Skip to content



The Domino server task communicates with the REST API through the KeepManagementURL. It has a default value of http://localhost:8889. You can overwrite this setting in the notes.ini by editing, or creating if missing, the entry KeepManagementURL (case sensitive). Having configured a TLS certificate, you need to make sure the entry starts with https:// and uses the host name your TLS certificate has been issued for. localhost, or ::1 won't work. Configuring TLS doesn't change the port. So when you host, your TLS certificate is issued for, is and your old entry was missing or is the default of http://localhost:8880, then your new value needs to be: For more information, see Domino REST API task and ports.

Domino REST API comes with reasonable default configuration settings. They allow you to start evaluating and testing out-of-the-box. For an actual deployment, you want to understand the details as outlined here.

Understanding configuration

The configuration follows the concept of an Overlay File System, where the base configuration is retrieved from the jar file and then overlaid with all the JSON files (if present) in the keepconfig.d directory within the Notes data directory and finally, the environment parameters, if any of those exist. Check the details here.


Parameters are case sensitive.

Parameter Description
PORT: 8880 HTTP(S) port for the Domino REST API service.
METRICSPORT: 8890 Endpoint for Prometheus Metrics.
JwtDuration Lifetime in minutes for the internal JWT provider. Default value is 60 mins.
maxJwtDuration Maximum lifetime in minutes that the JWT tokens get accepted.
TLSFile TLS file with key for jks, pem or pfx.
TLSPassword Password for jks and pfx key file.
HEALTHCHECK_USER Username for accessing Health check (Port 8886)
HEALTHCHECK_PASSWORD Password for accessing Health check (Port 8886)

JSON Parameters

The detailed overview can be found here. A sample on how to use it for hardening a production environment can be found here. An explanation on how it actually works can be found here.

Configuration retrieval

The current configuration can be retrieved, with sensitive information masked, on the management port such as