Skip to Content
Odoo Menu
  • Sign in
  • Try it free
  • Apps
    Finance
    • Accounting
    • Invoicing
    • Expenses
    • Spreadsheet (BI)
    • Documents
    • Sign
    Sales
    • CRM
    • Sales
    • POS Shop
    • POS Restaurant
    • Subscriptions
    • Rental
    Websites
    • Website Builder
    • eCommerce
    • Blog
    • Forum
    • Live Chat
    • eLearning
    Supply Chain
    • Inventory
    • Manufacturing
    • PLM
    • Purchase
    • Maintenance
    • Quality
    Human Resources
    • Employees
    • Recruitment
    • Time Off
    • Appraisals
    • Referrals
    • Fleet
    Marketing
    • Social Marketing
    • Email Marketing
    • SMS Marketing
    • Events
    • Marketing Automation
    • Surveys
    Services
    • Project
    • Timesheets
    • Field Service
    • Helpdesk
    • Planning
    • Appointments
    Productivity
    • Discuss
    • Approvals
    • IoT
    • VoIP
    • Knowledge
    • WhatsApp
    Third party apps Odoo Studio Odoo Cloud Platform
  • Industries
    Retail
    • Book Store
    • Clothing Store
    • Furniture Store
    • Grocery Store
    • Hardware Store
    • Toy Store
    Food & Hospitality
    • Bar and Pub
    • Restaurant
    • Fast Food
    • Guest House
    • Beverage Distributor
    • Hotel
    Real Estate
    • Real Estate Agency
    • Architecture Firm
    • Construction
    • Property Management
    • Gardening
    • Property Owner Association
    Consulting
    • Accounting Firm
    • Odoo Partner
    • Marketing Agency
    • Law firm
    • Talent Acquisition
    • Audit & Certification
    Manufacturing
    • Textile
    • Metal
    • Furnitures
    • Food
    • Brewery
    • Corporate Gifts
    Health & Fitness
    • Sports Club
    • Eyewear Store
    • Fitness Center
    • Wellness Practitioners
    • Pharmacy
    • Hair Salon
    Trades
    • Handyman
    • IT Hardware & Support
    • Solar Energy Systems
    • Shoe Maker
    • Cleaning Services
    • HVAC Services
    Others
    • Nonprofit Organization
    • Environmental Agency
    • Billboard Rental
    • Photography
    • Bike Leasing
    • Software Reseller
    Browse all Industries
  • Community
    Learn
    • Tutorials
    • Documentation
    • Certifications
    • Training
    • Blog
    • Podcast
    Empower Education
    • Education Program
    • Scale Up! Business Game
    • Visit Odoo
    Get the Software
    • Download
    • Compare Editions
    • Releases
    Collaborate
    • Github
    • Forum
    • Events
    • Translations
    • Become a Partner
    • Services for Partners
    • Register your Accounting Firm
    Get Services
    • Find a Partner
    • Find an Accountant
      • Get a Tailored Demo
    • Implementation Services
    • Customer References
    • Support
    • Upgrades
    Github Youtube Twitter Linkedin Instagram Facebook Spotify
    +32 2 290 34 90
    • Get a Tailored Demo
  • Pricing
  • Help
  1. APPS
  2. Extra Tools
  3. REST API Toolkit v 19.0
  4. Sales Conditions FAQ

REST API Toolkit

by Atliis 360 https://www.atliis.com/
Odoo

$ 178.99

v 19.0 Third Party
Apps purchases are linked to your Odoo account, please sign in or sign up first.
Versions 18.0 19.0
You bought this module and need support? Click here!
Availability
Odoo Online
Odoo.sh
On Premise
Odoo Apps Dependencies Discuss (mail)
Lines of code 8691
Technical Name atliis_rest_api
LicenseOPL-1
Websitehttps://www.atliis.com/
Versions 18.0 19.0
  • Description
  • Manifest
  • Documentation
  • License
Atliis logo
Community Enterprise Odoo.sh
Odoo REST API Layer

REST API Toolkit

The most complete REST API layer for Odoo 19

Launch mobile apps, portals, dashboards, middleware, and AI workflows on top of Odoo data with secure REST endpoints, OAuth2 client credentials, field-level access rules, atomic batch operations, upsert/external ID sync, delta change feed, record copy endpoint, multi-company context via X-Company-Id header, response language via Accept-Language, X-Request-ID end-to-end tracing, X-RateLimit-* headers on every response, webhook delivery queue with HMAC signing and one-click secret rotation, request/response audit logging, admin token management API, downloadable JS/Python/PHP SDKs, dynamic OpenAPI spec, and Swagger documentation — all managed from the Odoo backend.

Versioned /api/v1 Routes
Swagger / OpenAPI
Bearer & OAuth2
ACL & Field-Level Rules
Per-Key Analytics
Webhooks
Delta Change Feed
SDK Downloads
  • Overview
  • How to Use?
  • FAQ
  • Support
  • Change Log
Key Features

Production-ready REST APIs for Odoo data

Expose allowed Odoo models through clean JSON endpoints with model-level controls, bearer authentication, relational expansion, batch operations, and consistent response envelopes.

REST Core

CRUD endpoints, PATCH partial updates, count, batch (partial or atomic), upsert with external ID sync, delta change feed, record copy (POST /copy), hard delete (?force=true), and archive and restore support.

Authentication & Key Permissions

Session login, bearer API keys, OAuth2 client credentials, and Basic auth. Admins create API keys and assign per-key model access — choosing exactly which models each key can reach and which CRUD operations are allowed. Add field-level allowlists, blocklists, rate limits, and expiry dates per key.

Admin Control

Configure model allow-lists, CRUD toggles, per-model domain restrictions, caller origins, CORS, and log retention from Odoo. Scope requests to a specific company via the X-Company-Id header. Set response language via Accept-Language or ?lang=. View per-key usage graphs and pivot tables, and clear all logs in one action.

Developer Experience

Swagger UI, dynamic OpenAPI spec with concrete model paths, Postman collection, and downloadable SDK files for JavaScript, Python, and PHP. Every response includes an X-Request-ID tracing header and X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset headers — no guessing when to back off.

Screenshots

See it in action

API Settings

API Settings & Model Access Control

API Keys

API Key Management

Request Logs

Request Audit Logs

Analytics

Analytics Dashboard

Swagger UI

Swagger / OpenAPI Documentation

Why This Module

A packaged integration layer on top of Odoo

Odoo provides powerful external APIs. REST API Toolkit adds clean REST-style routes, backend controls, Swagger documentation, request logs, and frontend-friendly JSON without building that layer from scratch.

Frontend Friendly

Pagination, sorting, field selection, filtering, relational expansion, and consistent JSON envelopes make mobile and portal work simpler.

Odoo Security First

Requests respect standard Odoo ACLs and record rules, with optional model domains and per-key model scopes for extra control.

Operational Visibility

Request logs capture method, path, user, IP, origin, API key, status, duration, error details, and the X-Request-ID for end-to-end tracing. The Analytics dashboard breaks down traffic by endpoint and API key in bar graphs and pivot tables. Admins can clear all logs instantly when needed.

How to Use

Configure access and start calling APIs

Enable the models you want to expose, authenticate through session login or API keys, then use versioned REST routes for reads, writes, batch operations, and metadata discovery.

Endpoint Snapshot

Authentication

Use /api/v1/auth/login, /api/v1/auth/logout, /api/v1/user/me, API key generation, password change, and password reset endpoints.

Model Routes

Call /api/v1/<model>, /api/v1/<model>/<id>, count, archive, restore, batch, and field metadata endpoints.

Documentation

Open interactive Swagger UI at /api/docs or fetch OpenAPI JSON from /api/swagger.json.

Integration Ready

Use the Swagger page to inspect request bodies, response structures, authentication headers, model routes, and query parameters before connecting your client application.


1

Install and Enable the Module

Copy atliis_rest_api into your Odoo addons path, update the app list, install REST API Toolkit, and restart Odoo if your deployment requires it.

The module is designed for Odoo 19 deployments including Community, Enterprise, Odoo.sh, and on-premise environments.

2

Allow Models and Operations

In the REST API configuration, add the Odoo models you want to expose. Enable read, create, update, delete, archive, and restore behavior only where your integration needs it.

Add optional domain restrictions to limit exposed records, configure allowed origins for browser clients, and set log retention based on your production policy.

3

Create API Keys with Model-Level Permissions

Admins create and manage bearer API keys directly from the REST API backend menu — no external API call or CLI needed. Each key is independently configured with its own access rules before it is issued to a client.

Per-key settings available to administrators:

  • Model access: choose exactly which Odoo models the key can reach — the key is silently rejected for any model not on its list.
  • CRUD toggles per model: independently enable or disable read, create, update, delete, archive, and restore for each allowed model.
  • Domain restriction per model: add an Odoo domain filter to limit which records within a model the key can see or modify.
  • Field-level rules: allowlist the fields a key may read or write, or blocklist specific sensitive fields, per model.
  • Rate limit: set a maximum number of requests per minute for the key.
  • Expiry date: keys automatically stop working after the configured date.

The generated key value is shown once after creation with a copy widget. Use the Clear Key button to remove it from the database once it has been saved securely by the client.

Send the key with the Authorization: Bearer <token> header. All requests still respect the underlying Odoo user's ACL and record rules — the key permissions narrow access further but can never grant more than the Odoo user already has.

4

Read and Write Odoo Records

Use GET for lists and records, POST for creates, PATCH for partial updates, PUT for full updates, and DELETE where deletion is allowed. Duplicate any record with POST /api/v1/<model>/<id>/copy — pass an optional JSON body to override fields on the copy. Use ?force=true on DELETE to permanently remove records that would otherwise be archived.

Query parameters support limit, page, offset, sort, fields, filter, expand, and lang for nested relational data and localized field values.

5

Use Advanced Features

Use atomic batch for all-or-nothing grouped operations with PostgreSQL savepoint rollback. Use upsert to create-or-update by external ID or unique field. Use the change feed (/changes?since=) for efficient incremental sync without polling all records. Subscribe to outbound webhooks and manage them via the REST API — rotate the HMAC signing secret at any time with the Rotate Secret button in the webhook form. Download ready-to-use SDK files for JavaScript, Python, and PHP from the Developer Exports section.

Send X-Company-Id to scope any request to a specific company in multi-company deployments. Send Accept-Language (or ?lang=) to receive field values in a specific language. Every response returns an X-Request-ID for tracing and X-RateLimit-Limit / X-RateLimit-Remaining / X-RateLimit-Reset headers so clients know exactly when to back off. Review request and response audit logs in Odoo filtered by API key, user, method, or status. The Analytics dashboard shows traffic broken down by endpoint and API key. Clear all logs in one action when needed.

Query Controls

Shape API output for each client

Fetch only the data your integration needs, then expand related records when the client needs richer nested JSON.

Pagination and Sorting

Use limit, page, offset, and sort for list screens and large datasets.

Field Selection

Use fields to return only the columns required by a mobile app, portal page, or integration job.

Relational Expansion

Use expand to include related records directly in the response, including nested expansion up to 4 levels deep.

Binary Output

Use optional binary data URL output when frontend clients need image or attachment data in a directly consumable format.

Complete Feature Set

Everything included in REST API Toolkit

A full view of what is available in REST API Toolkit for Odoo 19.

Feature REST API Toolkit
Core CRUD
CRUD endpoints for allowed models ✓
Pagination, sorting, field selection, filter ✓
Relational expansion (nested, up to 4 levels) ✓
Bulk read by ID list (/bulk) ✓
Archive / restore support ✓
Batch create / update / delete ✓
Atomic batch (PostgreSQL savepoint rollback) ✓
Upsert / external ID sync (/upsert) ✓
Delta change feed (/changes?since=) ✓
Record copy / duplicate (POST /api/v1/<model>/<id>/copy) ✓
Hard delete bypass for archived records (?force=true) ✓
Authentication & Security
Session login / logout ✓
Bearer API keys ✓
OAuth2 client credentials flow ✓
Basic auth ✓
Per-key model scopes (CRUD toggles + domain) ✓
Field-level access rules (allowlist + blocklist per key/client) ✓
Idempotency key support ✓
Multi-company context via X-Company-Id request header ✓
Response language via Accept-Language header or ?lang= param ✓
Webhooks
Outbound webhook delivery ✓
HMAC-SHA256 signing secret ✓
Retry queue with configurable delay ✓
Webhook management via REST API (CRUD + test) ✓
Webhook signing secret rotation (one-click in admin form) ✓
Admin & Observability
Request log (method, path, user, IP, status, duration) ✓
Per-key usage analytics dashboard ✓
Request payload + response summary audit logging ✓
Admin token management REST API (keys, OAuth clients, tokens) ✓
X-Request-ID tracing on every response — auto-generated or client-supplied, stored in log ✓
Developer Experience
Swagger UI at /api/docs ✓
OpenAPI 3.0 JSON ✓
Dynamic OpenAPI spec (concrete paths for configured models) ✓
Postman collection download ✓
SDK downloads (JavaScript, Python, PHP) ✓
Rate limiting (database-shared across workers + memory fallback) ✓
Rate limit headers on every response (X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset) ✓
Custom endpoints (admin-configured search / server action) ✓
Allow-listed model method calls ✓
Report rendering (PDF, HTML, text) ✓
Attachment upload / download ✓
FAQ

Common questions

Which Odoo versions are supported?

The module is designed for Odoo 19 deployments including Odoo.sh and on-premise environments.

Does it support custom models?

Yes. Generic model-driven endpoints work with both standard and custom Odoo models after those models are allowed in the REST API configuration.

Does it enforce Odoo ACL permissions?

Yes. API requests follow standard Odoo ACL and record rules automatically, with optional model domains and API key scopes for added control. Admins can create, revoke, and delete keys directly from the backend, and view per-key usage analytics in the Analytics dashboard. After creating a key, the generated value is stored temporarily so admins can copy it — use the Clear Key button to remove it from the database once copied. The key field is only accessible to users with System Administrator rights.

Does the API support relational data expansion?

Yes. Use the expand query parameter to include related records directly inside the response without performing multiple API calls.

Can relational expansion go multiple levels deep?

Yes. Nested relational expansion supports up to 4 levels deep for hierarchical data retrieval in a single request.

Can I apply filters inside relational expansion?

Yes. Each expanded relational field can include filtering, sorting, pagination, and field selection rules to reduce payload size and improve performance.

Does the API support pagination and field selection?

Yes. List endpoints support limit, page, offset, sort, fields, and filter.

Can the API be used with Flutter or React Native apps?

Yes. Responses are JSON-based and suitable for Flutter, React Native, Next.js, Vue.js, Angular, and other modern frontend clients.

Does the API work on Odoo.sh and cloud deployments?

Yes. The module is compatible with Odoo.sh, on-premise installations, and cloud-hosted Odoo deployments. HTTPS is recommended for production.

How does rate limiting work in multi-worker deployments?

Two backends are available: Database (the default) stores counters in PostgreSQL and enforces limits across all Odoo workers — effective for multi-worker and Odoo.sh deployments. Memory mode keeps counters per worker and is faster but not shared across processes. For strict global limits at the network edge, a reverse proxy can complement either mode. Per-key usage is tracked in the request log and visible in the Analytics dashboard.

Release history

Change Log

Version-by-version record of new features, improvements, and fixes.

v19.0.5.0.0 June 2026 Latest
New
  • Record copy endpoint — POST /api/v1/<model>/<id>/copy with optional field overrides
  • Multi-company context — send X-Company-Id header to scope any request to a specific company
  • Response language — send Accept-Language or ?lang= to receive translated field values
  • Webhook signing secret rotation button in the admin form
Improved
  • X-Request-ID header on every response — auto-generated if not supplied by the client, stored in the request log
  • Rate limit headers (X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset) on every response, not just 429
  • CORS Access-Control-Expose-Headers added so browsers can read tracing and rate limit headers
  • Pagination accepts page and offset as canonical names; page_number and skip remain as aliases
Fixed
  • API key, OAuth client, and webhook counter updates are now atomic SQL increments — no race conditions under concurrent load
  • Log cleanup and analytics recompute now use direct SQL — no OOM risk on large log tables
  • Request log indexes added on user_id and model_name columns
v19.0.4.0.0 June 2026
New
  • Admin token management REST API for keys, OAuth clients, and tokens
  • Field-level access rules — allowlist and blocklist per API key or OAuth client
  • Custom endpoints configurable via admin search or server action
  • Idempotency key support for safe retries on create and update requests
Improved
  • Request payload and response summary now captured in audit logs
  • Analytics dashboard shows traffic broken down by endpoint and API key
  • Dynamic OpenAPI spec generates concrete model paths from live configuration
  • Webhook management fully accessible via REST API (CRUD and test)
Fixed
  • Rate limit counter correctly shared across all Odoo workers in database mode
  • Clear Key button now removes the token from the database without a page reload
  • SDK downloads include correct base URL for Odoo.sh and multi-domain setups
v19.0.3.0.0 April 2026
New
  • Delta change feed endpoint (/changes?since=) for incremental sync
  • Upsert endpoint (/upsert) for create-or-update by external ID
  • Atomic batch operations with PostgreSQL savepoint rollback
  • Downloadable SDK files for JavaScript, Python, and PHP
Improved
  • Nested relational expansion now supports up to 4 levels deep
  • Each expanded relational field accepts its own filter, sort, and pagination rules
  • Postman collection download reflects the full live API configuration
Fixed
  • Batch partial mode correctly returns per-record errors without aborting the full batch
  • Archive and restore endpoints now respect per-model domain restrictions
v19.0.2.0.0 February 2026
New
  • OAuth2 client credentials flow for machine-to-machine integrations
  • Outbound webhook delivery with HMAC-SHA256 signing and retry queue
  • Per-key usage analytics dashboard with bar graphs and pivot tables
  • Configurable log retention and one-action log clear for administrators
Improved
  • API key form shows the generated token once with a copy widget and a Clear Key action
  • Per-key model scope now supports independent CRUD toggles and domain restrictions
  • Rate limiting backend configurable between Database and Memory modes
Fixed
  • CORS preflight requests handled correctly for browser-based clients
  • Request log captures IP address reliably behind reverse proxies
v19.0.1.0.0 January 2026 Initial Odoo 19 release
Initial release for Odoo 19
  • Versioned REST routes at /api/v1/<model> for all allowed models
  • Session login, bearer API key, and Basic auth support
  • CRUD endpoints with pagination, sorting, field selection, filter, and relational expansion
  • Model allow-list, CRUD toggles, domain restrictions, and CORS configuration from the Odoo backend
  • Swagger UI at /api/docs and OpenAPI 3.0 JSON at /api/swagger.json
  • Request audit log with method, path, user, IP, origin, API key, status, and duration
  • Report rendering, attachment upload and download, and allow-listed model method calls
More from Atliis 360

Other modules you might like

Product Attribute Filter
Microsoft 365 Contacts Sync
Media Library & Image Manager
No-Code Field & Line Tracker
Facebook & Instagram Lead Ads Sync
Merge Customer Invoices
Support

Get in touch with us

Email

helpdesk@atliis.com

Website

atliis.com

All Apps

Browse our Odoo apps

Availability
Odoo Online
Odoo.sh
On Premise
Odoo Apps Dependencies Discuss (mail)
Lines of code 8691
Technical Name atliis_rest_api
LicenseOPL-1
Websitehttps://www.atliis.com/

Atliis REST API Toolkit

Atliis REST API Toolkit adds secure, versioned REST endpoints to Odoo 19 so implementation teams can connect mobile apps, portals, dashboards, middleware, and AI services without building custom controllers for each model.

What is included

  • Versioned CRUD endpoints under /api/v1.
  • Session-cookie authentication using Odoo users.
  • Bearer API keys generated and revoked from the API.
  • Per-key model scopes, operation permissions, domain filters, and rate limits.
  • Allow-list configuration for exposed Odoo models.
  • Caller origin restrictions and CORS preflight support.
  • Field metadata endpoint for dynamic clients.
  • Pagination, sorting, field selection, domain filtering, count endpoints, batch operations, and relational expansion.
  • User profile endpoints for authenticated users.
  • API request logs, usage dashboard views, optional success-only/error-only logging, and automatic cleanup.
  • Queued webhook subscriptions for create, update, delete, and restore events.
  • Postman collection and JavaScript, Python, and Flutter snippets in static/description.
  • Interactive Swagger/OpenAPI documentation at /api/docs.

Typical use cases

  • Build Flutter, React Native, or web frontends on top of Odoo data.
  • Connect external portals to sales, CRM, inventory, helpdesk, or custom models.
  • Synchronize Odoo with middleware, ETL jobs, reporting systems, or SaaS tools.
  • Give integration teams a consistent JSON API instead of XML-RPC.

Configuration

  1. Install the module.
  2. Open the REST API settings menu.
  3. Add only the Odoo models that should be exposed.
  4. Configure allowed origins if browser-based clients will call the API directly.
  5. Optionally create scoped API keys for each integration.
  6. Optionally add webhooks for outbound create/update/delete/restore events.
  7. For high-volume APIs, disable successful-request logging or set clients to omit total counts when they do not need them.
  8. Confirm the target users have the right Odoo access rights and record rules.
  9. Use /api/docs to test authentication and endpoint behavior.

Security notes

The API respects standard Odoo access rights and record rules. Model exposure is controlled by an allow-list, so administrators can choose exactly which models are available through the REST API. HTTPS is recommended for every production deployment.

Support

For support requests, use the support channel linked from your Odoo Apps purchase or contact helpdesk@atliis.com.

Odoo Proprietary License v1.0

This software and associated files (the "Software") may only be used (executed,
modified, executed after modifications) if you have purchased a valid license
from the authors, typically via Odoo Apps, or if you have received a written
agreement from the authors of the Software (see the COPYRIGHT file).

You may develop Odoo modules that use the Software as a library (typically
by depending on it, importing it and using its resources), but without copying
any source code or material from the Software. You may distribute those
modules under the license of your choice, provided that this license is
compatible with the terms of the Odoo Proprietary License (For example:
LGPL, MIT, or proprietary licenses similar to this one).

It is forbidden to publish, distribute, sublicense, or sell copies of the Software
or modified copies of the Software.

The above copyright notice and this permission notice must be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
DEALINGS IN THE SOFTWARE.

Please log in to comment on this module

  • The author can leave a single reply to each comment.
  • This section is meant to ask simple questions or leave a rating. Every report of a problem experienced while using the module should be addressed to the author directly (refer to the following point).
  • If you want to start a discussion with the author or have a question related to your purchase, please use the support page.
Community
  • Tutorials
  • Documentation
  • Forum
Open Source
  • Download
  • Github
  • Runbot
  • Translations
Services
  • Odoo.sh Hosting
  • Support
  • Upgrade
  • Custom Developments
  • Education
  • Find an Accountant
  • Find a Partner
  • Become a Partner
About us
  • Our company
  • Brand Assets
  • Contact us
  • Jobs
  • Events
  • Podcast
  • Blog
  • Customers
  • Legal • Privacy
  • Security

Odoo is a suite of open source business apps that cover all your company needs: CRM, eCommerce, accounting, inventory, point of sale, project management, etc.

Odoo's unique value proposition is to be at the same time very easy to use and fully integrated.

Website made with