Skip to Content

Odoo MCP Server | AI Integration Hub | Claude, Cursor Editor & Windsurf

by
Odoo

118.27

v 19.0 Third Party
Live Preview
Availability
Odoo Online
Odoo.sh
On Premise
Lines of code 2131
Technical Name zehntech_odoo_mcp_server
LicenseOPL-1
Websitehttps://www.zehntech.com/
You bought this module and need support? Click here!
Availability
Odoo Online
Odoo.sh
On Premise
Lines of code 2131
Technical Name zehntech_odoo_mcp_server
LicenseOPL-1
Websitehttps://www.zehntech.com/

Odoo MCP Server

Reimagine the Way You Use Odoo Ask questions in plain English and receive instant insights from your business data.

User Guide :- https://web.kopyst.com/sharedoc/o2wkcy

Key Features

  • Advanced Security Enforcement
  • Granular CRUD Access Control
  • Native Odoo API Key Authentication rules
  • Comprehensive Audit Logging
  • Intelligent Rate Limiting
  • Progressive Violation Blocking
  • Automated System Maintenance
  • Multi-Language Interface
Feature Image
grain
grain-two

Key Features

About Zehntech

Zehntech is a leading Odoo custom development company, empowering businesses across industries with tailored ERP solutions. With a strong team of 25+ skilled Odoo professionals, ranging from 2 to over 10+ years of experience, we bring deep expertise and innovation to every project. Over the years, we have successfully developed 100+ Odoo apps and themes, helping clients streamline operations, enhance productivity, and achieve digital transformation. Our Odoo services include Custom Odoo Development, Implementation, Customization, Support and maintenance.

115+

Happy Customer

120+

Expert Professionals

30%

Time Saved

12+

Countries We Serve

FAQs

Effortlessly integrate Odoo with AI Assistants using MCP Server

1. Which AI clients are compatible with this module?

Any MCP-compatible client works, including Claude Desktop, Cursor Editor, Windsurf, Jan, and Msty Studio. The module also exposes an OpenAI-compatible tools endpoint (/mcp/openai/tools), so any client that supports OpenAI function-calling format can integrate as well.

Generate an Odoo API key from Settings → Users & Companies → Users → API Keys tab. Pass it as a Bearer token in every request header: Authorization: Bearer <your-api-key>. No separate credential storage or third-party auth layer is required.

Yes. In Settings → MCP Server, enable Allow All Models (Read-Only). This grants odoo_search and odoo_read access to every model without requiring individual entries in Accessible Models. Write operations still require explicit per-model configuration.

Two separate permission layers must both allow the operation: 1. MCP Model Access - Go to MCP Server → Accessible Models and confirm the model has the relevant permission flag (Allow Read / Create / Write / Delete) checked and the record is active. 2. Odoo ACL - Confirm the user's security group has the corresponding CRUD right on the model in Settings → Technical → Security → Access Rights.

The server immediately returns HTTP 429 (Too Many Requests). Repeated violations trigger escalating blocks: 5 minutes on the first offence, 15 minutes on the second, and 60 minutes from the third violation onward. Administrators can review and manually unblock clients under MCP Server → Request Blocks.

In Settings → MCP Server set Max Requests per Minute (Per User) (default: 100). Enable Per-IP Rate Limiting and set Max Requests per Minute (Per IP) (default: 50) to add a second, IP-level cap that applies independently.

Logs are kept for 30 days by default. Change this under Settings → MCP Server → Log Retention. A daily cron job (Purge Old Access Logs) automatically removes entries older than the configured value. Additional scheduled jobs clean up rate limit records (every 45 minutes) and expired blocks (every 2 days).

Full CRUD is supported. The available tools are odoo_create, odoo_write, odoo_unlink, odoo_search, odoo_read, odoo_search_count, and odoo_group_by. Each operation must be explicitly enabled per model in MCP Server → Accessible Models.

Yes, you can customize the module if you need additional features. We can also assist with the customization. Just email us at odoo-support@zehntech.com with your requirements.

Yes, after purchasing the app, you are eligible for lifetime updates. Check the app page for the change logs, and you can download the updated module from the same link as your original download. If you'd like us to send you update notifications, contact us at odoo-support@zehntech.com.

Feel free to send us an email at odoo-support@zehntech.com with your questions, and we will get back to you as soon as possible.

Our Services

Odoo Customization

Odoo Migration Services

Odoo Implementation

Odoo Support & Maintenance

Odoo Website Development

Odoo Theme Development

Odoo Mobile App Development

https://img.shields.io/badge/version-1.0.0-blue https://img.shields.io/badge/license-OPL--1-orange https://img.shields.io/badge/author-Zehntech%20Technologies%20Inc.-green

Odoo MCP Server | AI Integration Hub | Claude, Cursor Editor & Windsurf

Secure Model Context Protocol (MCP) Integration for Odoo

Overview

The Odoo MCP Server module enables secure communication between your Odoo instance and external AI clients (such as Claude, ChatGPT, or any MCP-compatible application) through a standards-based Model Context Protocol endpoint.

Rather than exposing your database directly, the module introduces a structured, permission-driven interface that ensures security, transparency, and full compliance with Odoo's access control mechanisms.

Table of contents

Core Capabilities

  • Advanced Security Enforcement
  • Granular CRUD Access Control
  • Native Odoo API Key Authentication
  • Comprehensive Audit Logging
  • Intelligent Rate Limiting
  • Progressive Violation Blocking
  • Automated System Maintenance
  • Multi-Language Interface

Key Features

  • Advanced Security Enforcement: All operations strictly respect:
    • Odoo Access Control Lists (ACLs)
    • Record rules

  • Granular CRUD Access Control: Define Read, Create, Write, and Delete permissions individually for each exposed model.

  • Native Odoo API Key Authentication: Uses Odoo's built-in API key system. No additional authentication layer or credential storage is required.

  • Comprehensive Audit Logging: Each request is logged with:
    • User and IP address
    • Operation and target model
    • Full payload and response
    • Execution time
    • Success or failure status
    • Streaming indicator
  • Intelligent Rate Limiting:
    • Per-user request limit (default: 100 requests/minute)
    • Optional per-IP rate limit (default: 50 requests/minute)
    • Configurable limits from settings
  • Progressive Violation Blocking:

    Repeated violations trigger escalating blocks:

    Violation Count Block Duration
    1st 5 minutes
    2nd 15 minutes
    3rd and above 60 minutes
  • Automated System Maintenance:

    Background cron jobs automatically:

    • Remove expired access logs
    • Clean old rate limit records
    • Delete expired block entries
  • Multi-Language Interface:

    The interface is available in:

    • German
    • Spanish
    • French
    • Japanese
    • Arabic

Summary

The Odoo MCP Server for Odoo v19 enables secure AI integration through a standards-based Model Context Protocol endpoint. It enforces ACLs, record rules, API key authentication, rate limiting, and audit logging. With granular CRUD control, streaming support, and automated maintenance, it ensures secure, scalable access to Odoo data.

Installation

  1. Download the module from the Odoo App Store.

  2. Place the module into your Odoo addons directory:

    cp -r zehntech_odoo_mcp_server /path/to/odoo/addons/

  3. Restart the Odoo server.

  4. Activate Developer Mode.

  5. Go to Apps → Update Apps List.

  6. Search for Odoo MCP Server and install it.

Configuration

Enable the Server

  1. Navigate to Settings → MCP Server.
  2. Enable the toggle to activate the /mcp endpoint.

Configure Accessible Models

  1. Go to MCP Server → Model Access Config.
  2. Create a new record.
  3. Select the model (e.g., res.partner).
  4. Enable the required permissions:
    • Allow Read
    • Allow Create
    • Allow Write
    • Allow Delete
  5. Save.

Tip: You may enable "Allow All Models (Read-Only)" in settings to provide read-only access globally without configuring each model individually.

Rate Limiting Settings

Go to MCP Server → MCP Settings -> Settings:

  • Max Requests per Minute (Per User)
  • Enable Per-IP Rate Limiting
  • Max Requests per Minute (Per IP)
  • Progressive Blocking Base Duration

Log Retention

Set the number of days to retain logs before automatic cleanup (default: 10 days).

Authentication

All endpoints use Bearer token authentication based on Odoo API keys.

Generate an API Key

  1. Go to Settings → Users & Companies → Users.
  2. Open your user profile.
  3. Navigate to the API Keys tab.
  4. Click New API Key and copy the generated value.

Use in Requests

Include the key in the Authorization header:

Authorization: Bearer <your-api-key>

Client Setup

After installing and enabling the Odoo MCP Server module in Odoo, external AI clients can securely communicate with your Odoo instance using the exposed /mcp endpoint.

The AI assistant (desktop app, editor plugin, or custom client) connects to your Odoo server over HTTPS using API key authentication. All business logic and access control remain enforced within Odoo.

Transport Methods

The MCP endpoint can be consumed using two common approaches:

  1. Streamable HTTP (recommended for most setups)
  2. Local MCP bridge (for desktop AI tools that require stdio transport)

Streamable HTTP Connection

For clients that support HTTP-based MCP connections:

  • Endpoint: https://your-odoo-domain.com/mcp

  • Method: POST

  • Authentication: Bearer Token

  • Header:

    Authorization: Bearer <your-api-key>

Your client must send JSON-RPC 2.0 formatted requests to the endpoint.

Example configuration structure:

{
  "mcpServers": {
    "odoo": {
      "type": "streamable-http",
      "url": "https://your-odoo-domain.com/mcp",
      "headers": {
        "Authorization": "Bearer <your-api-key>"
      }
    }
  }
}

Local MCP Bridge (stdio-based clients)

Some desktop AI tools rely on a local MCP bridge process.

In this case:

  1. Install Node.js (if not already installed) on your local machine.
  2. Configure your AI client to launch mcp-remote@latest using npx.
  3. Provide your Odoo MCP endpoint URL (including /mcp).
  4. Pass the API key securely using the Authorization header.

The local bridge will:

  • Start a stdio server for your AI client.
  • Forward JSON-RPC requests to your remote Odoo instance.
  • Return responses (including streaming responses) back to the client.
  • Preserve authentication and security validation on the Odoo side.

Example configuration structure:

{
  "mcpServers": {
    "odoo": {
      "command": "npx",
      "args": [
         "mcp-remote@latest",
         "https://your-odoo-domain.com",
         "--allow-http",
         "--header",
         "Authorization: Bearer <your-api-key>"
      ]
    }
  }
}

Security & Access Control

All requests are validated against:

  • Model-level CRUD configuration
  • Access Control Lists (ACLs)
  • Record rules
  • Rate limits and blocking policies

Verification

After configuration:

  1. Test using the health tool.
  2. Confirm that available tools are listed.
  3. Execute a simple read query (e.g., fetch limited records from res.partner).

If the request succeeds, the client is correctly connected and authorized.

Usage Examples

Once configured, you can query and manage your Odoo data using natural language. The AI client automatically translates these instructions into secure MCP tool calls while respecting ACLs and record rules.

Data Retrieval

You can retrieve business data conversationally:

  • "Show all vendors created in the last 30 days"
  • "List purchase orders pending approval"
  • "Find employees working in the Sales department"
  • "Display invoices that are overdue by more than 15 days"
  • "Get the top 5 customers by total revenue this quarter"
  • "Check which products have zero stock in Warehouse WH/Stock"

Data Management

You can also create, update, and delete records:

  • "Create a new vendor named Global Supplies with payment terms Net 30"
  • "Update the price of product Ultra Laptop to 1250"
  • "Assign salesperson Michael Scott to opportunity OP-2024-15"
  • "Mark invoice INV/2026/045 as paid"
  • "Add a new task under project Website Revamp with deadline next Friday"
  • "Archive the inactive customer record Blue Ocean Traders"

Common Model Examples

Typical business interactions may involve:

  • res.partner (Contacts & Customers)
  • sale.order (Sales Orders)
  • account.move (Invoices)
  • product.product (Products & Inventory)

All operations strictly respect:

  • Model-level CRUD configuration
  • Odoo Access Control Lists (ACLs)
  • Record rules
  • Configured rate limits and progressive blocking

API Endpoints

POST /mcp

Primary JSON-RPC 2.0 endpoint.

Headers:

Content-Type: application/json
Authorization: Bearer <api-key>

Supported Operations (via tools/call)

Operation Description
list_models List configured models
describe_model Retrieve model field metadata
odoo_search Search with domain filters
odoo_read Read records by IDs
odoo_search_count Count matching records
odoo_group_by Aggregate using groupBy
odoo_create Create new records
odoo_write Update records
odoo_unlink Delete records
health Health check endpoint

Example Request

{
  "jsonrpc": "2.0",
  "method": "tools/call",
  "id": 1,
  "params": {
    "name": "odoo_search",
    "arguments": {
      "model": "res.partner",
      "domain": [["is_company", "=", true]],
      "fields": ["name", "email", "phone"],
      "limit": 10
    }
  }
}

Rate Limiting & Blocking

When limits are exceeded:

  • The server responds with HTTP 429 (Too Many Requests).
  • Repeated violations activate progressive blocking.
  • Administrators can manually review and unblock clients under MCP Server → MCP Settings → Request Blocks.

Audit Logs

Accessible via MCP Server → MCP Settings → Access Logs.

Each entry includes:

  • User
  • Model
  • Operation
  • Request and response payload
  • Error Details
  • Execution duration
  • Status

Logs are purged automatically based on retention settings.

Scheduled Jobs

The module installs the following cron tasks:

  • Purge Old Access Logs (daily)
  • Cleanup Old Rate Limits (every 45 minutes)
  • Cleanup Old IP Rate Limits (hourly)
  • Cleanup Expired Blocks (every 2 days)

Compatibility

Verified with:

  • Claude Desktop
  • Jan
  • Msty Studio
  • Cursor Editor
  • Windsurf

Change logs

[1.0.0]

  • Added [26-03-2026]- Odoo MCP Server Module

Support

Zehntech Technologies

Odoo Proprietary License v1.0

This software and associated files (the "Software") may only be used (executed,
modified, executed after modifications) if you have purchased a valid license
from the authors, typically via Odoo Apps, or if you have received a written
agreement from the authors of the Software (see the COPYRIGHT file).

You may develop Odoo modules that use the Software as a library (typically
by depending on it, importing it and using its resources), but without copying
any source code or material from the Software. You may distribute those
modules under the license of your choice, provided that this license is
compatible with the terms of the Odoo Proprietary License (For example:
LGPL, MIT, or proprietary licenses similar to this one).

It is forbidden to publish, distribute, sublicense, or sell copies of the Software
or modified copies of the Software.

The above copyright notice and this permission notice must be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
DEALINGS IN THE SOFTWARE.

Please log in to comment on this module

  • The author can leave a single reply to each comment.
  • This section is meant to ask simple questions or leave a rating. Every report of a problem experienced while using the module should be addressed to the author directly (refer to the following point).
  • If you want to start a discussion with the author or have a question related to your purchase, please use the support page.