--- name: odoo-rpc-api description: "Expert on Odoo's external JSON-RPC and XML-RPC APIs. Covers authentication, model calls, record CRUD, and real-world integration examples in Python, JavaScript, and curl." risk: safe source: "self" --- # Odoo RPC API ## Overview Odoo exposes a powerful external API via JSON-RPC and XML-RPC, allowing any external application to read, create, update, and delete records. This skill guides you through authenticating, calling models, and building robust integrations. ## When to Use This Skill - Connecting an external app (e.g., Django, Node.js, a mobile app) to Odoo. - Running automated scripts to import/export data from Odoo. - Building a middleware layer between Odoo and a third-party platform. - Debugging API authentication or permission errors. ## How It Works 1. **Activate**: Mention `@odoo-rpc-api` and describe the integration you need. 2. **Generate**: Get copy-paste ready RPC call code in Python, JavaScript, or curl. 3. **Debug**: Paste an error and get a diagnosis with a corrected call. ## Examples ### Example 1: Authenticate and Read Records (Python) ```python import xmlrpc.client url = 'https://myodoo.example.com' db = 'my_database' username = 'admin' password = 'my_api_key' # Use API keys, not passwords, in production # Step 1: Authenticate common = xmlrpc.client.ServerProxy(f'{url}/xmlrpc/2/common') uid = common.authenticate(db, username, password, {}) print(f"Authenticated as UID: {uid}") # Step 2: Call models models = xmlrpc.client.ServerProxy(f'{url}/xmlrpc/2/object') # Search confirmed sale orders orders = models.execute_kw(db, uid, password, 'sale.order', 'search_read', [[['state', '=', 'sale']]], {'fields': ['name', 'partner_id', 'amount_total'], 'limit': 10} ) for order in orders: print(order) ``` ### Example 2: Create a Record (Python) ```python new_partner_id = models.execute_kw(db, uid, password, 'res.partner', 'create', [{'name': 'Acme Corp', 'email': 'info@acme.com', 'is_company': True}] ) print(f"Created partner ID: {new_partner_id}") ``` ### Example 3: JSON-RPC via curl ```bash curl -X POST https://myodoo.example.com/web/dataset/call_kw \ -H "Content-Type: application/json" \ -d '{ "jsonrpc": "2.0", "method": "call", "id": 1, "params": { "model": "res.partner", "method": "search_read", "args": [[["is_company", "=", true]]], "kwargs": {"fields": ["name", "email"], "limit": 5} } }' # Note: "id" is required by the JSON-RPC 2.0 spec to correlate responses. # Odoo 16+ also supports the /web/dataset/call_kw endpoint but # prefer /web/dataset/call_kw for model method calls. ``` ## Best Practices - ✅ **Do:** Use **API Keys** (Settings → Technical → API Keys) instead of passwords — available from Odoo 14+. - ✅ **Do:** Use `search_read` instead of `search` + `read` to reduce network round trips. - ✅ **Do:** Always handle connection errors and implement retry logic with exponential backoff in production. - ✅ **Do:** Store credentials in environment variables or a secrets manager (e.g., AWS Secrets Manager, `.env` file). - ❌ **Don't:** Hardcode passwords or API keys directly in scripts — rotate them and use env vars. - ❌ **Don't:** Call the API in a tight loop without batching — bulk operations reduce server load significantly. - ❌ **Don't:** Use the master admin password for API integrations — create a dedicated integration user with minimum required permissions. ## Limitations - Does not cover **OAuth2 or session-cookie-based authentication** — the examples use API key (token) auth only. - **Rate limiting** is not built into the Odoo XMLRPC layer; you must implement throttling client-side. - The XML-RPC endpoint (`/xmlrpc/2/`) does not support file uploads — use the REST-based `ir.attachment` model via JSON-RPC for binary data. - Odoo.sh (SaaS) may block some API calls depending on plan; verify your subscription supports external API access.