MCP Pro — Audit Log & Scoped API Keys for AI Agents (Claude, ChatGPT, Gemini)
by Pantalytics B.V. by Rutger Hofste https://pantalytics.com/apps/odoo-mcp-server| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
Discuss (mail)
|
| Community Apps Dependencies | Show |
| Lines of code | 3271 |
| Technical Name |
pan_mcp_pro_governance |
| License | AGPL-3 |
| Website | https://pantalytics.com/apps/odoo-mcp-server |
| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
Discuss (mail)
|
| Community Apps Dependencies | Show |
| Lines of code | 3271 |
| Technical Name |
pan_mcp_pro_governance |
| License | AGPL-3 |
| Website | https://pantalytics.com/apps/odoo-mcp-server |
Connect your Odoo with Claude, ChatGPT, Gemini and Copilot.
The free companion to MCP Pro. Adds scoped API keys and a full audit trail of every AI action inside your Odoo. Also great for n8n, cron jobs and any API integration.
Pull open quotes, follow up with customers, create sales orders, reconcile invoices — straight from chat. Works on desktop and mobile. Works on Odoo Online, Odoo.sh and on-premise.
Claude reading and writing real Odoo records via the MCP Pro server.
How it works
1. Connect your Odoo
Sign in with Google or Microsoft on the MCP Pro server (5-minute setup). Point it at your Odoo Online, Odoo.sh or on-premise instance.
2. Add your AI app
Connect Claude Desktop, ChatGPT, Cursor, Gemini, Copilot or any MCP client — one shared MCP endpoint serves them all.
3. Install this module
This free Odoo addon adds scoped API keys bound to OCA user roles, and surfaces a full audit trail of every inbound call. Give your AI agent exactly the access it needs — no more, no less.
Open source, EU-hosted. More on the server: pantalytics.com/apps/odoo-mcp-server
Works with every major AI tool
Claude, ChatGPT, Gemini, Microsoft Copilot, Mistral — or any other MCP-compatible AI client. One connector, every model.
Where you host the MCP server matters — local, embedded, self-hosted VPS, or hosted service each have real trade-offs. Read the comparison: pantalytics.com/post/where-to-host-your-odoo-mcp-server
What MCP Pro customers say
"Our team lives inside Odoo. The Pantalytics MCP server has changed how we work. Pulling open quotes, following up with customers, creating sales orders, straight from chat. Saves us real hours every week."
Freek Bos — Thuisbatterijnederland.nl
"The MCP is working great! Definitely worth it."
Daniel Degetau — Pigmentum
"Love love love your tool!"
Andrew Law — Odoo It Yourself
What this module gives you
The MCP Pro server runs outside Odoo. This addon installs inside Odoo and gives operators what the server alone cannot — per-agent permission scoping and an inbound-call audit trail, both built on top of well-maintained OCA modules.
Scoped API keys
Every API key can be bound to a single OCA user role — a named bundle of Odoo groups. During every request that authenticates with the key, the user's effective permissions are narrowed to that role's groups. Never broader than the role, never broader than the owning user.
Works for any API integration, not just AI: AI assistants (Claude, ChatGPT via MCP Pro), automation tools (n8n, Make, Zapier), cron sync scripts (Python, Node, anything that hits Odoo via XML-RPC or JSON-RPC), website forms and webhooks, external applications.
- One paid Odoo user, multiple integrations. Bind separate keys to the same user, each with its own role. No extra Internal User licences for headless workloads.
- Least privilege by design. A cron-sync key only sees its target models. A read-only assistant cannot accidentally write. A delete-bot scope is impossible because you didn't grant it.
- Suspended & revoked keys fail closed at authentication — no race window where a revoked key still works.
- Last-used timestamp and call counter on every key. Spot dormant integrations and unexpected spikes at a glance.
- Both modern and legacy endpoints (
/json/2/*and/jsonrpc) honour the same narrowing — no bypass route.
Roles are managed in Settings → Users & Companies → User Roles (provided by OCA base_user_role). The API key wizard simply shows a dropdown filtered to the roles already assigned to the current user.
The "Add API Key" wizard. Pick a role from those assigned to your user, or leave empty for full user permissions.
Every key shows its bound role, current state, last-used timestamp and call counter at a glance.
Audit log
Built on OCA auditlog. Every inbound HTTP request that touches an audited model writes one row, linked down to the per-record ORM changes that resulted.
- One row per call — path, HTTP status, duration, request id, session id, acting user.
- Drill down to records. From a request, click through to the create / write / unlink lines and see exactly which records the call changed, with old and new values per field.
- Pre-seeded rules for the models integrations touch most:
sale.order,res.partner,account.move,crm.lead,product.template,stock.picking. Created on install, only for modules already present in your database. - Cleanup cron included via OCA's autovacuum. Configure retention to your compliance needs.
Audit Log inside Odoo — one row per inbound HTTP request, with click-through to per-record changes.
Why this matters
Standard Odoo was designed for humans clicking through forms. Anything that talks to Odoo via an API key — a cron job, an n8n workflow, an AI tool, a custom script — inherits the full permissions of the user that owns the key. There is no native way to make a key narrower than its user.
That's fine when there are two of those integrations. It becomes a problem when there are ten, each doing something different. The gaps show:
- You can't tell from the audit log what each integration did, only what their shared user did. This module gives you per-call attribution and a single auditable timeline via OCA
auditlog. - You can't restrict a write-only cron to its target models without spinning up a dedicated Odoo Internal User per integration. Odoo bills per Internal User — that doesn't scale. This module lets one paid user host many distinctly-scoped keys.
- You can't revoke one integration's access without rotating credentials shared with all of them. This module gives every key its own lifecycle: active / suspended / revoked.
The module fills these gaps with thin, well-bounded primitives on top of two mature OCA modules. It does not replace Odoo's ACLs — it composes with them.
Note for EU operators: the per-call audit timeline also lays the groundwork for EU AI Act Art. 12 / 13 / 26 record-keeping obligations that apply from August 2026. Not the primary reason most teams adopt this, but it's there if you need it.
Data handling
- No data leaves your Odoo database.
- No call-home, no telemetry, no third parties from this module.
- Open source (AGPL-3) — audit every line.
- The MCP Pro server is EU-hosted, GDPR-aware, and respects existing Odoo access rights.
Get started
- Install this module from the Odoo App Store. OCA
auditlogand OCAbase_user_roleare pulled in as required dependencies. - Define a role at Settings → Users & Companies → User Roles. Pick the Odoo groups you want this integration to have — nothing more.
- Assign the role to whichever user the integration logs in as (your own user is fine).
- Create an API key for that user: Settings → Users → Account Security → Add API Key. Pick the role in the dropdown, click Generate.
- Use the key from your AI tool, n8n workflow, cron script or any other API integration. For AI access via Claude / ChatGPT / Gemini / Copilot, sign up for the MCP Pro server at pantalytics.com/apps/odoo-mcp-server.
- Watch calls flow into MCP Pro → Audit Log inside your Odoo, narrowed to the role's scope.
Support
Questions or issues? support@pantalytics.com
Module v1.0.0 — listing published 2026-05-20
Please log in to comment on this module
Great app