What's new for Domino REST API v1.1.3
Release date: April 21, 2025
New features
-
Added the option to use Proof Key for Code Exchange (PKCE) as the authentication method for the created OAuth app on the Application Management page in the Admin UI. PKCE enhances security by ensuring that only the intended client can obtain an access token, providing a strong defense against potential security threats.
For more information, see Add an application.
-
Added OpenAPI schema and Swagger page for the Web Application Open Platform Interface or WOPI protocol that provides a set of endpoints enabling seamless online collaborative editing of document attachments in Domino.
-
Added the capability of setting the WebDAV and WOPI session durations and lock durations using the following configuration parameters:
WopiSessionSecondsWebdavSessionSecondsWopiLockSecondsWebdavLockSeconds
For more information, see Configuration parameters for details of the configuration parameters and Modify configuration of Domino REST API for the procedure on modify the Domino REST API configuration.
-
New option for logging in to the Admin UI
You can now log in to the Admin UI using the Log in with OIDC option. This option enables the use of Domino REST API IdP and implements the OAuth process requiring user consent to log in. It also enables the use of external IdP to log in to the Admin UI that uses authorization code flow with PKCE.
For more information, see Log in options.
Improvements
- Cache ACL Lookups for faster operations.
- Enhanced
POST v1/run/formulato supportformsarray and form alias. - Improved error handling when an error occurs while saving a configured form by still making the field editor accessible.
- Improved error handling for failed calls when initiating PKCE authorization or token refresh.
Resolved issues
- Fixed the issue where calling an endpoint with an HTTP Method that isn't supported with this endpoint would return an HTTP 204. Fixed to return HTTP 404 in this case.
- Fixed the issue where the creation of a document via a POST method succeeded even when the field, set as required by the Required toggle in the Field Setting, was missing from the request payload.
- Fixed the issue with the
POST pim-v1/messageendpoint related to a sent message not being received when multiple recipients were in the To, CC, or BCC field.
Breaking changes
CORS is now using Regex
Browser-based applications that are hosted on a different host need CORS 
support. Until Domino REST API v1.1.2, this was done by providing a plain string that a domain would need to end on. Starting Domino REST API v1.1.3, this is replaced with a regular expression (Regex) .
Old:
"CORS": {
"localhost": true,
".local" : true
}
New:
"CORS": {
"^https?:\\/\\/localhost(?:\\:\\d+)?$": true,
"^https?:\\/\\/.*\\.local(?:\\:\\d+)?$": true
}
A few pointers:
^→ beginning of the stringhttp→ the literal stringhttps?→ optional the strings\\/→ double escape the string/.*→ one or more characters of any type\\.→ double escape the string.(?:\\:\\d+)?→ double escaped optional colon and port number$→ end of string
Note
Inside JSON, the \ of Regex gets escaped to \\.
This enables greater flexibility, but requires an update to your CORS variable if you have made changes in keepconfig.d to your CORS configuration.
Example:
Change mycompany.com to https:\\/\\/.*\\.mycompany\.com:8000$ to allow only https on port 8000 for mycompany.com.
Use a Regex tool
Regex can be hard to decipher and understand due to their syntax and flexibility. To test if a Regex does what you want, use an online interactive tool for validation. Make sure to pick the Java flavor.
Others
- Installer jar files:
- For Domino 14: restapiInstall-r14.jar
- For Domino 12: restapiInstall-r12.jar
- Docker image version for docker compose .env file (CONTAINER_IMAGE):
- For Domino 14: domino-rest-api:1.1.3-r14
- For Domino 12: domino-rest-api:1.1.3-r12
- Docker image version for docker compose .env file from Harbor:
- For Domino 14: hclcr.io/domino/restapi:1.1.3-r14
- For Domino 12: hclcr.io/domino/restapi:1.1.3-r12