| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
Discuss (mail)
|
| Lines of code | 2198 |
| Technical Name |
atliis_rest_api |
| License | OPL-1 |
| Website | https://www.atliis.com/ |
| Versions | 18.0 19.0 |
REST API Toolkit
Complete REST API layer for Odoo
Launch mobile apps, portals, dashboards, middleware, and AI workflows on top of Odoo data with secure REST endpoints, admin-managed API keys, per-key usage analytics, Swagger documentation, configurable request logging with bulk clear, and production-ready admin controls already included.
Production-ready REST APIs for Odoo data
Expose allowed Odoo models through clean JSON endpoints with model-level controls, bearer authentication, relational expansion, batch operations, and consistent response envelopes.
REST Core
Use CRUD endpoints for allowed models, PATCH partial updates, count routes,
batch create/update/delete, and archive/restore support.
Authentication
Support Odoo session login plus bearer API keys. Admins create, revoke, and manage keys directly from the backend — with expiry, per-key model scopes, rate limits, and a one-time visible plain key with copy and clear controls.
Admin Control
Configure model allow-lists, CRUD toggles, per-model domain restrictions, caller origins, CORS, and log retention from Odoo. View per-key usage graphs and pivot tables, and clear all logs in one action.
Developer Experience
Ship faster with Swagger UI at /api/docs, OpenAPI JSON, field metadata, nested
relational expansion, and consistent request examples.
A packaged integration layer on top of Odoo
Odoo provides powerful external APIs. REST API Toolkit adds clean REST-style routes, backend controls, Swagger documentation, request logs, and frontend-friendly JSON without building that layer from scratch.
Frontend Friendly
Pagination, sorting, field selection, filtering, relational expansion, and consistent JSON envelopes make mobile and portal work simpler.
Odoo Security First
Requests respect standard Odoo ACLs and record rules, with optional model domains and per-key model scopes for extra control.
Operational Visibility
Request logs capture method, path, user, IP, origin, API key, status, duration, and error details. The usage dashboard breaks down traffic by API key in bar graphs and pivot tables. Admins can clear all logs instantly when needed.
Configure access and start calling APIs
Enable the models you want to expose, authenticate through session login or API keys, then use versioned REST routes for reads, writes, batch operations, and metadata discovery.
Endpoint Snapshot
Authentication
Use /api/login, /api/logout, /api/me, API
key generation, password change, and password reset endpoints.
Model Routes
Call /api/v1/<model>,
/api/v1/<model>/<id>, count, archive, restore, batch,
and field metadata endpoints.
Documentation
Open interactive Swagger UI at /api/docs or fetch OpenAPI JSON from
/api/swagger.json.
Integration Ready
Use the Swagger page to inspect request bodies, response structures, authentication headers, model routes, and query parameters before connecting your client application.
Install and Enable the Module
Copy atliis_rest_api into your Odoo addons path, update the app list, install REST API Toolkit, and restart Odoo if your deployment
requires it.
The module is designed for Odoo deployments including Community, Enterprise, Odoo.sh, and on-premise environments.
Allow Models and Operations
In the REST API configuration, add the Odoo models you want to expose. Enable read, create, update, delete, archive, and restore behavior only where your integration needs it.
Add optional domain restrictions to limit exposed records, configure allowed origins for browser clients, and set log retention based on your production policy.
Authenticate the Client
Use Odoo session login for browser-style clients or issue a bearer API key for service integrations. Admins create and manage keys directly from the REST API backend menu — no external API call needed. Keys can be named, set to expire, revoked, scoped to specific models, and rate limited per minute. The generated key is shown once with a copy widget and a clear button to remove it from the database after saving.
Send bearer keys with the Authorization: Bearer <token> header. All requests
still follow Odoo user permissions and record rules.
Read and Write Odoo Records
Use GET for lists and records, POST for creates, PATCH for
partial updates, PUT for full updates, and DELETE where deletion is
allowed.
Query parameters support limit, page_number, skip,
sort, fields, filter, and expand for nested
relational data.
Use Batch, Metadata, and Logs
Use batch endpoints for grouped create, update, and delete operations. Use field metadata when building dynamic forms, dashboards, or schema-aware middleware.
Review request logs in Odoo filtered by API key, user, method, or status. The Usage Dashboard shows traffic broken down by API key in bar graphs and pivot tables. Clear all logs in one action when needed, or select individual rows to delete.
Shape API output for each client
Fetch only the data your integration needs, then expand related records when the client needs richer nested JSON.
Pagination and Sorting
Use limit, page_number, skip, and
sort for list screens and large datasets.
Field Selection
Use fields to return only the columns required by a mobile
app, portal page, or integration job.
Relational Expansion
Use expand to include related records directly in the
response, including nested expansion up to 4 levels deep.
Binary Output
Use optional binary data URL output when frontend clients need image or attachment data in a directly consumable format.
Common questions
Which Odoo versions are supported?
The module is designed for Odoo deployments including Odoo.sh and on-premise environments.
Does it support custom models?
Yes. Generic model-driven endpoints work with both standard and custom Odoo models after those models are allowed in the REST API configuration.
Does it enforce Odoo ACL permissions?
Yes. API requests follow standard Odoo ACL and record rules automatically, with optional model domains and API key scopes for added control. Admins can create, revoke, and delete keys directly from the backend, and view per-key usage analytics in the Usage Dashboard. After creating a key, the generated value is stored temporarily so admins can copy it — use the Clear Key button to remove it from the database once copied. The key field is only accessible to users with System Administrator rights.
Does the API support relational data expansion?
Yes. Use the expand query parameter to include related records directly
inside the response without performing multiple API calls.
Can relational expansion go multiple levels deep?
Yes. Nested relational expansion supports up to 4 levels deep for hierarchical data retrieval in a single request.
Can I apply filters inside relational expansion?
Yes. Each expanded relational field can include filtering, sorting, pagination, and field selection rules to reduce payload size and improve performance.
Does the API support pagination and field selection?
Yes. List endpoints support limit, page_number,
skip, sort, fields, and filter.
Can the API be used with Flutter or React Native apps?
Yes. Responses are JSON-based and suitable for Flutter, React Native, Next.js, Vue.js, Angular, and other modern frontend clients.
Does the API work on Odoo.sh and cloud deployments?
Yes. The module is compatible with Odoo.sh, on-premise installations, and cloud-hosted Odoo deployments. HTTPS is recommended for production.
How does rate limiting work in multi-worker deployments?
The built-in rate limiter is per Odoo worker process. In multi-worker deployments, the effective limit is the configured limit multiplied by worker count. For strict global limits, enforce rate limiting at the reverse-proxy or edge layer. Per-key usage is tracked in the request log and visible in the Usage Dashboard grouped by API key.
Get in touch with us
| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
Discuss (mail)
|
| Lines of code | 2198 |
| Technical Name |
atliis_rest_api |
| License | OPL-1 |
| Website | https://www.atliis.com/ |
Odoo Proprietary License v1.0 This software and associated files (the "Software") may only be used (executed, modified, executed after modifications) if you have purchased a valid license from the authors, typically via Odoo Apps, or if you have received a written agreement from the authors of the Software (see the COPYRIGHT file). You may develop Odoo modules that use the Software as a library (typically by depending on it, importing it and using its resources), but without copying any source code or material from the Software. You may distribute those modules under the license of your choice, provided that this license is compatible with the terms of the Odoo Proprietary License (For example: LGPL, MIT, or proprietary licenses similar to this one). It is forbidden to publish, distribute, sublicense, or sell copies of the Software or modified copies of the Software. The above copyright notice and this permission notice must be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Please log in to comment on this module