Angkor API Gateway
Secure REST API layer for Odoo mobile apps, portals, and integrations
Turn Odoo into a controlled JSON API backend with JWT login, refresh tokens, model permissions, dynamic CRUD routes, metadata helpers, batch reads, attachments, reports, and Swagger documentation.
Built for teams that need mobile and external applications to work with Odoo data while keeping access controlled by Odoo users, API roles, allowed models, and operation-level permissions.
What you get
- JWT access and refresh authentication
- Role-based model permissions
- Dynamic model read, search, create, update, delete
- Swagger/OpenAPI documentation included
- Mobile-friendly helper endpoints
JWT
Access and refresh tokens for secure app sessions.
CRUD
Read and manage allowed Odoo models through REST routes.
Forms
Defaults, onchange, field metadata, and dropdown options.
Docs
Built-in Swagger UI and OpenAPI JSON for developers.
API-rendered form showcase
The included test model demonstrates how a mobile app can render a form, save records, upload files, and trigger workflow actions through the API.
Test Model Form
Generated by API1. Field metadata
Know field type, label, required state, readonly state, relation model, and selection values.
POST /models/{model}/fields_get
2. Default values
Pre-fill create screens with Odoo defaults before the user enters data.
POST /models/{model}/default_get
3. Onchange logic
Run Odoo onchange methods from a mobile form when a field value changes.
POST /models/{model}/onchange
4. Dropdown options
Load options for selection, many2one, and many2many fields with search and pagination.
POST /models/{model}/selection
Postman-style browser tester
A standalone testing page is included for developers. It helps validate login, tokens, CRUD calls, mobile helpers, attachments, reports, and workflow actions without building a full client app first.
Quick call groups
Auth / Docs Dynamic Records Form Helpers
Mobile Attachments Reports Workflow
Easy testing included
Open the included tester page, login to Odoo, save the returned token, choose a quick call, send the request, and inspect the JSON response from one screen.
This makes it simple to test model CRUD, form helpers, attachments, reports, and workflow actions before connecting a mobile app or external integration.
Example request and response
API test flowPOST /api_gateway/v1/models/api.test.model
{
"name": "Mobile Workflow Test",
"mode": "draft"
}
{
"id": 42,
"status": 201
}
POST /api_gateway/v1/models/api.test.model/42/attachment
POST /api_gateway/v1/workflow/action
Designed for real mobile app workflows
Login once, refresh safely
Mobile clients authenticate with Odoo credentials and receive access and refresh tokens. Expiration settings are configured inside Odoo.
Expose only what is allowed
API roles control which Odoo models can be read, created, updated, or deleted. Tokens can also use gateway controls such as rate limits and restrictions.
Build forms faster
Use field metadata, default values, name search, onchange, and selection endpoints to power native mobile form screens.
Reduce network calls
Batch reads let one mobile screen load data from several models with one HTTP request.
API features
| Authentication | Login, refresh token, current user profile |
| Dynamic records | List, read, search, group, create, update, delete |
| Mobile forms | default_get, fields_get, onchange, name_search |
| Select fields | Dropdown options for selection and relation fields |
| Files | Attachment list, upload, delete, and binary URLs |
| Reports | List and render Odoo PDF reports |
Security features
| API roles | Choose allowed models and operations per role |
| Token control | Issue, expire, and revoke API tokens from Odoo |
| Gateway controls | Enable or disable gateway access centrally |
| Rate limiting | Protect public endpoints from excessive traffic |
| Request logs | Review API usage from Odoo administrator screens |
| Workflow allow-list | Permit only approved public model button methods |
Common endpoints
| Login | POST /api_gateway/v1/auth/login |
| Search records | POST /api_gateway/v1/models/{model}/search |
| Read by IDs | POST /api_gateway/v1/models/{model}/read |
| Dropdown options | POST /api_gateway/v1/models/{model}/selection |
| Batch reads | POST /api_gateway/v1/mobile/batch |
| Swagger docs | GET /api_gateway/v1/docs |
1. Configure
Enable the gateway, configure token expiration, and choose security options from Odoo administrator screens.
2. Assign roles
Create API roles and select exactly which models and operations each client can use.
3. Integrate
Connect mobile apps, portals, services, and internal tools using documented JSON endpoints.
Data and privacy
Angkor API Gateway runs inside the customer's Odoo instance. It does not require a third-party hosted service. API access is controlled by Odoo users, API tokens, API roles, and the customer's own configuration.
Odoo Proprietary License v1.0 This software and associated files (the "Software") may only be used (executed, modified, executed after modifications) if you have purchased a valid license from the authors, typically via Odoo Apps, or if you have received a written agreement from the authors of the Software (see the COPYRIGHT file). You may develop Odoo modules that use the Software as a library (typically by depending on it, importing it and using its resources), but without copying any source code or material from the Software. You may distribute those modules under the license of your choice, provided that this license is compatible with the terms of the Odoo Proprietary License (For example: LGPL, MIT, or proprietary licenses similar to this one). It is forbidden to publish, distribute, sublicense, or sell copies of the Software or modified copies of the Software. The above copyright notice and this permission notice must be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Please log in to comment on this module