Domino Keep, an modern API for Domino

OpenNTF organised a webinar in July 2021 showcasing Domino Keep which we had the pleasure of attending.

Many of the improvements that HCL brought to the Domino/Notes stack has “catching up”: mostly self-evident improvements from accumulated feedback from domino developers.

These improvements, though, have until now been unable to break the “yellow bubble”: Companies still needs extremely specialized developers and admins if they want to change anything or create anything in their Domino infrastructure.

Modern (and by that we mean young) developers have several frustrating hurdles to cross before they can be productive with Domino. The architecture is alien and monolithic. Having to install a Windows machine is an annoyance, but having to use the slow, Eclipse-bloated monstrosity that is Domino Designer, learning which of the many windows contain the setting you want to change is a pain.

Domino Keep tries to remedy this by presenting an external API that is familiar and follows modern standards. Thankfully HCL assigned two of the smartest Domino gurus that we know of, Paul Withers (who is famous for re-writing the lotus.domino package so that we developers could write modern Java in our Domino applications) and Stephan Wissel (whom we had the pleasure of welcoming at our last SNoUG event in 2019), to the task.


  • output data is always in JSON format
  • Domino Designer installation is not necessary! Possibly the biggest hurdle.
  • the public API is based on OpenAPI 3.0
    • This means that it comes with a fully interactive auto-documentation
    • The interface uses REST Api conventions, for instance an aclEntry is accessed with /acl/entries/{aclEntryName}
  • since all the calls are REST Calls, you can use the command line, or something like Postman, or even do complex testing with Node RED (recommended)


  • Keep keeps (pun intended) the tried-and-tested security ideas of Notes Domino and won’t let you override settings in the ACLs.
  • Keep uses the modern JWT (JSON Web Tokens) techology for its authentication and authorization – this will be familiar to modern developers.
  • Keep is secure by default, which means that without configuration (done on a configuration database, KeepConfig.nsf on your server), no access is granted.

Running Agents:

You can trigger Agents on your database with a REST call! This is a sine qua non for being able to reuse your business logic, which often is present in the form of back-end agents which perform regular updates on your document.

Not only data but design elements too:

Previous APIs allowed read/write access to data via REST, but Keep also allows you access to the design data. This means that you can create a database, create a view, create a form, with a simple REST call. In practice HCL has added a layer on top of the DXL representation of Domino design elements, which means that you are limited by DXL’s own limitations, i.e. certain details will not be able to round-trip.

This is one of the more seducing points; with an easy way to create a persistent layer for your application, you are effectively inviting modern developers to create new domino databases, not just read data from existing ones.

The ACLs are also open to modification, so you can control access with the usual Domino granularity without having to go into the Domino Administration client.


All in all we’re impressed by the implementation of Keep, it’s modern, familiar for non-notes developers, standards-compliant and is very good at completely hiding the domino-specific technology for newcomers.

This can effectively open up the pool of developers that can do work on your domino infrastructure from a couple of grizzled old hands to any new developer in your team.

As such, we would recommend you to install it prophylactically on your server so that it is already up and running.



webinar recording :

webinar slides: