Domino KEEP is REST for Domino done right

KEEP Overview

  • secure by default (each access is configured)
  • implements multiple standards
  • talks to any server, any client over http, https, http/2
  • API first design with full interactive documentation
  • low barrier to entry: runs on Domino and/or your Notes Client
  • Admin UI and Postman samples included


After you install DominoKEEP on your Notes client, it will start 3 http listeners:

Check the Quickstart guide and the Tutorial!

Accessing data with Keep

KEEP distinguishes between web access, through a browser and a desktop application and application server access, where the application presents a clientId and a clientSecret

KEEP access levels

  • Without a configuration entry, a database is not accessible through KEEP
  • When the Default is set to “Open Access” both application servers and client apps can access a database through Keep. They only need to present JWT credentials (Users can get a JWT from login with username/password)
  • A database can be locked, so only an application server (which might perform additional compute) can access it. Nevertheless valid JWT credentials are needed

What data can be accessed

  • All views can be accessed unless excluded in the database config
  • DQL queries can be enabled in the database config
  • Documents get read/written only when their form is configured in the database config
  • Configured forms can limit the fields that are readable and writable based on document properties that change over time. You effectively can prevent computed fields to be overwritten or limit participants in a workflow to update their fields only. We call that the Barbican - go read, its important

Further readings

Extending Keep

KEEP has an extensible architecture that allow to serve multiple API versions from a Domino server. The section describes how to contribute and extend KEEP. It is written for the seasoned Java developer.

Database icons

Icons made by monkik from