Domino endpoint security

Domino offers visibility and authorization controls for deployed Domino endpoints to limit who can see and interact with your endpoints. Learn how to control access and add contributors to Domino endpoints.

Public or private Domino endpoint

Configure your endpoint to be accessible by certain authorized users (private) or by anyone with access to your Domino deployment (public).

On the Domino endpoint page, go to Settings > Access and Sharing.

Public

Anyone with access to your Domino deployment can search, discover, and view your Domino endpoint. Only collaborators can modify or deploy versions or settings.

Private

Only collaborators can search, discover, and view your Domino endpoint. Only collaborators can modify or deploy versions or settings.

Unrestricted or restricted authorization

Authorization settings specify which users can access the Domino endpoint’s prediction endpoint.

Restricted

A restricted Domino endpoint only authorizes specific users with valid access tokens to request predictions. Users must send the valid token with their requests. Code examples in the endpoint’s Overview tab show sample requests.

Generate an endpoint access token from the Domino endpoint’s Settings > Invocation tab. Use the name field to track which tokens are issued, to whom, and for what purpose.

Unrestricted

Unrestricted endpoints allow anyone who can access Domino remotely to request predictions. No access token is required.

Note

Restricted Domino endpoint’s have different invocation methods depending on if they are synchronous or asynchronous:

  • Synchronous Domino endpoints require the caller to use HTTP basic authentication with the username and password both set to the access token.

    For example, if the token is c2b2532ed234f54, then the Domino endpoint must be invoked with the HTTP username c2b2532ed234f54 and password c2b2532ed234f54.

  • Asynchronous Domino endpoints require the caller to use HTTP bearer (or token) authentication with the access token.

    For example, if the token is c2b2532ed234f54, then the Domino endpoint must be invoked with the HTTP header Authorization: Bearer c2b2532ed234f54.

PublicPrivate

Unrestricted

  • Anyone with access to your Domino deployment can search, discover, and view your Domino endpoint.

  • Only collaborators can modify or deploy versions or settings.

  • No access token is required to request a prediction.

  • Only collaborators can search, discover, and view your Domino endpoint.

  • Only collaborators can modify or deploy versions or settings.

  • No access token is required to request a prediction.

Restricted

  • Anyone with access to your Domino deployment can search, discover, and view your Domino endpoint.

  • Only collaborators can modify or deploy versions or settings.

  • An access token is required to request a prediction.

  • Only collaborators can search, discover, and view your Domino endpoint.

  • Only collaborators can modify or deploy versions or settings.

  • An access token is required to request a prediction.

Add collaborators

You can add Domino endpoint collaborators to view and manage specific Domino endpoints (but not the whole project). Domino endpoint collaborators can also invoke private prediction endpoints.

To add Domino endpoint collaborators: . Go to the Domino endpoint page > Settings > Access and Sharing. . Add new collaborators by their username or email address. You can also add organizations as collaborators and grant permissions to all members.

If you are the project owner, you can set the following access levels for collaborators:

Viewers

Viewers can only view the Domino endpoint versions and logs. They cannot view settings, edit settings, or publish new versions. A viewer cannot see access tokens.

Editors

Editors with collaborator access to the underlying project can deploy new versions. They can view logs, view audit history, and change most settings. They cannot invite new collaborators or change Domino endpoint visibility. An editor can see all access tokens and create new ones.

Owners

Owners have all of the above permissions, and they can invite new collaborators, change the visibility, and transfer ownership. An owner can see and revoke all access tokens and create new ones.

You can also add Project collaborators to grant them access to Domino endpoints within a project. Project collaborators assigned the Contributor role can create Domino endpoints, becoming the endpoint owner with the permissions listed above. All project collaborators can list Domino endpoints in the project, but they do not have access to the endpoints unless they are the endpoint owner or explicitly granted access.