diff --git a/config.json b/config.json
index 086b42d..d1d868f 100644
--- a/config.json
+++ b/config.json
@@ -10,6 +10,10 @@
         "data": "data"
     },
     "compression": 5,
+    "limits": {
+        "saves": -1,
+        "devices": -1
+    },
     "messages": {
         "key_expired": "API key expired",
         "key_invalid": "Invalid API key",
diff --git a/extensions/devices.py b/extensions/devices.py
index 7b2f6a9..e0d4129 100644
--- a/extensions/devices.py
+++ b/extensions/devices.py
@@ -3,7 +3,9 @@ from modules.database import col_devices, col_saves
 from fastapi import HTTPException, Depends
 from fastapi.responses import UJSONResponse, Response
 from fastapi.openapi.models import APIKey
-from starlette.status import HTTP_204_NO_CONTENT, HTTP_404_NOT_FOUND, HTTP_409_CONFLICT
+from starlette.status import HTTP_204_NO_CONTENT, HTTP_403_FORBIDDEN, HTTP_404_NOT_FOUND, HTTP_409_CONFLICT
+
+from modules.utils import configGet
 
 @app.get("/devices", response_class=UJSONResponse, description="Get all devices")
 async def devices_get(apikey: APIKey = Depends(get_api_key)):
@@ -48,6 +50,15 @@ async def devices_post(name: str, os: str, apikey: APIKey = Depends(get_api_key)
 
     user = user_by_key(apikey)
 
+    if col_devices.count_documents({"user": user}) >= configGet("devices", "limits"):
+        return UJSONResponse(
+            {
+                "detail": f'Too many devices. This instance allows to register only {configGet("devices", "limits")} devices per user',
+                "limit": configGet("devices", "limits")
+            },
+            status_code=HTTP_403_FORBIDDEN
+        )
+
     if col_devices.find_one({"user": user, "name": name}) is not None:
         raise HTTPException(HTTP_409_CONFLICT, detail="Device with this name already exists.")
 
diff --git a/extensions/saves.py b/extensions/saves.py
index d3eb693..08dffab 100644
--- a/extensions/saves.py
+++ b/extensions/saves.py
@@ -9,9 +9,9 @@ from modules.database import col_devices, col_saves
 from fastapi import HTTPException, Depends, UploadFile
 from fastapi.responses import UJSONResponse, FileResponse, Response
 from fastapi.openapi.models import APIKey
-from starlette.status import HTTP_204_NO_CONTENT, HTTP_404_NOT_FOUND, HTTP_406_NOT_ACCEPTABLE
+from starlette.status import HTTP_204_NO_CONTENT, HTTP_403_FORBIDDEN, HTTP_404_NOT_FOUND, HTTP_406_NOT_ACCEPTABLE
 
-from modules.utils import zip_saves
+from modules.utils import configGet, zip_saves
 
 
 @app.get("/saves", response_class=UJSONResponse, response_model=Dict[str, StardewSave], description="Get all available game saves")
@@ -137,6 +137,15 @@ async def saves_post(device: str, files: List[UploadFile], apikey: APIKey = Depe
 
     error_return = HTTPException(HTTP_406_NOT_ACCEPTABLE, detail="You must provide two files: save file and SaveGameInfo for that save")
 
+    if col_saves.count_documents({"user": user}) >= configGet("saves", "limits"):
+        return UJSONResponse(
+            {
+                "detail": f'Too many save files. This instance allows to store only {configGet("saves", "limits")} saves per user',
+                "limit": configGet("saves", "limits")
+            },
+            status_code=HTTP_403_FORBIDDEN
+        )
+
     if len(files) != 2:
         return error_return