Configuration parameters
The configuration is assembled from JSON files and a few selected environment parameters. We use those environment parameters because they're a commonly used way to configure instances in virtual environments such as Docker, IBM Cloud, and Kubernetes.
The Domino REST API ships with default settings in internal files config.json
and security.json
. These are internal files, not subject to user modifications.
CaSe SeNsItIvE
Parameters are case sensitive
To alter a parameter either set an environment parameter, if one exists (there aren't that many) or create a JSON file in keepconfig.d
following the how-to guide Modify configuration of Domino REST API.
Environment
Parameter | Description |
---|---|
PORT: 8880 | HTTP(S) port for the Domino REST API service. |
METRICSPORT: 8890 | Endpoint for Prometheus Metrics. |
JwtDuration | Lifetime in minutes for the internal JWT provider. Default value is 60 mins. |
maxJwtDuration | Maximum lifetime in minutes that the JWT tokens get accepted. |
TLSFile | TLS file with key for jks, pem or pfx. |
TLSPassword | Password for jks and pfx key file. |
shutdownkey | Passphrase for posting to http://localhost:adminport/shutdown to shut down Domino REST API. |
HEALTHCHECK_USER | Username for accessing Health check (Port 8886) |
HEALTHCHECK_PASSWORD | Password for accessing Health check (Port 8886) |
Parameters in JSON files
A configuration can have the following top-level properties. These properties are case-sensitive.
Property | Type | Description |
---|---|---|
MANAGEMENTPORT | int (0 to 65353) | (default 8889) Commands regarding the runtime, e.g. config and shutdown, should only be exposed to an admin network workstation. |
METRICSPORT | int (0 to 65353) | (default 8890) Port for Prometheus metrics. |
Firehoseport | int (0 to 65353) | (default 42424) Port for Firehose to successfully deliver data to custom HTTP endpoints. |
PORT | int (0 to 65353) | (default 8880) The port for regular API access. |
prometheusMetrics | prometheusParameters | Parameters to hand over to the Prometheus task from vert.x. |
versions | versionParameters | List of the OpenAPI definition files to load. |
verticles | verticlesParameters | The verticles to load. |
vertx | vertxParameters | Parameters to hand to the start of vert.x, see the vert.x documentation for details. |
ServerDirectDBAccess | Boolean | Set to true to allow Direct Database access for server. |
createKeepDBfromTemplate | Boolean | Set to true to allow create Domino REST API Database from template. |
useJnxDesigns | Boolean | Set to false to stop the use of Jnx Designs. |
AllowJwtMail | Boolean | Set to true to allow email to be sent via a JWT token. |
AllowLocalMailFile | Boolean | Set to true to allow local mail file |
shutdownkey | String | Key to be passed to trigger a server shutdown. This is hashed out in the /config endpoint and only accessible by looking at the relevant config files. Note, this may have been overloaded in a config file in the config.d directory. |
showDeprecatedEndpoints | Boolean | True to allow access to deprecated endpoints / APIs |
showPreviewFeatures | Boolean | True to allow preview access to new features, endpoints, or APIs |
bodyHandler | bodyHandler parameters | Handles HTTP file uploads and used to limit body sizes |
webAuthnActive | Boolean | Set to true to enable WebAuthn to be active. |
jwt | JWT parameters | Parameters for enabling Domino REST API to accept JWT tokens from external providers |
Prometheus Parameters
Property | Type | Description |
---|---|---|
Endpoint | String | Route path to metrics. |
enabled | Boolean | true to enable metrics collection. |
publishQuantiles | Boolean | true to publish Quantiles. |
Version parameters
Versions has a named list of entries with two parameters:
Property | Type | Description |
---|---|---|
path | String | Path used by getResourceAsStream to load an OpenAPI specification file. |
active | Boolean | Whether the spec is loaded. |
The name of the entries must match the name used in versions of the RestAPI verticle (See below).
Vert.x parameters
Property | Type | Description |
---|---|---|
metric | metricsParameters | Parameter for vert.x metrics. |
Metrics parameters
Here is a JSON representation of the resource:
{
"enabled": true,
"jvmMetricsEnabled": true,
"metricuser": "metrics"
}
Property | Type | Description |
---|---|---|
disabledMetricsCategories | Array of Strings | Specified in the MetricsDomain Java class, e.g. vertx.http.server |
enabled | Boolean | Whether metrics are enabled on the Vert.x instance. |
jvmMetricsEnabled | Boolean | Whether JVM metrics are collected. |
labels | Array of Strings | List of labels to enable / disable. |
labelMatches | Array of Match | List of rules for label matching. |
registryName | String | Name for the metrics registry, so that a new registry is created and associated with this name. Leave blank for default. |
Verticle parameters
Verticles defines a separate unit of work for particular tags. For the Rest API verticle, see below. The rest have a standard set of parameters:
Property | Type | Description |
---|---|---|
active | Boolean | Whether to load this verticle. |
className | String | Class to use for the verticle. Typically this is com.hcl.domino.keep.verticles.DominoDefaultVerticle , unless you need to extend that class. |
tags | Object | Tags from OpenAPI specs to allocate to this verticle and the package in which to find the NSFHandlers. |
instances | int | Relevant only for RestAPI verticle, loads multiple instances that each use a thread pool. You will need to be aware of the number of cores available and scalability, see the Vert.x documentation. |
threadPoolName | String | If a worker verticle should use a dedicated pool, a required thread pool name. By default it is assigned 10 threads, but this can be overwritten with threadPoolSize . If the same threadPoolName is used by multiple verticles, the thread pool is shared across those verticles. |
threads | int | This will only be used for worker threads with a specific threadPoolName . The default is 10, but this can be overwritten. |
worker | Boolean | To make this a worker verticle. Worker verticles don't run on the event loop thread, but on worker threads from a preconfigured pool of 20 threads. Use for heavy-duty verticles. |
The following are types of verticles with additional parameters:
AsyncAgentScheduler verticle
This is the verticle for running async agents - calls to /run/agent
with async
set to true
in the payload. In the Notes client you can look at KeepAgents.nsf
for the asynchronous agents that are running or have run. This properties for this verticle include the above, plus these:
Property | Type | Description |
---|---|---|
agentDefaultMaxDurationSeconds | int | Timeout for asynchronous agents, in seconds. A value of -1 allows all agents to run to completion without timeout. |
logFrequencyMs | int | Frequency to log messages of running async agents to the console. |
RestAPI verticle
This is the verticle for managing WebHandlers. worker
, threadPoolName
, threadPoolSize
, className
and active
parameters are as for the other verticles. This verticle also has a versions
parameter. This maps to the top-level versions
parameter and has the following properties:
Property | Type | Description |
---|---|---|
defaultClass | String | Class to use for the WebHandler if no class is defined. com.hcl.domino.keep.handlers.v1.DefaultJsonHandler handles any authenticated endpoint that receives either no body or a body with ContentType as application/json and responds with ContentType as application/json . |
defaultDatabase | String | Domino REST API Database to use if there is no query parameter for "db" passed. |
package | String | Package in which to find the WebHandlers for this version. |
route | String | URL path for all OpenAPI endpoints for this spec. |
BodyHandler parameters
Property | Type | Description |
---|---|---|
uploadsDirectory | String | Sets the uploads directory to use. Default value is keep-file-uploads.d |
bodyLimit | int | Sets the maximum body size in bytes. Setting the value to -1 means no limit. |
JWT parameters
Property | Type | Description |
---|---|---|
active | Boolean | Set to true to load the JWT |
providerURL | String | Base or full URI to the endpoint of the external JWT provider |
algorithm / alg | String | Signing algorithm being used |
kid | String | Stands for key ID and is a hint indicating which key was used to secure the JWS. |
keyFile | String | Path to the JWT public key |
iss | String | Identifies the principal that issued the JWT. The value is a case-sensitive string containing a string or URI value. |
aud | String | Identifies the recipient that the JWT is intended for. When configuring Azure Active Directory as an IdP, the value of this parameter is the Application ID URI you configured. |
Remarks
Named elements vs. arrays
All configuration entries are named entries and not arrays, since named entries can be merged in the configuration while arrays can only be overwritten.
Deactivation of entries
The config.json
in the Jar has the entry for the setup
API as:
"versions": {
"setup": {
"path": "/schema/openapi.setup.json",
"active": true
}
}
When you supply your own some.json
in the config.d
directory:
"versions": {
"setup": {
"active": false
}
}
the resulting configuration available to Domino REST API is:
"versions": {
"setup": {
"path": "/schema/openapi.setup.json",
"active": false
}
}
In summary, the setup
API isn't loaded. This is the mechanism to disable default components without having to update the Jar.
Overwriting the values
All values can be over written by entries in the keepconfig.d
located in your Notes/Domino Data directory. If this directory doesn't exist, create it. The structure needs to be the same as in the default file, but only needs the entries you want to change.
Making excluded database files and directories available
config.json
includes the following JSON object that defines the excluded NSF files and directories.
"nsfExclusions": {
"mail/": true,
"KeepConfig.nsf": true,
"KeepConfig.ntf": true,
"KeepAgents.nsf": true,
"KeepAgents.ntf": true,
"KeepOAuth.ntf": true,
"oauth.nsf": true,
"names.nsf": true,
"*.ntf": true,
"help/": true,
"as_": true,
"MJ": true,
"domino/": true
}
To make an NSF file or directory, defined in the JSON object, available in the list of databases available when you define a schema in the Admin UI, see Enable excluded database files and directories.