listen to titles. Hooray! What a fabulous system. I am definitely a fan (great job Libby and Overdrive!)
Scenario: You have one library. You explore. You find tags. You see that Libby creates some tags for you. You create tags. You add titles to those tags. All is great. Then, you realize you have another library card from that nearby town you worked in a few year ago (…new office scavenger hunt: “return with a local library card”). Can you add more than one library card to Libby?!? No way, that would be amazing… So you find that library card, use the Add Library interface in Libby, select the new library, enter the library card number and PIN… VOILA you now have TWO libraries. You search, find more books, place more holds, borrow more books…
ALL IS RIGHT IN THE WORLD. ✨
But wait. Where are the tags stored? Are they stored at Library #1? Or are they split between Library #1 and #2 depending on what titles are added and when tags are created? 🤔
Tags are not stored at your library. Tags are not stored at Overdrive (like your borrow/holds are, more on that later). Tags are stored on the Libby infrastructure. (Note: Overdrive does have a wishlist feature that can now be imported as a Libby tag… this must be newer feature as I have less experience with it)
If Libby is storing tags on their infrastructure, how does Libby identify me? Recall that we don’t authenticated to Libby using a username/password… It turns out, we do authenticate to Libby but not the way you usually do. Certainly not with a username/password.
When we first launch the Libby app or connect via a web page and add that first library, libby’s infrastructure generates a JSON Web Token or JWT [1] with information about you…a generated ID and some information about the libraries you have added (this will become important later). When you create a Passkey or when you Copy To Another Device, this data (your ID and library info) is used to allow you to connect with that other device or restore using the passkey. How these features work is not essential for this story. The token is good for some period of time. When it expires the Libby app or web browser requests the Libby service to refresh it. This token is how Libby knows it is you. All typical for mobile and web applications. What this enables is for Libby to store on your behalf data regarding your tags and which titles are in each tag. When the Libby app or web browser needs that list of tags, it requests that information. In that request, it includes your current JWT to authenticate the request. The Libby service validates that token and returns the data. Without a valid token, requests are refused.
Applications such as Libby use https to request and receive data. Web servers have limits. One such limit: requests need to be under a certain size. For libby, which uses nginx web servers (an awesome web server), the default limit for headers, including authentication headers (hint, hint), is 8k [2].
The stage is set.
We know how Libby knows it is you (a JWT token). We know what Libby stores on your behalf in your authentication token (an ID and info on each library you’ve added). We know that the token is needed to interact with tags among other data. We know that requests using https to default nginx configured servers will fail once request headers are over a default limit (8k).
Friday, I added my 39th library. Libby accepted the library info on my behalf. My local authentication token had not expired so my Libby application didn’t need a new token to act on my behalf. I don’t witness any problems. Libby behaves normally. I continue on my day. An indeterminate amount of time passes, the token expires unbeknownst to me. The iOS Libby application requests a refreshed token. It receives an updated token with the data that includes my 39th library. The next requests with this token fails. All of the requests fail. I can’t use the Libby sync feature. I can’t hold/borrow titles. I can’t request tags. I can’t export tags. I can’t add/remove libraries. At this point, I think it is an Overdrive outage. There was one just a few days ago. I make a post on reddit incorrectly blaming Overdrive 🫢 and ignore the problem for a few days. 😮💨
When next I check, my requests are still failing. Now, because I ignored the problem for a few days, every token I had is expired (I had tokens in several web browsers across several computers). My window to fix my problem had closed. I only realized this in hindsight. I didn’t know what went wrong at the time nor can I be sure that if I had know, that I could have recovered.
I contacted customer support for Overdrive. After describing the issue, I was told that I was likely beyond their help. They recommended I use Reset Everything. I would lose my tags and I would need to add my libraries again. And that I should keep it under 20 libraries.
🙁
So what exactly went wrong? And only 20 libraries? Really?
Each library you add to Libby, Libby will store data in your JWT. Each library you add, increases the size of the token. Once the token reaches a certain size, the Libby service will reject all requests that contain the token because it is too large.
HTTP/1.1 400 Bad Request
Server: nginx
Date: Thu, 13 Nov 2025 07:42:38 GMT
Content-Type: text/html
Content-Length: 226
Connection: close
<html>
<head><title>400 Request Header Or Cookie Too Large</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<center>Request Header Or Cookie Too Large</center>
<hr><center>nginx</center>
</body>
</html>
There is currently no safeguard in Libby to prevent you from making this mistake. There is also no easy way to calculate how close/far you might be from crossing the size limit. You might be able to add more than 20 but you also might break at 10. It is not the number that matters. It is dependent on the size of the data for each library you add occupies in your token.
We are about halfway through the explanation. The Summary so far, in case you are bored and want to bail:
If you only have a few libraries, you are not likely to encounter this problem. If you have many libraries or you are planning to add many libraries, this next section has some helpful tips to reduce the chance of encountering the issue I had
You can name your card with a maximum of 50 characters. Each character uses up space in your JWT pushing you closer to the limit where requests will fail. For example, If I had used the 50 character maximum for each library, I would fail after adding 8-10 libraries instead of 39. As far as I can tell, the card name is minimally used in the UI/UX. Libby uses the name of the LIBRARY, which is out of your control, in most places I could find in the UI. The one place the card name is used is when you register different cards at the same library. The name of the card helps distinguish which account. This is important for holds/borrows; Holds and borrows are tied to a specific card at a specific library. Tags and many of the other Libby features are not tied to an individual card. If you named every card using just a single character, you would use the least amount of space. However, this will not allow you to add unlimited library cards.
Libby does not currently have a feature that allows you to create tags from exported tag data. Maybe Libby will add that feature in the future. In the meantime, if you want to keep that data (in some format), then you should Export Tags on a frequency level that you are comfortable with.
While the passkey did not help in my situation, with prior knowledge, it might help you in the same situation. If I had known what the problem was, I could have restored using the passkey in the window before my token was corrupted and I could have removed a library or three. Thereby reducing the size of my auth token and allowing future requests to succeed again. Note: It is not good enough to just “restore” from the passkey. You have to hope you get a valid auth token and with that valid auth token remove the library or libraries that increased the size of your auth token past the limit. I admit that is difficult to know you are experiencing this issue. And, you might recover too late and not receive a valid auth token. Still, having a non-zero chance is better than having no chance, so configure your passkey.
This suggestion is the most irksome. At least, it is irksome to me. I understand when there are limits. However, this limit has me feeling grumpy. This limit does not need to exist. However, this is not the forum to complain; I am here to help. Advising you to limit the amount of libraries you connect to Libby is solid advice for avoiding the issue I experienced.
This is the section where I pontificate on what-ifs that maybe would have helped me. As I’ve said before, caveat emptor…
Recovery From Passkey
Recovery From Passkey feature that deletes your current JWTReset Everything or in the fantastical case where Recovery from Passkey existed.Q: I didn’t want to read this giant post, how many libraries can I safely add?
A: One
Q: I already use more than one library! Really, how many libraries can I safely add?
A: One
Q: This seems like it bothered you. Why did this bother you so much?
A: I dislike losing things. I lost my tags. I should have been better about exporting and saving them. It is rare these days that a service let users lose their data so I wasn’t expecting it. I made this post as therapy. And to inform loyal Libby users so less people have my experience.
Q: If I remove a library card or change the name of a library card to have a smaller name, will it give me additional room in my token?
A: Yes, I have confirmed that when I remove a library card, once the token is refreshed, the data for that library is removed from the token. Same with renaming the cards to a smaller name.
Q: I already have 12 libraries added, am I in danger?!
A: Probably not! If you added your last library more than a week ago, you are likely safe. Any damage would already be realized at this point. And while I can’t guarantee the number of libraries you have is safe, remember that I had 30+ libraries before 💩 hit the 🪭.
Thank you for reading. I hope your Libby experiences continue to be awesome.
Thank you to all involved with developing and maintaining Libby and Overdrive. It is a great service. It makes the world a better place.
Thank you to all involved with all the great libraries we use on a daily (hourly?!) basis. They also make the world a better place.
📚❤️
In the course of testing, I maintained two different Libby instances by starting from two different browsers. I confirmed that there are two different id values in each token. Each instance has different tags and tagged items. Each instance has a different set of Library cards. I added the same library card to both instances. When I rename the card in instance 1, the card is renamed in instance 2. This means that regardless of how many different instances I purposefully or accidentally connect to Libby, each library card has a single reference in the Libby infrastructure. That explains how I can change the name of Library Card A in instance 1 and the name will change in instance 2. And still, tags remain separate. Each instance has completely different list of tags and tagged titles.
[1]: JWT
[2]: nginx: large_client_header_buffers
[3]: reedit
(c) 2020-2025 Stephen Orens