✅ Overview
Odoo supports two major API paradigms for integration:
Type |
Interface |
Use Case |
| JSON-RPC | Built-in via /jsonrpc endpoint | Used by Odoo web client & XML-RPC compatible systems |
| REST API | Custom-developed via @http.route | Used in external integrations like mobile apps, ERP links, etc. |
1. JSON-RPC: Native Odoo Interface
📌 Used Internally by Odoo Web Client
Endpoint:
https:///jsonrpc
Python Example (Login & Create Partner)
import json
import requests
url = ‘https://your-domain.com/jsonrpc’
headers = {‘Content-Type’: ‘application/json’}
payload = {
“jsonrpc”: “2.0”,
“method”: “call”,
“params”: {
“service”: “object”,
“method”: “execute_kw”,
“args”: [
‘your_db’, # DB
2, # UID
‘your_api_key’, # Password/API key
‘res.partner’, # Model
‘create’, # Method
[{
‘name’: ‘New Partner JSON-RPC’,
’email’: ‘test@example.com’
}]
]
},
“id”: 1,
}
res = requests.post(url, data=json.dumps(payload), headers=headers)
print(res.json())
✅ Key Points:
- Requires DB, UID, and password/session.
- Works with any Odoo model/method.
- Structured for automation scripts.
2. REST API: Custom Implementation with @http.route
Odoo does not natively provide a REST API, but you can define your own using the http.Controller.
Example: Create Partner via REST API
from odoo import http
from odoo.http import request
import json
class PartnerAPI(http.Controller):
@http.route(‘/api/partner/create’, type=‘json’, auth=‘user’, methods=[‘POST’], csrf=False)
def create_partner(self, **kwargs):
data = kwargs.get(‘data’)
if not data:
return {“error”: “Missing data”}
partner = request.env[‘res.partner’].sudo().create({
‘name’: data.get(‘name’),
’email’: data.get(’email’)
})
return {“success”: True, “id”: partner.id}
🔑 Access via POST Request
bash
CopyEdit
curl -X POST https://your-domain.com/api/partner/create \
-H “Content-Type: application/json” \
-H “Authorization: Bearer <access_token>” \
-d ‘{“data”: {“name”: “Darshan”, “email”: “darshan@example.com”}}’
🔐 Security Tips for Both Approaches
Technique |
Recommendation |
| Authentication | Use API tokens or OAuth2 |
| Access control | Validate with sudo() only when necessary |
| CSRF protection | Set csrf=False for external access |
| Rate limiting/logging | Handle via Nginx/Cloudflare/3rd-party tools |
✅ Summary Table
Feature |
JSON-RPC |
REST (Custom via @http.route) |
| Native in Odoo | ✅ Yes | ❌ No (requires custom controller) |
| Structured Calls | ✅ Yes | ✅ Yes |
| Flexibility | ❌ Limited to execute_kw | ✅ Full control over input/output |
| Use Case | Internal Odoo clients, scripts | Mobile apps, third-party integration |
| Authentication | Login + password/API key | Token or session-based |
✅ Best Practices
- For lightweight automation, use JSON-RPC.
- For mobile or modern web integration, use custom REST APIs.
- Always restrict public routes using auth=’user’ or custom tokens.
