Skip to Content
Odoo Menu
  • Sign in
  • Try it free
  • Apps
    Finance
    • Accounting
    • Invoicing
    • Expenses
    • Spreadsheet (BI)
    • Documents
    • Sign
    Sales
    • CRM
    • Sales
    • POS Shop
    • POS Restaurant
    • Subscriptions
    • Rental
    Websites
    • Website Builder
    • eCommerce
    • Blog
    • Forum
    • Live Chat
    • eLearning
    Supply Chain
    • Inventory
    • Manufacturing
    • PLM
    • Purchase
    • Maintenance
    • Quality
    Human Resources
    • Employees
    • Recruitment
    • Time Off
    • Appraisals
    • Referrals
    • Fleet
    Marketing
    • Social Marketing
    • Email Marketing
    • SMS Marketing
    • Events
    • Marketing Automation
    • Surveys
    Services
    • Project
    • Timesheets
    • Field Service
    • Helpdesk
    • Planning
    • Appointments
    Productivity
    • Discuss
    • Approvals
    • IoT
    • VoIP
    • Knowledge
    • WhatsApp
    Third party apps Odoo Studio Odoo Cloud Platform
  • Industries
    Retail
    • Book Store
    • Clothing Store
    • Furniture Store
    • Grocery Store
    • Hardware Store
    • Toy Store
    Food & Hospitality
    • Bar and Pub
    • Restaurant
    • Fast Food
    • Guest House
    • Beverage Distributor
    • Hotel
    Real Estate
    • Real Estate Agency
    • Architecture Firm
    • Construction
    • Property Management
    • Gardening
    • Property Owner Association
    Consulting
    • Accounting Firm
    • Odoo Partner
    • Marketing Agency
    • Law firm
    • Talent Acquisition
    • Audit & Certification
    Manufacturing
    • Textile
    • Metal
    • Furnitures
    • Food
    • Brewery
    • Corporate Gifts
    Health & Fitness
    • Sports Club
    • Eyewear Store
    • Fitness Center
    • Wellness Practitioners
    • Pharmacy
    • Hair Salon
    Trades
    • Handyman
    • IT Hardware & Support
    • Solar Energy Systems
    • Shoe Maker
    • Cleaning Services
    • HVAC Services
    Others
    • Nonprofit Organization
    • Environmental Agency
    • Billboard Rental
    • Photography
    • Bike Leasing
    • Software Reseller
    Browse all Industries
  • Community
    Learn
    • Tutorials
    • Documentation
    • Certifications
    • Training
    • Blog
    • Podcast
    Empower Education
    • Education Program
    • Scale Up! Business Game
    • Visit Odoo
    Get the Software
    • Download
    • Compare Editions
    • Releases
    Collaborate
    • Github
    • Forum
    • Events
    • Translations
    • Become a Partner
    • Services for Partners
    • Register your Accounting Firm
    Get Services
    • Find a Partner
    • Find an Accountant
      • Get a Tailored Demo
    • Implementation Services
    • Customer References
    • Support
    • Upgrades
    Github Youtube Twitter Linkedin Instagram Facebook Spotify
    +32 2 290 34 90
    • Get a Tailored Demo
  • Pricing
  • Help
  1. APPS
  2. Extra Tools
  3. JWT Auth API for Odoo v 19.0
  4. Sales Conditions FAQ

JWT Auth API for Odoo

by Gankhuu
Odoo

$ 49.33

v 19.0 Third Party
Apps purchases are linked to your Odoo account, please sign in or sign up first.
You bought this module and need support? Click here!
Availability
Odoo Online
Odoo.sh
On Premise
Lines of code 634
Technical Name jwt_auth_api
LicenseAGPL-3

Odoo JWT Authentication & API Controllers

Secure REST API authentication with Access & Refresh Tokens

This module provides a complete JWT (JSON Web Token) authentication solution for Odoo REST APIs.

It supports secure login, access token refresh, refresh token rotation, logout (token revoke), and a powerful generic CRUD API protected by JWT.

Key Features

  • JWT-based authentication for Odoo APIs
  • Login using username & password
  • Access token refresh using refresh token
  • Refresh token rotation for enhanced security
  • Logout / revoke refresh token
  • Browser support with HttpOnly cookie
  • Generic CRUD API for any Odoo model

Authentication Header

All protected endpoints require the access token in the Authorization header.

Headers:
{
  "Content-Type": "application/json",
  "Authorization": "Bearer <ACCESS_TOKEN>"
}

1. Login (Password Authentication)

POST /api/login (auth: none)

Request:
{
  "login": "admin",
  "password": "admin"
}

Response (Browser):
{
  "token": "ACCESS_TOKEN",
  "user_id": 2,
  "refreshToken": "REFRESH_TOKEN",
}

Response (Mobile/App):
{
  "token": "ACCESS_TOKEN",
  "refreshToken": "REFRESH_TOKEN",
  "user_id": 2
}

2. Refresh Access Token

POST /api/update/access-token

Request:
{
  "user_id": 2
}

Response:
{
  "access_token": "NEW_ACCESS_TOKEN"
}

3. Rotate Refresh Token

POST /api/update/refresh-token (auth: jwt)

Response (Browser):
{
  "status": "done",
  "refreshToken": 1
}

Response (Mobile/App):
{
  "status": "done",
  "refreshToken": "NEW_REFRESH_TOKEN"
}

4. Logout / Revoke Token

POST /api/revoke/token (auth: jwt)

Response:
{
  "status": "success",
  "logged_out": 1
}

Generic CRUD API (JWT Protected)

This module includes a generic API endpoint that can read, create, update, and delete records from any Odoo model, based on configuration rules (connection.api).
Access to this endpoint is protected by JWT authentication.

Endpoint

/api/send_request (auth: jwt) - supports GET, POST, PUT, DELETE

How it works (high-level)

  1. Model validation: reads ?model= and verifies the model exists in ir.model.
  2. Permission by configuration: checks connection.api settings for the model (allowed methods: GET/POST/PUT/DELETE).
  3. Execute operation: performs search/read, create, write, or unlink with sudo().
  4. Flexible response: supports field selection, domain filtering, pagination, and relation expansion.

Supported methods

  • GET - List records or fetch a single record by ID
  • POST - Create a new record
  • PUT - Update an existing record by ID
  • DELETE - Delete a record by ID

GET request (Query Parameters)

  • model (required): Odoo model technical name (example: res.partner)
  • id (optional): record ID to fetch a single resource
  • fields (required): JSON list of fields to return (example: ["name","email"])
  • domain (optional): Odoo domain in string format (example: [["active","=",true]])
  • expand (optional): relation expansion map (example: {"child_ids":["name"]})
  • offset (optional): page number (default: 1)
  • limit (optional): page size (default: 20)
Example (GET list):
/api/send_request?model=res.partner&fields=["name","email"]&domain=[["active","=",true]]&offset=1&limit=20

Example (GET by id):
/api/send_request?model=res.partner&id=10&fields=["name","email"]

Example (GET with expand):
/api/send_request?model=res.partner&fields=["id","name", "company_id"]&expand={"bank_ids":["acc_number","email"]}

POST / PUT request (Body JSON)

For create/update, send JSON body with: values (data to write), optional fields (fields to return), optional expand (relations to expand).

Example (POST create):
POST /api/send_request?model=res.partner
{
  "values": {
    "name": "Test Partner",
    "email": "test@example.com"
  },
}

Example (PUT update):
PUT /api/send_request?model=res.partner&id=10
{
  "values": {
    "email": "new@example.com"
  },
}

DELETE request

DELETE /api/send_request?model=res.partner&id=10

Response:
{
  "deleted_id": 10
}

Important Notes

  • JWT required: All calls to /api/send_request require a valid access token.
  • Per-model method control: Allowed HTTP methods are controlled by connection.api settings.
  • Pagination: uses offset (page) and limit (page size).
  • Expand: can load related records (many2one/one2many/many2many) with selected fields.
  • Security consideration: This endpoint uses sudo(). It is recommended to strictly control which models and methods are enabled through configuration and access rules.

Security Notes

  • HTTPS is strongly recommended
  • Refresh token is stored as HttpOnly cookie for browsers
  • Refresh token rotation reduces token theft risk
  • Access token must be sent with Bearer prefix

Please log in to comment on this module

  • The author can leave a single reply to each comment.
  • This section is meant to ask simple questions or leave a rating. Every report of a problem experienced while using the module should be addressed to the author directly (refer to the following point).
  • If you want to start a discussion with the author or have a question related to your purchase, please use the support page.
Community
  • Tutorials
  • Documentation
  • Forum
Open Source
  • Download
  • Github
  • Runbot
  • Translations
Services
  • Odoo.sh Hosting
  • Support
  • Upgrade
  • Custom Developments
  • Education
  • Find an Accountant
  • Find a Partner
  • Become a Partner
About us
  • Our company
  • Brand Assets
  • Contact us
  • Jobs
  • Events
  • Podcast
  • Blog
  • Customers
  • Legal • Privacy
  • Security

Odoo is a suite of open source business apps that cover all your company needs: CRM, eCommerce, accounting, inventory, point of sale, project management, etc.

Odoo's unique value proposition is to be at the same time very easy to use and fully integrated.

Website made with