Domino offers visibility and authorization controls for deployed model APIs to limit who can see and interact with your endpoints. Learn how to control access and add contributors to model API endpoints.
Configure your endpoint to be accessible by certain authorized users (private) or by anyone with access to your Domino deployment (public).
On the Model API page, go to Settings > Access and Sharing.
- Public
-
Anyone with access to your Domino deployment can search, discover, and view your model API. Only collaborators can modify or deploy versions or settings.
- Private
-
Only collaborators can search, discover, and view your model API. Only collaborators can modify or deploy versions or settings.
Authorization settings specify which users can access the model API’s prediction endpoint.
- Restricted
-
A restricted model endpoint only authorizes specific users with valid access tokens to request predictions. Users must send the valid token with their requests. Code examples in the model’s Overview tab show sample requests.
Generate a model access token from the model API’s Settings > Invocation tab. Use the name field to track which tokens are issued, to whom, and for what purpose.
- Unrestricted
-
Unrestricted endpoints allow anyone who can access Domino remotely to request predictions. No access token is required.
Note
|
Restricted model API’s have different invocation methods depending on if they are synchronous or asynchronous:
|
Public | Private | |
---|---|---|
Unrestricted |
|
|
Restricted |
|
|
Project collaborators have access to all of the model APIs in a project. However, you can also add Model API collaborators to view and manage specific model APIs (but not the whole project). Model API collaborators can also invoke private prediction endpoints.
To add Model API collaborators: . Go to the model API page > Settings > Access and Sharing. . Add new collaborators by their username or email address. You can also add organizations as collaborators and grant permissions to all members.
If you are the project owner, you can set the following access levels for collaborators:
- Viewers
-
Viewers can only view the model API versions and logs. They cannot view settings, edit settings, or publish new versions. A viewer cannot see access tokens.
- Editors
-
Editors with collaborator access to the underlying project can deploy new versions. They can view logs, view audit history, and change most settings. They cannot invite new collaborators or change Model API visibility. An editor can see all access tokens and create new ones.
- Owners
-
Owners have all of the above permissions, and they can invite new collaborators, change the visibility, and transfer ownership. An owner can see and revoke all access tokens and create new ones.