> ## Documentation Index
> Fetch the complete documentation index at: https://docs.domino.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Domino endpoint security

Domino offers visibility and authorization controls for [deployed Domino endpoints](/cloud/platform-capabilities/features/model-deployment) to limit who can see and interact with your endpoints. Learn how to control access and add contributors to Domino endpoints.

## Public or private Domino endpoint

Configure your endpoint to be accessible by certain authorized users (private) or by anyone with access to your Domino deployment (public).

On the Domino endpoint page, go to **Settings** > **Access and Sharing**.

**Public**\
Anyone with access to your Domino deployment can search, discover, and view your Domino endpoint. Only collaborators can modify or deploy versions or settings.

**Private**\
Only collaborators can search, discover, and view your Domino endpoint. Only collaborators can modify or deploy versions or settings.

## Unrestricted or restricted authorization

Authorization settings specify which users can access the Domino endpoint’s prediction endpoint.

**Restricted**\
A restricted Domino endpoint only authorizes specific users with valid access tokens to request predictions. Users must send the valid token with their requests. Code examples in the endpoint’s **Overview** tab show sample requests.

Generate an endpoint access token from the Domino endpoint’s **Settings** > **Invocation** tab. Use the name field to track which tokens are issued, to whom, and for what purpose.

**Unrestricted**\
Unrestricted endpoints allow anyone who can access Domino remotely to request predictions. No access token is required.

## Invoke restricted endpoints

Restricted Domino endpoints use different authentication methods depending on the endpoint type.

### Synchronous endpoints

Use HTTP basic authentication with the username and password both set to the access token.

For example, if the token is `c2b2532ed234f54`, then the Domino endpoint must be invoked with the HTTP username `c2b2532ed234f54` and password `c2b2532ed234f54`.

### Asynchronous endpoints

Use HTTP bearer (or token) authentication with the access token.

For example, if the token is `c2b2532ed234f54`, then the Domino endpoint must be invoked with the HTTP header `Authorization: Bearer c2b2532ed234f54`.

<table>
  <thead>
    <tr>
      <th />

      <th>Public</th>
      <th>Private</th>
    </tr>
  </thead>

  <tbody>
    <tr>
      <td><p><strong>Unrestricted</strong></p></td>
      <td><ul> <li><p>Anyone with access to your Domino deployment can search, discover, and view your Domino endpoint.</p></li> <li><p>Only collaborators can modify or deploy versions or settings.</p></li> <li><p>No access token is required to request a prediction.</p></li> </ul></td>
      <td><ul> <li><p>Only collaborators can search, discover, and view your Domino endpoint.</p></li> <li><p>Only collaborators can modify or deploy versions or settings.</p></li> <li><p>No access token is required to request a prediction.</p></li> </ul></td>
    </tr>

    <tr>
      <td><p><strong>Restricted</strong></p></td>
      <td><ul> <li><p>Anyone with access to your Domino deployment can search, discover, and view your Domino endpoint.</p></li> <li><p>Only collaborators can modify or deploy versions or settings.</p></li> <li><p>An access token is required to request a prediction.</p></li> </ul></td>
      <td><ul> <li><p>Only collaborators can search, discover, and view your Domino endpoint.</p></li> <li><p>Only collaborators can modify or deploy versions or settings.</p></li> <li><p>An access token is required to request a prediction.</p></li> </ul></td>
    </tr>
  </tbody>
</table>

## Add collaborators

You can add **Domino endpoint collaborators** to view and manage specific Domino endpoints (but not the whole project). Domino endpoint collaborators can also invoke private prediction endpoints.

To add **Domino endpoint collaborators**:

1. Go to the Domino endpoint page > **Settings** > **Access and Sharing**.

2. Add new collaborators by their username or email address. You can also add organizations as collaborators and grant permissions to all members.

If you are the project owner, you can set the following access levels for collaborators:

**Viewers**\
Viewers can only view the Domino endpoint versions and logs. They cannot view settings, edit settings, or publish new versions. A viewer cannot see access tokens.

**Editors**\
Editors with collaborator access to the underlying project can deploy new versions. They can view logs, view audit history, and change most settings. They cannot invite new collaborators or change Domino endpoint visibility. An editor can see all access tokens and create new ones.

**Owners**\
Owners have all of the above permissions, and they can invite new collaborators, change the visibility, and transfer ownership. An owner can see and revoke all access tokens and create new ones.

You can also add **Project collaborators** to grant them access to Domino endpoints within a project. Project collaborators assigned the `Contributor` role can create Domino endpoints, becoming the endpoint owner with the permissions listed above. All project collaborators can list Domino endpoints in the project, but they do not have access to the endpoints unless they are the endpoint owner or explicitly granted access.

## Next steps

* [Scale model deployments](/cloud/platform-capabilities/features/model-deployment/scale) by configuring auto-scaling and resource management for high-traffic models.

* [Monitor model endpoints](/cloud/platform-capabilities/features/model-deployment/monitor-model-endpoints) to track health, performance, and logs for your deployed endpoints.
