| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
Discuss (mail)
|
| Lines of code | 2198 |
| Technical Name |
atliis_rest_api |
| License | OPL-1 |
| Website | https://www.atliis.com/ |
| Versions | 18.0 19.0 |
| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
Discuss (mail)
|
| Lines of code | 2198 |
| Technical Name |
atliis_rest_api |
| License | OPL-1 |
| Website | https://www.atliis.com/ |
| Versions | 18.0 19.0 |
Atliis REST API
Modern REST API Framework for Odoo 18
Build secure integrations between Odoo and mobile apps, external systems, AI platforms, dashboards, and middleware using production-ready REST APIs with Swagger/OpenAPI support.
- Versioned CRUD API under
/api/v1 - Interactive Swagger documentation at
/api/docs - Built-in API keys, user profile APIs & request logs
Why Teams Use Atliis REST API
Faster Integration Delivery
Stable, predictable REST endpoints reduce development complexity for external teams and mobile developers.
Secure Authentication
Supports Odoo sessions and Bearer API keys while respecting Odoo ACL and record rules automatically.
Mobile Friendly
Optimized JSON responses with pagination, filtering, sorting, and relational expansion support.
Swagger/OpenAPI Included
Interactive API documentation available instantly
through Swagger UI at /api/docs.
Core Features
Versioned APIs
Future-ready versioning under /api/v1.
Bearer API Keys
Generate secure API keys for external integrations.
Send as Authorization: Bearer <api_key>. ACL rules are enforced
automatically.
CRUD Operations
Create, read, update, and delete records for any Odoo model using consistent endpoint patterns without custom controllers.
User Profile Endpoints
Ready-to-use profile APIs for GET /api/v1/user/me,
PUT /api/v1/user/update_profile, and
PUT /api/v1/user/update_photo with
built-in rate limiting.
Filtering & Pagination
Domain filtering, sorting, field selection, and paging support give consumers full control over data retrieval without over-fetching.
Relational Expansion
Include nested related data in a single request using the
expand query option — no extra round trips needed.
How to Use
Endpoint Snapshot
GET /api/v1/status POST /api/v1/auth POST /api/v1/auth/logout POST /api/v1/auth/change_password POST /api/v1/auth/forgot_password POST /api/v1/auth/reset_password POST /api/v1/auth/validate_reset_token POST /api/v1/auth/create_key GET /api/v1/user/me PUT /api/v1/user/update_profile PUT /api/v1/user/update_photo GET /api/v1/res.partner?limit=20&page_number=1 GET /api/v1/res.partner/45 POST /api/v1/sale.order PUT /api/v1/product.template/5 DELETE /api/v1/product.template/5 POST /api/v1/product.template/5/restore GET /api/v1/product.template/get_fields GET /api/docs
Authentication Flow
Authenticate with Odoo credentials for a session cookie, or let an administrator generate an API key and use it as a Bearer token. Both paths run through Odoo access rules.
Authentication Steps
Send your Odoo credentials to POST /api/v1/auth.
Store the authenticated session cookie returned by Odoo, or
create an API key with POST /api/v1/auth/create_key.
Use the session cookie or send
Authorization: Bearer <api_key> for protected CRUD and
metadata requests.
All responses respect the user's Odoo role and access-control rules automatically.
User Controller Endpoints
Ready-to-use profile APIs for authenticated users — ideal for mobile account settings pages and self-service profile flows. All endpoints include built-in rate limiting.
GET /api/v1/user/me
Returns current user profile details and avatar as a data URL. Rate limit: 60/min.
PUT /api/v1/user/update_profile
Updates allowed user and contact profile fields such as name, phone, language, and timezone. Rate limit: 20/min.
PUT /api/v1/user/update_photo
Updates the user's profile photo using a base64 image payload. Rate limit: 10/min.
Sample Request Payloads
# Authenticate
POST /api/v1/auth
{
"db": "your_database",
"login": "admin@example.com",
"password": "your_password"
}
# Generate API key (admin only; returned once)
POST /api/v1/auth/create_key
{
"name": "Mobile App",
"user_id": 2
}
# Update current user profile
PUT /api/v1/user/update_profile
{
"name": "John Carter",
"phone": "+1-555-0110",
"lang": "en_US",
"tz": "Asia/Calcutta"
}
# Create record
POST /api/v1/res.partner
{
"name": "Acme Trading",
"email": "ops@acme.com",
"phone": "+1-555-0199"
}
Sample Query Patterns
# Pagination and sorting
GET /api/v1/res.partner?limit=25&page_number=2&sort=name asc
# Field selection
GET /api/v1/sale.order?fields=name,state,amount_total
# Domain filtering
GET /api/v1/product.template?filter=[["sale_ok","=",true]]
# Relationship expansion
GET /api/v1/sale.order?expand=[{"field":"order_line","fields":["name","price_unit"],"limit":5}]
Query & Data Controls
Pagination
page_number,
skip, and limit parameters for predictable result
sets.
Sorting
Use the sort
parameter for stable, consistent list output across requests.
Domain Filtering
Use the filter
parameter for Odoo-style domain queries and server-side data filtering.
Field Selection
Request only the fields you
need. When omitted, responses use safe defaults such as id,
display_name, and name.
Relational Expansion
Use the expand
option to include nested related records in one request. Specify relation fields
explicitly for larger payloads.
Archived Records
Optionally include archived records where supported by the model.
Response & Error Structure
API responses are designed for predictable client integration with clear success and error formatting — helping mobile and middleware teams implement stable parsing and retry logic.
Consistent JSON Responses
Uniform format for both list and single-record responses including pagination metadata on list endpoints.
Structured Error Responses
Validation failures and server-side errors return structured JSON with HTTP status codes aligned to operation outcomes.
Security & Governance
Odoo ACL Enforcement
Access visibility follows Odoo record rules and access-control lists exactly as in the backend.
Rate Limiting
Built-in rate limiting on user endpoints protects against abusive traffic and unintended overload.
Bearer API Keys
Administrators can generate
Odoo API keys and clients can authenticate with
Authorization: Bearer <api_key>.
HTTPS Recommended
Serve all API endpoints through HTTPS in production to protect session cookies in transit.
API Logs
Request logs are stored in the backend and shown newest first for faster troubleshooting.
Typical Integration Scenarios
Mobile Sales & Service Apps
Build Flutter or React Native apps that securely interact with Odoo data in real time.
Middleware & ERP Sync
Synchronize customers, products, orders, and inventory between external systems.
Dashboards & Reporting
Power external portals and analytics dashboards using normalized JSON APIs.
AI & Automation
Connect AI systems, automation pipelines, and external workflows to Odoo securely.
Implementation Checklist
Install the module and verify GET /api/v1/status is
reachable.
Choose session-cookie authentication or generate a Bearer API key for the integration user.
Validate required ACL and model permissions for your integration users.
Start with the metadata endpoint to map fields before rolling out CRUD operations.
Enable pagination and selective fields in all high-volume requests; rely on safe defaults only for compact summaries.
Use Swagger at /api/docs and backend API logs for
endpoint verification and troubleshooting.
Frequently Asked Questions
- Designed for Odoo 18 deployments including Odoo.sh and on-premise environments.
- Yes. Generic model-driven endpoints work with both standard and custom Odoo models.
- Yes. All requests follow standard Odoo ACL and record rules automatically.
- Yes. The API supports relational data expansion using the
expandquery parameter. You can include related records directly inside the response without performing multiple API calls.
- Yes. Nested relational expansion supports up to 3 levels deep, allowing complex hierarchical data retrieval in a single request.
- Yes. Each expanded relational field can include its own filtering, sorting, pagination, and field selection rules. This helps reduce payload size and improves API performance.
- Yes. All list endpoints support
limit,page_number,skip,sort,fields, andfilter— making the API suitable for large datasets, dashboards, and mobile applications.
- Yes. The API is optimized for mobile and frontend frameworks including Flutter, React Native, Next.js, Vue.js, and Angular. Responses are JSON-based and designed for modern frontend consumption.
- Yes. The module is compatible with Odoo.sh, on-premise installations, and cloud-hosted Odoo deployments. HTTPS is recommended for all production environments.
Get In Touch
Odoo Proprietary License v1.0 This software and associated files (the "Software") may only be used (executed, modified, executed after modifications) if you have purchased a valid license from the authors, typically via Odoo Apps, or if you have received a written agreement from the authors of the Software (see the COPYRIGHT file). You may develop Odoo modules that use the Software as a library (typically by depending on it, importing it and using its resources), but without copying any source code or material from the Software. You may distribute those modules under the license of your choice, provided that this license is compatible with the terms of the Odoo Proprietary License (For example: LGPL, MIT, or proprietary licenses similar to this one). It is forbidden to publish, distribute, sublicense, or sell copies of the Software or modified copies of the Software. The above copyright notice and this permission notice must be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Please log in to comment on this module