Skip to Content

MCP Security

by
Odoo

175.33

v 19.0 Third Party
Availability
Odoo Online
Odoo.sh
On Premise
Odoo Apps Dependencies Discuss (mail)
Lines of code 3161
Technical Name mcp_security
LicenseOPL-1
Websitehttps://syntaxandsabotage.io
You bought this module and need support? Click here!
Availability
Odoo Online
Odoo.sh
On Premise
Odoo Apps Dependencies Discuss (mail)
Lines of code 3161
Technical Name mcp_security
LicenseOPL-1
Websitehttps://syntaxandsabotage.io

MCP Security

Enterprise-Grade Security for AI Assistant Integration

Secure your Odoo data with comprehensive Model Context Protocol (MCP) security infrastructure. API key authentication, granular permissions, audit logging, and real-time monitoring—all in one module.

MCP Security Banner

Why Choose MCP Security?
🔒

Enterprise Security

API key authentication with bcrypt hashing, expiration management, and automatic rotation for compliance-ready security.

📖

Complete Audit Trail

Comprehensive logging of all MCP operations with user tracking, timestamps, and exportable reports in CSV/JSON.

🔐

Granular Control

Whitelist-based permissions with operation-level access control (Create, Read, Update, Delete) for every model.

🚨

Rate Limiting

Sliding window rate limiter prevents abuse with configurable request limits and HTTP 429 responses.

🌐

IP Whitelisting

Restrict access by IP address with IPv4/IPv6 CIDR support for network-level security.

🔔

Security Alerts

Real-time monitoring with email notifications for failed authentication, rate limits, and suspicious activity.

API Key Management

Generate, manage, and monitor API keys with enterprise-grade security features.

Bcrypt-hashed key storage
Automatic expiration and rotation
Scope-based restrictions (read/write/create/delete)
Model-specific permissions
One-time key display for security
API Keys Management
Permission Configuration

Granular Permissions

Control exactly which models and operations are accessible via MCP with whitelist-based security.

🔑

Whitelist Mode

Deny all access by default. Only explicitly permitted models are accessible.

Operation-Level Control

Separate permissions for read, write, create, and delete operations.
📂

Model-Based Rules

Configure permissions per Odoo model for precise access control.

Comprehensive Audit Logging

Track every MCP operation with detailed logging for compliance, troubleshooting, and security analysis.

User, model, method, and timestamp tracking
Request/response data capture (truncated for performance)
Success/failure status and error messages
CSV and JSON export for analysis
Configurable retention period (default: 90 days)
Audit Logs
Security Alerts

Real-Time Security Alerts

Stay ahead of security threats with automated monitoring and instant notifications.

🔔

Email Notifications

Automatic emails for critical and high-severity security events.
🔥

Alert Types

Failed authentication, rate limit exceeded, IP blocked, suspicious activity, and more.
📈

Severity Levels

Critical, high, medium, and low priorities for organized response.

Centralized Configuration

Manage all security settings from a single, intuitive interface.

Enable/disable MCP permissions
Configure IP whitelist (IPv4/IPv6 CIDR)
Set rate limits (requests per minute)
Session timeout and concurrency limits
Auto key rotation and audit retention
Settings

Advanced Features

Auto Key Rotation

Automated API key rotation before expiration with email notifications for seamless transitions.

👥

Session Tracking

Monitor active MCP sessions with timeout enforcement and concurrent session limits.

💾

Audit Export

Export audit logs to CSV or JSON for compliance reporting and analysis.

🔴

Emergency Revocation

Mass API key revocation wizard for security breach response with email notifications.

🔧

Flexible Scopes

Predefined operation scopes (read, write, create, unlink) prevent security configuration errors.

📦

Custom Endpoint

Dedicated /xmlrpc/2/mcp endpoint isolates MCP traffic from standard XML-RPC.

Real-World Use Cases
🤖

AI Assistant Integration

Securely connect Claude, ChatGPT, or other AI assistants to your Odoo data via the Model Context Protocol. Control exactly what the AI can access and track every interaction.

🔧

Development Automation

Enable developers to interact with Odoo programmatically through AI tools while maintaining strict security controls and complete audit trails.

📈

Compliance & Auditing

Meet regulatory requirements (SOC 2, GDPR, ISO 27001) with comprehensive audit logging, access controls, and exportable compliance reports.

🏭

Multi-Tenant SaaS

Provide AI-powered features to customers while maintaining data isolation and security through granular permission controls.

Requirements
💻

Odoo Platform

  • Odoo 19.0 (Community or Enterprise)
  • Python 3.10 or higher
  • Base and Mail modules (included)
🤖

AI Integration (Optional)

  • MCP-compatible AI assistant (Claude, etc.)
  • MCP client library (Python, Node.js, etc.)
  • Network access to Odoo server

Quick Start Guide
1

Install Module

Install MCP Security from Odoo Apps. The module will create the dedicated /xmlrpc/2/mcp endpoint and initialize all security models.

2

Create API Key

Navigate to MCP → API Keys → Create. Generate your first API key and copy it (displayed only once). Configure expiration date and scopes.

3

Configure Permissions

Go to MCP → Permissions → Create. Add permissions for models you want accessible via MCP. Start with read-only access and expand as needed.

4

Configure Security Settings

Navigate to MCP → Settings. Enable permissions, configure rate limiting, IP whitelisting, session management, and audit retention according to your security requirements.

5

Connect Your AI Assistant

Configure your MCP client with the endpoint (http://your-odoo/xmlrpc/2/mcp), database name, and API key. Monitor connections via MCP → Audit Logs and Security Alerts.

Secure Your AI Integration Today

€149 one-time purchase

Includes lifetime updates for Odoo 19 • No recurring fees • 90-day support

Production-ready security Comprehensive features Professional support

Support & Resources
💬

Professional Support

Get help from our team of Odoo and security experts.

support@syntaxandsabotage.io
🌐

Website

Visit our website for more enterprise Odoo solutions.

syntaxandsabotage.io →

Made with by Syntax & Sabotage

Professional Odoo Development & Security Solutions 

Odoo Proprietary License v1.0

This software and associated files (the "Software") may only be used (executed,
modified, executed after modifications) if you have purchased a valid license
from the authors, typically via Odoo Apps, or if you have received a written
agreement from the authors of the Software (see the COPYRIGHT file).

You may develop Odoo modules that use the Software as a library (typically
by depending on it, importing it and using its resources), but without copying
any source code or material from the Software. You may distribute those
modules under the license of your choice, provided that this license is
compatible with the terms of the Odoo Proprietary License (For example:
LGPL, MIT, or proprietary licenses similar to this one).

It is forbidden to publish, distribute, sublicense, or sell copies of the Software
or modified copies of the Software.

The above copyright notice and this permission notice must be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
DEALINGS IN THE SOFTWARE.

Please log in to comment on this module

  • The author can leave a single reply to each comment.
  • This section is meant to ask simple questions or leave a rating. Every report of a problem experienced while using the module should be addressed to the author directly (refer to the following point).
  • If you want to start a discussion with the author or have a question related to your purchase, please use the support page.