MCP Server for Odoo
Connect compatible AI clients to Odoo through the Model Context Protocol while preserving native users, access rights, record rules, field security and multi-company boundaries.
AI integration without permission duplication
Your Odoo permissions remain the source of truth
The MCP key identifies an existing Odoo user. Every operation is executed inside that user's real Odoo environment, without introducing a second business permission engine.
Native security
ACLs, record rules, field groups, ORM constraints and business validations remain fully effective.
Multi-company aware
Each request runs inside a validated company context selected from the user's allowed companies.
Audited by design
Tool calls, validation failures, permission denials, protocol activity and high-risk operations are recorded.
Simple onboarding
Start in four steps
No model policy, field policy or custom handler configuration is required.
Install the module
Install the package that matches your Odoo release. The /mcp endpoint and administration menus become available automatically.
Create your key
Each user creates and manages a personal MCP access key.
Copy the configuration
The full secret is shown once with ready-to-use client configuration.
Ask your AI client
Query and operate Odoo according to the authenticated user's permissions.
Universal Odoo capabilities
One MCP server, ten reusable tools
Generic tools are used instead of hard-coding one tool for every Odoo application. Newly installed business models can be discovered and used through the same interface, subject to Odoo access rights.
- ✓ Discover accessible models and field metadata
- ✓ Search, read, create, update and delete records
- ✓ Count, group and aggregate business data
- ✓ Discover executable record actions
- ✓ Execute validated actions through short-lived tickets
list_modelsDiscover accessible Odoo models
describe_modelInspect model field metadata
search_recordsSearch records with Odoo domains
get_recordsRead records by ID
create_recordsCreate one or more records
update_recordsUpdate allowed records and fields
delete_recordsDelete records when permitted
aggregate_recordsGroup, count and summarize data
list_record_actionsDiscover executable record buttons
execute_record_actionRun a confirmed action ticket
Operational visibility
A dashboard for administrators and users
Monitor service activity, active keys, tool usage, errors, protocol probes and sensitive operations.
Security architecture
Designed for controlled AI operations
Odoo controls business access while the MCP layer adds transport, validation and audit safeguards.
User-bound Bearer keys
The database stores a prefix and secure hash. The complete key is displayed only once.
No business-data sudo
CRUD and actions use the authenticated user's Odoo environment.
Opaque action tickets
Clients execute discovered actions without submitting arbitrary Python method names.
Transactional writes
Failed write operations are rolled back while failure details remain auditable.
Configurable limits
Control query size, batch writes, request size, response size and timeouts.
Structured validation
Tool inputs are checked against explicit schemas before business logic runs.
Human-readable audit trail
Understand what the AI actually did
Audit entries include user, client, company, tool, model, result, duration and a safe activity summary.
- ✓ Client name and version linked through MCP sessions
- ✓ Safe summaries instead of raw secrets
- ✓ Clear result categories for troubleshooting
- ✓ User and administrator visibility scopes
Administrator controls
Control service safety and capacity
Settings focus on MCP limits and retention. Business permissions remain in standard Odoo security.
Connection guide
Configure your MCP key once, then connect your preferred client
The connection page in Odoo provides the endpoint and personal MCP key. Use the same endpoint from any compatible client that supports MCP Streamable HTTP and Bearer authentication.
Connection values
Endpoint: https://your-odoo.example.com/mcp
Header: Authorization: Bearer <YOUR_MCP_KEY>
Transport: Streamable HTTP
A domain name is not required. Localhost, a private IP address or a domain can be used when the client can reach the Odoo server.
Key handling
- Create a personal key from My AI Connection.
- Copy the complete key when it is displayed. The full secret is shown only once.
- Prefer environment variables or a client's secure secret storage.
- Do not commit keys to Git or share configuration files containing a real key.
- Revoke the key immediately when it is exposed or no longer needed.
Operating system setup
Store the MCP key as an environment variable
The examples below use ODOO_MCP_KEY as the environment variable name.
Save the key for the current Windows user:
[Environment]::SetEnvironmentVariable(
"ODOO_MCP_KEY",
"YOUR_MCP_KEY",
"User"
)
Close and reopen the terminal and AI client, then verify without printing the secret:
[bool]$env:ODOO_MCP_KEY
For the default macOS Z shell:
echo 'export ODOO_MCP_KEY="YOUR_MCP_KEY"' >> ~/.zshrc
source ~/.zshrc
Verify without printing the secret:
test -n "$ODOO_MCP_KEY" && echo "MCP key is set"
Bash users can place the export in ~/.bashrc. GUI applications may not inherit shell variables; use the client's MCP settings or secure secret storage when required.
Client configuration
Ready-to-use examples for popular MCP clients
Replace https://your-odoo.example.com/mcp with the endpoint shown by Odoo. Client interfaces and configuration formats may change between releases.
OpenAI Codex
Add the following to ~/.codex/config.toml. On Windows, the file is normally under %USERPROFILE%\.codex\config.toml.
[mcp_servers.odoo]
url = "https://your-odoo.example.com/mcp"
bearer_token_env_var = "ODOO_MCP_KEY"
enabled = true
Verify: run codex mcp list, start Codex, then use /mcp.
Claude Code
Create a project-level .mcp.json, or use the same server definition in your user configuration:
{
"mcpServers": {
"odoo": {
"type": "http",
"url": "https://your-odoo.example.com/mcp",
"headers": {
"Authorization": "Bearer ${ODOO_MCP_KEY}"
}
}
}
}
Verify: run claude mcp list, start Claude Code, then use /mcp.
Cursor
Open Settings → Tools & MCP and add a remote MCP server, or place a configuration file at .cursor/mcp.json for the project.
{
"mcpServers": {
"odoo": {
"url": "https://your-odoo.example.com/mcp",
"headers": {
"Authorization": "Bearer YOUR_MCP_KEY"
}
}
}
}
Cline
Open Cline's MCP Servers page and add a remote Streamable HTTP server, or add the following entry to the Cline MCP configuration:
{
"mcpServers": {
"odoo": {
"type": "streamableHttp",
"url": "https://your-odoo.example.com/mcp",
"headers": {
"Authorization": "Bearer YOUR_MCP_KEY"
},
"disabled": false,
"autoApprove": []
}
}
}
Cline can use different model providers, including providers such as DeepSeek. MCP compatibility is supplied by the client, not by the selected language model.
ChatGPT
Direct ChatGPT app or plugin integration requires a publicly reachable HTTPS MCP endpoint and a ChatGPT-compatible authentication flow. A static Bearer key alone may not be configurable in the ChatGPT user interface.
Other MCP clients
Use the generic connection values when the client supports remote Streamable HTTP and custom Bearer authentication:
URL: https://your-odoo.example.com/mcp
Authorization: Bearer YOUR_MCP_KEY
Connection test
Start with a read-only request
After the client discovers the tools, try one of these prompts.
Recent records
"Use the Odoo MCP server to list the five most recent sales orders. Read only; do not modify data."
Business summary
"Summarize my sales orders by status and currency, including the order count and total amount."
Permission check
"Show which companies and sales orders I can access. Do not create, update or delete anything."
Technical information
Version-specific packages for supported Odoo releases
| Product name | MCP Server for Odoo |
|---|---|
| Technical name | x2_mcp_server_for_odoo |
| Odoo release | Install the package published for your Odoo version |
| MCP endpoint | /mcp |
| Transport | MCP Streamable HTTP with JSON-RPC |
| Authentication | User-bound Bearer MCP key |
| Dependencies | base, web |
| License | OPL-1 — Odoo Proprietary License v1.0 |
| Publisher | X2Soft |
Example use cases
Ask business questions in natural language
Sales analysis
"Summarize my sales orders by status and currency, including order count and total amount."
Operational lookup
"Show the five most recent vendor bills I am allowed to access."
Controlled business action
"Find the available actions for this quotation and confirm the selected action."
Turn Odoo into a secure business context for AI
Give compatible AI clients structured access to Odoo while keeping users, companies, permissions, validations and accountability inside Odoo.
| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Lines of code | 3481 |
| Technical Name |
x2_mcp_server_for_odoo |
| License | OPL-1 |
| Website | https://www.x2soft.cn |
Odoo Proprietary License v1.0 This software and associated files (the "Software") may only be used (executed, modified, executed after modifications) if you have purchased a valid license from the authors, typically via Odoo Apps, or if you have received a written agreement from the authors of the Software (see the COPYRIGHT file). You may develop Odoo modules that use the Software as a library (typically by depending on it, importing it and using its resources), but without copying any source code or material from the Software. You may distribute those modules under the license of your choice, provided that this license is compatible with the terms of the Odoo Proprietary License (For example: LGPL, MIT, or proprietary licenses similar to this one). It is forbidden to publish, distribute, sublicense, or sell copies of the Software or modified copies of the Software. The above copyright notice and this permission notice must be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Please log in to comment on this module