| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
•
Attendances (hr_attendance)
• Discuss (mail) • Employees (hr) |
| Lines of code | 2160 |
| Technical Name |
odoo_messenger_api |
| License | AGPL-3 |
| Website | https://www.dotbdsolutions.com |
| Versions | 18.0 19.0 |
| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
•
Attendances (hr_attendance)
• Discuss (mail) • Employees (hr) |
| Lines of code | 2160 |
| Technical Name |
odoo_messenger_api |
| License | AGPL-3 |
| Website | https://www.dotbdsolutions.com |
| Versions | 18.0 19.0 |
Odoo Messenger
Production-grade mobile app for Odoo 18 & 19
by Dot BD Solutions Limited · Odoo Ready Partner
Introducing Odoo Messenger
Odoo Messenger is a production-grade Flutter mobile application built natively for Odoo 18 and 19. It transforms your Odoo server into a complete mobile workspace — combining real-time team chat, peer-to-peer WebRTC video & audio calls, seven live business dashboards, HR attendance actions, time-off requests, push notifications, and portal employee support into one seamless, secure Android/iOS app.
The companion odoo_messenger_api Odoo module provides 30+ mobile-optimised REST/JSON-RPC endpoints, Firebase Cloud Messaging delivery, WebRTC signalling helpers, a strict security layer with IDOR protection, and a clean admin panel for device management — all without touching core Odoo source code.
App Features
Everything the Flutter mobile app delivers to end users.
Real-Time Chat
Group channels and direct messages with threaded replies, emoji reactions, pinned messages, message editing & deletion, voice note recording, link preview with OG metadata, and live typing indicators.
Video & Audio Calls
WebRTC peer-to-peer calls with mute, camera toggle, front/rear switch, HD quality mode, lock-screen incoming call notifications, ringtone, and background call support. Echo cancellation & noise suppression built in.
Business Dashboards
7 live dashboard cards — HR & Leave, Attendance, Projects, CRM, Sales, Expenses and Purchase — all pulling real-time data from Odoo. Cards render only when the corresponding module is installed.
Push Notifications
Firebase FCM push delivery for new messages — works even when the app is closed. In-app notification centre with mark-read & delete, configurable notification sound, and full-screen incoming call alerts on the lock screen.
Team Directory & Profiles
Full Odoo partner directory, one-tap DM & call initiation. Rich user profile sheet with org chart (manager + direct reports), phone/mobile dial buttons, and offline cached profiles.
HR, Attendance & Time Off
Check in / check out with a single tap. Submit time-off requests with leave type dropdown, date picker & reason field. View leave balances, 30-day attendance history, and upcoming public holidays.
File & Media Sharing
Share images, videos, documents and voice recordings. Files upload via multipart POST and are stored natively in Odoo IR attachments. Link preview cards for shared URLs using Open Graph metadata fetched server-side.
Portal User Access
Employees who are Odoo portal users (not internal users) can use all messaging, HR & dashboard features via a secure sudo bridge. No extra internal user license required.
Security & Privacy
Biometric app lock, Odoo session-based authentication, strict IDOR protection on all write endpoints (users can only edit/delete their own messages), channel membership checks for file uploads, and permission-aware UI rendering. Forgot password flow triggers Odoo's built-in reset email without exposing user enumeration.
Recent Enhancements & Roadmap
- Unified Contacts, Avatars & Profiles: Portal users and internal users now share a unified Contacts directory. Portal users can view beautiful avatars and basic contact details (like email & telephone) of internal users. Furthermore, Portal users can seamlessly view their own linked HR Employee module data directly inside their account Profile settings!
- SMS Chat Integration: View outward and inward SMS records smoothly within standard chat interfaces without breaking synchronization.
- Portal Employee Capabilities: Portal users mapped to an Employee record can seamlessly manage their Attendance check-ins and submit Time Off requests via a secure backend bridge—saving on internal license costs while retaining functionality.
- Future Roadmap: We are actively working on major upgrades to bring Fleet Management and Field Service modules directly to your Portal Users, rapidly expanding what your external workforce can do!
Custom Module — odoo_messenger_api
What the Odoo backend module installs and provides.
30+ Mobile API Endpoints
Mobile-optimised REST/JSON-RPC routes covering channels, messages, contacts, avatars,
user profiles, notifications, HR, attendance, leave, and all seven dashboard modules.
Separate type='json'
(Odoo 18) and
type='jsonrpc'
(Odoo 19) builds.
Firebase Push Delivery
Device token registration & lifecycle management via a custom
messenger.device.token
model. FCM delivery on new Odoo messages. Weekly
garbage-collection cron removes stale tokens automatically.
WebRTC Signalling Helpers
Join/leave call helpers wrap Odoo's built-in RTC system, normalise the
Rtc.selfSession
/
localSession
response differences between v18/v19, and relay SDP offers/answers & ICE candidates
over Odoo's long-polling bus.
Portal User Security Bridge
_is_portal(),
_env()
and
_check_channel_access()
helpers grant portal employees scoped sudo access while enforcing channel membership and
author ownership on every write operation — preventing IDOR attacks.
Business Dashboard APIs
Dedicated endpoints for
HR (employee info, leave summary, mandatory days),
Attendance (today + 30-day history, check-in toggle),
Projects, CRM, Sales,
Expenses, and Purchase.
Returns
{'error': 'module_not_installed'} gracefully if an Odoo app is absent.
Admin Device Panel
Backend list & form views for all registered mobile devices, FCM token status, and platform information — visible to administrators under Settings → Discuss → Mobile Devices in Odoo's admin interface.
API Endpoints Reference
All routes are prefixed /messenger/api/v1.
Odoo 18 uses type='json',
Odoo 19 uses type='jsonrpc'.
All require auth='user'
unless noted.
Authentication
| Endpoint | Description |
|---|---|
| /auth/reset_password | Trigger Odoo password reset email (auth='public') |
Channels & Messaging
| Endpoint | Description |
|---|---|
| /channels | List accessible channels with last message & unread count |
| /channels/create | Create or find a DM / group channel |
| /channels/mark_read | Mark all messages in a channel as read |
| /channels/members | List members of a channel |
| /channels/typing | Send typing indicator |
| /messages | Paginated message history for a channel |
| /messages/send | Post a new message (text, attachments) |
| /messages/update | Edit message body (own messages only) |
| /messages/delete | Delete a message (own messages only) |
| /messages/pin | Pin or unpin a message |
| /messages/react | Add or remove emoji reaction |
| /messages/reactions | Batch-fetch reactions for multiple messages |
| /messages/upload_attachment | JSON-RPC file upload (base64) |
| /messages/upload_multipart | HTTP multipart file upload |
| /messages/mark_read | Mark specific notification IDs as read |
| /messages/link_preview | Fetch Open Graph metadata for a URL |
Users & Contacts
| Endpoint | Description |
|---|---|
| /user/profile | Current user info incl. is_portal flag |
| /contacts | Odoo partner directory (search + paginate) |
| /profile/partner | Employee profile for any partner ID (org chart, HR data) |
Notifications & FCM
| Endpoint | Description |
|---|---|
| /notifications | Paginated in-app notification list |
| /notifications/delete | Delete a notification (own only) |
| /fcm/register | Register FCM device token |
| /fcm/unregister | Remove FCM device token on logout |
HR, Attendance & Time Off
| Endpoint | Description |
|---|---|
| /attendance/toggle | Check in or check out for current employee |
| /hr/leave/types | Leave types with remaining balances |
| /hr/leave/create | Submit a time-off request |
| /hr/leave/list | Employee's leave request history |
Business Dashboards
| Endpoint | Description |
|---|---|
| /hr/dashboard | Employee info, leave summary & public holidays |
| /attendance/dashboard | Today's check-in + 30-day history |
| /projects/dashboard | Open tasks, overdue count, project count |
| /crm/dashboard | Open leads & pipeline value |
| /sales/dashboard | This/last month sales totals & recent orders |
| /expenses/dashboard | Draft & pending expense totals |
| /purchase/dashboard | POs awaiting approval & recent orders |
Installation
- Copy
odoo_messenger_apito your Odoocustom_addonsdirectory. - Install Python dependency:
pip install firebase-admin - Restart Odoo, then go to Apps and install Odoo Messenger API.
- Configure the Flutter app with your Odoo server URL and login credentials.
- Optionally set up a TURN server (coturn) for reliable audio/video calls across different networks — see the section below.
WebRTC Audio & Video Call Setup (TURN Server)
While Odoo Messenger API handles the signaling (SDP offer/answer exchange), WebRTC requires a TURN server to reliably route audio and video traffic across different networks (NAT traversal).
Option 1: Self-Hosted Server (VPS / Dedicated)
If you host Odoo on your own VPS or a separate Ubuntu 20.04/22.04 server, follow this
step-by-step guide to set up
coturn:
Step 1 — Install coturn
sudo apt update && sudo apt install coturn -y
Step 2 — Enable coturn
sudo nano /etc/default/coturn
Remove the #
from #TURNSERVER_ENABLED=1.
Save with Ctrl+X → Y → Enter.
Step 3 — Configure /etc/turnserver.conf
listening-port=3478 tls-listening-port=5349 external-ip=YOUR_SERVER_PUBLIC_IP # ← change lt-cred-mech realm=yourdomain.com # ← change server-name=yourdomain.com # ← change user=odoo:StrongPassword123 # ← change min-port=49152 max-port=65535 log-file=/var/log/coturn.log verbose fingerprint no-multicast-peers
Step 4 — Open Firewall Ports
sudo ufw allow 3478/tcp && sudo ufw allow 3478/udp
sudo ufw allow 5349/tcp && sudo ufw allow 5349/udp
sudo ufw allow 49152:65535/udp
ufw alone is not enough. Also open UDP 3478 and UDP 49152-65535 in your hosting provider's outer firewall (DigitalOcean Networking, AWS Security Groups, Hetzner Firewall, etc.).
Step 5 — Start & Test
sudo systemctl enable coturn && sudo systemctl restart coturn
Test at webrtc.github.io/samples trickle-ice — look for a relay candidate to confirm TURN is working.
Step 6 — Add to Odoo ICE Servers
Settings → Activate Developer Mode → Technical → Discuss → ICE Servers
Do NOT include turn: or stun: prefixes —
Odoo adds them automatically based on the Type field.
Option 2: Odoo.sh or Restricted Hosting
Managed PaaS environments don't allow installing background services or opening thousands of UDP ports. Use a separate $5/month VPS (DigitalOcean, Hetzner, Vultr) running coturn, or a managed TURN provider (Twilio Network Traversal, Metered TURN). Add those credentials to your Odoo ICE Servers list.
Dot BD Solutions Limited
Certified Odoo Ready Partner · Bangladesh
We are a certified Odoo Ready Partner specialising in ERP implementation, custom module development, training and digital transformation for businesses across Bangladesh and beyond. Odoo Messenger is our flagship mobile product — built with years of Odoo expertise and a genuine need for first-class mobile collaboration inside Odoo.
Author: Rafiur Rahman Rafit · Company: Dot BD Solutions Limited
Licensed under AGPL-3 (GNU Affero General Public License, Version 3)
Copyright © 2026 Dot BD Solutions Limited. All rights reserved.
Please log in to comment on this module