Secure REST API Management for Odoo
by Preflows https://minhng.info , Minh Nguyen https://minhng.info$ 93.81
| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Lines of code | 4481 |
| Technical Name |
secure_api |
| License | OPL-1 |
| Website | https://minhng.info |
| Versions | 14.0 15.0 16.0 17.0 18.0 |
Secure API
Transform Odoo into an API powerhouse: secure REST endpoints, OAuth2.0 protection, and Postman-ready exports - without the usual setup headaches.
The Ultimate API-First Solution for Odoo
Secure API revolutionizes your Odoo backend by making it truly API-first and integration-ready. Empower your business with seamless, secure, and flexible API management - directly inside Odoo, with no external dependencies.
API Customization & Data Security
Secure API stands out from other API solutions by offering granular control over every aspect of your data exposure. Unlike standard API implementations that provide limited configuration options, our module empowers you to:
- Precisely define data boundaries - Control exactly which fields are accessible, searchable, and exposed in responses
- Implement multi-layered security - From ID obfuscation to user-based execution contexts and authentication methods
- Optimize for your specific use cases - Configure binary data handling, bulk operations, and related model field extraction
This level of customization ensures your APIs follow security best practices while delivering exactly the data your integrations need - no more, no less. Perfect for organizations with strict data governance requirements or complex integration scenarios.
Enable/disable the API instantly
Powerful Features
Discover how Secure API transforms your Odoo experience with these powerful capabilities:
Native Integration
Manage APIs directly from Odoo without installing extra modules. Zero external dependencies ensures maximum compatibility and security.
RESTful API Support
Expose RESTful APIs and RPC endpoints with fine-grained access control, supporting both test mode and public/private configurations. All API responses are returned in JSON format.
Advanced Security
Obfuscate sensitive IDs using Hashids to protect your data structure and limit exposed fields to minimize data leakage.
API Analytics
Monitor total requests, successful/failed requests, and success rates per endpoint for API health tracking and debugging.
Postman Compatibility
Effortlessly export your API definitions for rapid documentation, testing and collaboration.
OAuth2 Integration
Manage OAuth2 clients with automatic ID and secret generation, controlling access at the API and scope level for third-party applications.
Test Mode
Safely integrate APIs and client applications in test mode without affecting production data before publishing to the world.
Built-in API Testing
Test your APIs directly from the Odoo interface with a one-click solution. Configure parameters, view responses, and debug without external tools.
Bulk Operations
Perform massive CRUD operations on multiple records in a single request call, improving efficiency and reducing network overhead.
Comprehensive Capabilities
Usage
API Configuration
Screenshot of API configuration interface
The API configuration interface allows you to create and manage APIs for your Odoo instance. You can configure the API name, model, and other parameters. Important Configuration Fields:
- API Name: Give your API a meaningful name that reflects its purpose.
- Route: Define the URL endpoint for your API. This is the path that clients will use to access your API.
- API Mode: Choose between Test Mode (sandbox environment where no real data is affected) and Production Mode for live operations.
- Type: Select the API type (REST API, RPC, etc.) that defines how clients interact with your API.
- Applied on Models: Specify which Odoo models the API will work with. Supports multiple models for versatile APIs.
- Authentication: Configure how clients authenticate with your API (Public or User session-based).
- Usage Statistics: Enable tracking of API usage metrics to monitor performance and usage patterns.
- Client Apps: Connect client applications that are authorized to use this API.
- Id Obfuscation: Obfuscate IDs by encoding them, preventing direct record ID exposure.
- Run as User: Specify which user account will execute the API logic, controlling access rights and permissions.
- Support Bulk Operation: Enable creating, reading, updating, or deleting multiple records in a single API request.
- Binary Field Return: Choose how binary data is returned - as Base64 encoded strings or as URLs to access the content.
- Allowed Fields: Control which fields can be accessed - either all fields or only specific fields you define.
- Fields on Search: Limit which fields can be used in search queries (subset of Exposed Fields).
- Exposed Fields: Define which fields are returned in API responses.
- Fields on Related Models: Extract and include fields from related objects (many2one, many2many, one2many relations).
After publishing the API, you'll see a list of all active endpoints as shown below. For enhanced security and better control, you can selectively deactivate any unused endpoints that aren't required for your implementation, limiting the API's surface area to only what's necessary.
Screenshot of active endpoints
User session-based authentication
API configured with user session-based authentication, we have to authenticate with Odoo's built-in session API and make subsequent API calls. The code establishes a session, authenticates with your credentials, and then uses the authenticated session to retrieve partner data. The response includes the user ID, session ID, and the API response containing partner records with their details such as name, email, and image URL.
API configured with public authentication, we don't need to login to use the API. We can directly call the API.
In order to login with API Keys, publish API "Authentication with API Keys" and create "New API Key" in user "Preferences" menu (ref: https://www.odoo.com/documentation/14.0/developer/reference/external_api.html)
# 1. Authenticate with Odoo's built-in session API
curl -X POST -H "Content-Type: application/json" -c cookies.txt \
-d '{"jsonrpc": "2.0", "params": {"db": "YOUR_DATABASE", "login": "USER@EXAMPLE.COM", "password": "YOUR_USER_PASSWORD"}}' \
https://your-odoo-instance.com/web/session/authenticate
# From Odoo 14, Odoo has support for api keys (https://www.odoo.com/documentation/14.0/developer/reference/external_api.html)
curl -X POST -H "Content-Type: application/json" -c cookies.txt \
-d '{"db": "YOUR_DATABASE", "login": "USER@EXAMPLE.COM", "password": "87a7606b6d3b6c31bd5512e7d6d6768350af437b"}' \
https://your-odoo-instance.com/api/key/authenticate
# 2. Use the session cookie to make an API request
curl -X GET -H "Content-Type: application/json" -b cookies.txt \
https://your-odoo-instance.com/api/partner/rest
or Python script test_user_auth.py
# User Authentication with Odoo's built-in session API
import requests
# Setup and authenticate
session = requests.Session()
base_url = "https://your-odoo-instance.com"
auth_resp = session.post(
f"{base_url}/web/session/authenticate",
json={
"jsonrpc": "2.0",
"params": {
"db": "YOUR_DATABASE",
"login": "USER@EXAMPLE.COM",
"password": "YOUR_USER_PASSWORD"
}
}
).json()
auth_with_key_resp = session.post(
f"{base_url}/api/key/authenticate",
json={
"db": "YOUR_DATABASE",
"login": "USER@EXAMPLE.COM",
"password": "87a7606b6d3b6c31bd5512e7d6d6768350af437b" # replace with your api key
}
).json()
# Process response
if 'result' in auth_resp:
print(f"Authentication successful! User ID: {auth_resp['result']['uid']}"
f"\nSession ID: {session.cookies.get('session_id')}"
f"\nAPI Response: {session.get(f'{base_url}/api/partner/rest', headers={'Content-Type': 'application/json'}).json()}"
)
else:
print(f"Authentication failed! {auth_resp.get('error', {}).get('data', {}).get('message', 'Unknown error')}")
if 'result' in auth_with_key_resp:
print(f"Authentication successful! User ID: {auth_with_key_resp['result']['uid']}"
f"\nSession ID: {session.cookies.get('session_id')}"
f"\nAPI Response: {session.get(f'{base_url}/api/partner/rest', headers={'Content-Type': 'application/json'}).json()}"
)
else:
print(f"Authentication failed! {auth_with_key_resp.get('error', {}).get('data', {}).get('message', 'Unknown error')}")
Response:
Authentication successful! User ID: 2
Session ID: f5c3ab3d0ce7bd3801709e84274d5a24caa3779a
API Response: {
'jsonrpc': '2.0',
'id': None,
'result': {
'length': 36,
'records': [{
'id': '8blEP',
'email': 'azure.Interior24@example.com',
'image_128': '/api/image/2/res.partner/8blEP/image_128',
'name': 'Azure Interior'
}, ...]
}
}
CRUD Operations
The API supports standard CRUD (Create, Read, Update, Delete) operations for managing resources. These operations follow RESTful principles with appropriate HTTP methods: POST for creating resources, GET for retrieving data, PATCH for updating records, and DELETE for removing resources. The examples below demonstrate how to perform these operations on partner records using curl commands with proper authentication. Each request returns a JSON response containing the operation result.
test_crud.sh
#!/bin/bash
# Authenticate
curl -X POST -H "Content-Type: application/json" -c cookies.txt \
-d '{"jsonrpc": "2.0", "params": {"db": "YOUR_DATABASE", "login": "USER@EXAMPLE.COM", "password": "YOUR_USER_PASSWORD"}}' \
https://your-odoo-instance.com/web/session/authenticate
# Search
curl -s -X GET -H "Content-Type: application/json" -b cookies.txt \
-d "domain=[(\"id\",\">\",0)]&limit=5â´=id" \
"https://your-odoo-instance.com/api/partner/rest"
# Create
curl -s -X POST -H "Content-Type: application/json" -b cookies.txt \
-d '{"name": "Test Partner (CRUD Demo Bash)"}' \
"https://your-odoo-instance.com/api/partner/rest"
# Read
curl -s -X GET -H "Content-Type: application/json" -b cookies.txt \
"https://your-odoo-instance.com/api/partner/rest/NnRZn"
# Update
curl -s -X PATCH -H "Content-Type: application/json" -b cookies.txt \
-d '{"name": "Test Partner (CRUD Demo Bash) (Updated)"}' \
"https://your-odoo-instance.com/api/partner/rest/NnRZn"
# Delete
curl -s -X DELETE -H "Content-Type: application/json" -b cookies.txt \
"https://your-odoo-instance.com/api/partner/rest/NnRZn"
Response:
// SEARCH Response:
{
"jsonrpc": "2.0",
"id": null,
"result": {
"length": 36,
"records": [
{
"id": "NnRZn",
"email": "brandon.freeman55@example.com",
"image_128": "/api/image/2/res.partner/NnRZn/image_128",
"name": "Brandon Freeman"
},
...
]
}
}
// CREATE Response:
{
"jsonrpc": "2.0",
"id": null,
"result": {
"id": "P2y3b",
"company_id": [],
"email": "",
"image_1024": "",
"image_128": "",
"name": "Test Partner (CRUD Demo Bash)",
"phone": ""
}
}
// READ Response:
{
"jsonrpc": "2.0",
"id": null,
"result": {
"id": "8blEP",
"company_id": [],
"email": "azure.Interior24@example.com",
"image_1024": "/api/image/2/res.partner/8blEP/image_1024",
"image_128": "/api/image/2/res.partner/8blEP/image_128",
"name": "Azure Interior",
"phone": "(870)-931-0505"
}
}
// UPDATE Response:
{
"jsonrpc": "2.0",
"id": null,
"result": {
"id": "8blEP",
"company_id": [],
"email": "azure.Interior24@example.com",
"image_1024": "/api/image/2/res.partner/8blEP/image_1024",
"image_128": "/api/image/2/res.partner/8blEP/image_128",
"name": "Test Partner (CRUD Demo Bash) (Updated)",
"phone": "(870)-931-0505"
}
}
// DELETE Response:
{
"jsonrpc": "2.0",
"id": null,
"result": [
"NnRZn"
]
}
Bulk Operations
For improved efficiency when working with multiple records, the API supports bulk operations that allow you to create, read, update, or delete multiple resources in a single request. Bulk operations significantly reduce network overhead and processing time when dealing with large datasets. The API supports two formats for bulk updates: an array of objects with individual values for each record, or a single object with common values applied to multiple IDs. Similarly, bulk deletions can be performed using either an array of IDs or an object with an 'ids' field.
test_bulk.sh
#!/bin/bash
# Bulk API Operations with Odoo
# Authenticate
echo "Authenticating with Odoo..."
curl -X POST -H "Content-Type: application/json" -c cookies.txt \
-d '{"jsonrpc": "2.0", "params": {"db": "YOUR_DATABASE", "login": "USER@EXAMPLE.COM", "password": "YOUR_USER_PASSWORD"}}' \
https://your-odoo-instance.com/web/session/authenticate
echo -e "\n\n----- BULK OPERATIONS -----\n"
# 1. CREATE - POST multiple partners at once
echo "1. BULK CREATE OPERATION"
curl -s -X POST -H "Content-Type: application/json" -b cookies.txt \
-d '[{"name": "Peter (Bulk)"}, {"name": "Mitchell (Bulk)"}]' \
"https://your-odoo-instance.com/api/partner/rest" | jq .
echo -e "\n----- -----\n"
# 2. READ - GET multiple partners by IDs
echo "2. BULK READ OPERATION"
curl -s -X GET -H "Content-Type: application/json" -b cookies.txt \
"https://your-odoo-instance.com/api/partner/rest/bulk?ids=yn7rP,dP4Kb,1kVmn" | jq .
echo -e "\n----- -----\n"
# 3. UPDATE - PATCH multiple partners with different values
echo "3. BULK UPDATE OPERATION (Array of objects)"
curl -s -X PATCH -H "Content-Type: application/json" -b cookies.txt \
-d '[{"id": "yn7rP", "name": "YourCompany (Bulk Update)"}, {"id": "dP4Kb", "name": "Mitchell Admin (Bulk Update)"}]' \
"https://your-odoo-instance.com/api/partner/rest" | jq .
echo -e "\n----- -----\n"
# 4. UPDATE - PATCH multiple partners with same values
echo "4. BULK UPDATE OPERATION (Common values for multiple IDs)"
curl -s -X PATCH -H "Content-Type: application/json" -b cookies.txt \
-d '{"ids": ["yn7rP", "dP4Kb"], "name": "Bulk Updated Name"}' \
"https://your-odoo-instance.com/api/partner/rest" | jq .
echo -e "\n----- -----\n"
# 5. DELETE - DELETE multiple partners (array of IDs)
echo "5. BULK DELETE OPERATION (Array of IDs)"
curl -s -X DELETE -H "Content-Type: application/json" -b cookies.txt \
-d '["NnRZn", "8n5zk"]' \
"https://your-odoo-instance.com/api/partner/rest" | jq .
echo -e "\n----- -----\n"
# 6. DELETE - DELETE multiple partners (object with ids field)
echo "6. BULK DELETE OPERATION (Object with ids field)"
curl -s -X DELETE -H "Content-Type: application/json" -b cookies.txt \
-d '{"ids": ["NnRZn", "8n5zk"]}' \
"https://your-odoo-instance.com/api/partner/rest" | jq .
echo -e "\n----- -----\n"
# Clean up
rm -f cookies.txt
echo "Script completed."
Response:
----- BULK OPERATIONS -----
1. BULK CREATE OPERATION
{
"jsonrpc": "2.0",
"id": null,
"result": [
{
"id": "bNwaP",
"company_id": [],
"email": "",
"image_1024": "",
"image_128": "",
"name": "Peter (Bulk)",
"phone": ""
},
{
"id": "PrvQP",
"company_id": [],
"email": "",
"image_1024": "",
"image_128": "",
"name": "Mitchell (Bulk)",
"phone": ""
}
]
}
----- -----
2. BULK READ OPERATION
{
"jsonrpc": "2.0",
"id": null,
"result": [
{
"id": "yn7rP",
"company_id": [],
"email": "info@yourcompany.com",
"image_1024": "/api/image/2/res.partner/yn7rP/image_1024",
"image_128": "/api/image/2/res.partner/yn7rP/image_128",
"name": "YourCompany",
"phone": "+1 (650) 555-0111 "
},
{
"id": "dP4Kb",
"company_id": [
"yn7rP",
{
"id": "yn7rP",
"logo": "/api/image/2/res.company/yn7rP/logo",
"name": "YourCompany"
}
],
"email": "admin@yourcompany.example.com",
"image_1024": "/api/image/2/res.partner/dP4Kb/image_1024",
"image_128": "/api/image/2/res.partner/dP4Kb/image_128",
"name": "Mitchell Admin",
"phone": "+1 555-555-5555"
},
{
"id": "1kVmn",
"company_id": [
"yn7rP",
{
"id": "yn7rP",
"logo": "/api/image/2/res.company/yn7rP/logo",
"name": "YourCompany"
}
],
"email": "mark.brown23@example.com",
"image_1024": "/api/image/2/res.partner/1kVmn/image_1024",
"image_128": "/api/image/2/res.partner/1kVmn/image_128",
"name": "Marc Demo",
"phone": "(441)-695-2334"
}
]
}
----- -----
3. BULK UPDATE OPERATION (Array of objects)
{
"jsonrpc": "2.0",
"id": null,
"result": [
{
"id": "yn7rP",
"company_id": [],
"email": "info@yourcompany.com",
"image_1024": "/api/image/2/res.partner/yn7rP/image_1024",
"image_128": "/api/image/2/res.partner/yn7rP/image_128",
"name": "YourCompany (Bulk Update)",
"phone": "+1 (650) 555-0111 "
},
{
"id": "dP4Kb",
"company_id": [
"yn7rP",
{
"id": "yn7rP",
"logo": "/api/image/2/res.company/yn7rP/logo",
"name": "YourCompany (Bulk Update)"
}
],
"email": "admin@yourcompany.example.com",
"image_1024": "/api/image/2/res.partner/dP4Kb/image_1024",
"image_128": "/api/image/2/res.partner/dP4Kb/image_128",
"name": "Mitchell Admin (Bulk Update)",
"phone": "+1 555-555-5555"
}
]
}
----- -----
4. BULK UPDATE OPERATION (Common values for multiple IDs)
{
"jsonrpc": "2.0",
"id": null,
"result": [
{
"id": "yn7rP",
"company_id": [],
"email": "info@yourcompany.com",
"image_1024": "/api/image/2/res.partner/yn7rP/image_1024",
"image_128": "/api/image/2/res.partner/yn7rP/image_128",
"name": "Bulk Updated Name",
"phone": "+1 (650) 555-0111 "
},
{
"id": "dP4Kb",
"company_id": [
"yn7rP",
{
"id": "yn7rP",
"logo": "/api/image/2/res.company/yn7rP/logo",
"name": "Bulk Updated Name"
}
],
"email": "admin@yourcompany.example.com",
"image_1024": "/api/image/2/res.partner/dP4Kb/image_1024",
"image_128": "/api/image/2/res.partner/dP4Kb/image_128",
"name": "Bulk Updated Name",
"phone": "+1 555-555-5555"
}
]
}
----- -----
5. BULK DELETE OPERATION (Array of IDs)
{
"jsonrpc": "2.0",
"id": null,
"result": [
"NnRZn",
"8n5zk"
]
}
----- -----
6. BULK DELETE OPERATION (Object with ids field)
{
"jsonrpc": "2.0",
"id": null,
"result": [
"NnRZn",
"8n5zk"
]
}
----- -----
Script completed.
RPC API
The RPC API feature allows you to expose any Odoo model method as a REST endpoint. This example demonstrates how to extend the res.company model with a custom method and expose it through a public API. The method returns a formatted company name with phone number and supports optional parameters like uppercase formatting.
res_company.py
from odoo import models, fields, api
class Company(models.Model):
_inherit = 'res.company'
def get_company_name_with_phone(self, is_uppercase=False):
name = self.name
if is_uppercase:
name = name.upper()
return f"{name} ({self.phone})" if self.phone else name
Then create API with the following attributes:
- Name: Get company name with phone
- Route: /api/company/rpc
- Mode: Production Mode
- Type: Call a Method in Class (RPC)
- Applied on One Model: Companies (res.company)
- Authentication: Public
- HTTP Methods: POST
- Method: get_company_name_with_phone
test_rpc_api.sh
#!/bin/bash
# Call RPC API to get company name with phone
curl -s -X POST -H "Content-Type: application/json" \
-d '{"is_uppercase": true}' \
"https://your-odoo-instance.com/api/company/rpc/1"
Response:
{
"jsonrpc": "2.0",
"id": null,
"result": "YOURCOMPANY (+1 (650) 555-0111 )"
}
OAuth 2.0 Authentication for Client Applications
Create new client application, then define the allowed APIs.
Create new client application
Using cURL to obtain an OAuth2 token
# Replace "client_id" and "client_secret" with your actual credentials
curl -X POST -F client_id=e4042a40-db8f-4d -F client_secret=QXjjpmVLOYI5iXLaFVN0q8boWnea_W4D \
https://your-odoo-instance.com/api/oauth2/token
A then using the token to access an API endpoint
# Replace Bearer "ACCESS_TOKEN" with the token received from the previous request
curl -X GET -H "Content-Type: application/json" \
-H "Authorization: Bearer q88Oj31Vc9OnpT85X7CjIsHpI4BI36L4Hfv_Nr4vF0nb4HLVHIJlwma2FWeHGJecN-tJ6Ge3ES5N40KKJDvQww" \
https://your-odoo-instance.com/api/partner/rest
or Python script test_oauth2.py
#!/usr/bin/env python3
# pip install requests-oauthlib
from oauthlib.oauth2 import BackendApplicationClient
from requests_oauthlib import OAuth2Session
import json
# OAuth2 credentials
client_id = '0429330b-6b14-41'
client_secret = 'UThVfc_Eh6GD_nw6n7x-Zxuw_XTCYCUh'
token_url = 'https://your-odoo-instance.com/api/oauth2/token'
api_url = 'https://your-odoo-instance.com/api/partner/rest'
# Create OAuth2 session
client = BackendApplicationClient(client_id=client_id)
oauth = OAuth2Session(client=client)
# Get token
print('Fetching OAuth2 token...')
try:
token = oauth.fetch_token(
token_url=token_url,
client_id=client_id,
client_secret=client_secret,
include_client_id=True
)
print(f"Access token obtained: {token['access_token']}")
# Make API request
print('\nCalling API endpoint...')
headers = {'Content-Type': 'application/json'}
response = oauth.get(api_url, headers=headers)
# Print response
print(f"Status code: {response.status_code}")
print("Response:")
print(json.dumps(response.json(), indent=2))
except Exception as e:
print(f"Error: {e}")
Response:
// Token Response:
{
"access_token": "q88Oj31Vc9OnpT85X7CjIsHpI4BI36L4Hfv_Nr4vF0nb4HLVHIJlwma2FWeHGJecN-tJ6Ge3ES5N40KKJDvQww",
"token_type": "Bearer",
"expires_in": 1800,
"scope": "create read update delete search rpc"
}
// API Response:
{
"jsonrpc": "2.0",
"id": null,
"result": [
{
"id": "8blEP",
"email": "azure.Interior24@example.com",
"image_128": "/web/image/res.partner/14/image_128",
"name": "Azure Interior"
},
{
"id": "NnRZn",
"email": "brandon.freeman55@example.com",
"image_128": "/web/image/res.partner/26/image_128",
"name": "Brandon Freeman"
}, ...
]
}
Error Handling
It's important to understand how to properly handle different types of responses. Error handling in the API follows two main patterns: HTTP status codes and JSON response structure. A successful request will return a 200 status code with a "result" key in the response data, while errors can manifest either as non-200 HTTP status codes or as 200 responses containing an "error" key instead of a "result" key.
| Response Type | HTTP Status | Response Structure | How to Handle |
|---|---|---|---|
| Successful Response | 200 OK | Contains "result" key with requested data | Process the data in the "result" object |
| Application Error | 200 OK | Contains "error" key with error details | Check for "error" key before processing and handle the error message |
| HTTP Error | 4xx or 5xx | May contain error details in response body | Handle based on status code (401 for authentication, 403 for permissions, 404 for not found, etc.) |
How It Works
1. Install & Configure
Download, place the addon in the Odoo addons directory, and restart Odoo. Turn on Debug mode and Update Apps List. Install Secure API from the Odoo Apps menu and navigate to Settings > Secure API to configure your global preferences (if needed).
2. Create API Endpoints
Define your API endpoints with custom routes, methods, and security settings. Choose which fields to expose, set access controls and publish API.
3. Set Up OAuth2 (Optional)
Configure OAuth2 clients and scopes for third-party applications that need to access your APIs securely.
4. Test, Deploy & Monitor
Use the built-in test mode to validate your APIs or export to Postman for comprehensive testing before going live. Track API usage and debug failed requests with API Analytics.
What Our Users Say
Secure API has transformed how we integrate our Odoo instance with our e-commerce platform. The OAuth2 implementation is robust, and the analytics help us monitor and optimize our API usage. Our order synchronization is now seamless and secure!
As a mobile developer, Secure API made it incredibly easy to connect our iOS and Android apps to our company's Odoo system. The authentication is straightforward, response times are fast, and the documentation made implementation a breeze.
We developed a custom client application that integrates with multiple Odoo instances for our customers. Secure API provided consistent endpoints and excellent security controls that simplified our development process and saved integration time.
FAQs
Here are answers to commonly asked questions about Secure API:
Secure API implements multiple layers of protection including:
- Granular field-level access control
- Record ID obfuscation to prevent enumeration attacks
- Configurable CORS settings to control cross-origin requests
- Comprehensive audit logging of all API access (with Analytics)
- Test mode for safe development without affecting production data
Yes, Secure API allows you to expose any Odoo model through REST endpoints. You have complete control over which models are exposed, what fields are accessible, and what operations (create, read, update, delete) are permitted. The module provides an intuitive interface for configuring these settings without requiring development skills.
Secure API offers many authentication options including:
All API responses are returned in JSON format, making it easy to integrate with any client application. The authentication methods include:
- Public endpoints: no authentication required
- User session-based authentication: login with username and password
- Developer API Keys: simply replace password by the key
- OAuth 2.0 token-based authentication: allow third-party client application authenticate with token
Each API endpoint can be configured with different authentication requirements tailored to your specific security needs and compliance requirements.
Secure API includes a comprehensive analytics view that provides:
- Request monitoring
- Success/failure statistics for each endpoint
- Response time metrics (average execution time in seconds)
- Detailed request logs for troubleshooting
All analytics data is accessible directly within your Odoo interface through the API Analytics menu.
The Client Applications menu provides a simple interface for creating and managing API clients. Each client receives unique credentials (client ID and secret) and can be configured with specific access scopes. You can enable/disable clients, set token expiration times in seconds. This makes it easy to manage access for different integration partners or applications.
Absolutely! Secure API works seamlessly with custom modules and their models. Any model registered in your Odoo instance can be exposed through the API, including those from custom modules. This makes it perfect for integrating custom business logic with external systems.
Technical Support
Our team is committed to providing excellent technical support for Secure API. If you encounter any issues or have questions about implementation, please reach out through one of the following channels:
Email: minhng.cs@gmail.com
Telegram: @minhng92
Compatibility Information
Please note the following regarding compatibility:
- All our addons are fully compatible with standard Odoo functionality
- We guarantee compatibility between our own addons
- While we strive for maximum compatibility, we cannot guarantee full compatibility with third-party custom addons
Our support team will assist with technical issues related to Secure API implementation, configuration, and usage. We're committed to helping you successfully integrate and leverage our solution for your business needs.
Odoo Proprietary License v1.0 This software and associated files (the "Software") may only be used (executed, modified, executed after modifications) if you have purchased a valid license from the authors, typically via Odoo Apps, or if you have received a written agreement from the authors of the Software (see the COPYRIGHT file). You may develop Odoo modules that use the Software as a library (typically by depending on it, importing it and using its resources), but without copying any source code or material from the Software. You may distribute those modules under the license of your choice, provided that this license is compatible with the terms of the Odoo Proprietary License (For example: LGPL, MIT, or proprietary licenses similar to this one). It is forbidden to publish, distribute, sublicense, or sell copies of the Software or modified copies of the Software. The above copyright notice and this permission notice must be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Please log in to comment on this module