A REST API layer for Odoo that exposes any model through standard CRUD endpoints secured with JWT authentication, enabling seamless integration with third-party and mobile applications.

What is Odoo Generic API?

Odoo Generic API adds a complete REST interface on top of Odoo's ORM. Once installed, any model in your Odoo instance becomes accessible over HTTP using standard GET, POST, PUT, and DELETE verbs. Authentication is handled with JWT tokens: clients obtain a token from the /auth endpoint and include it as a Bearer header on subsequent requests.

The module is model-agnostic: you do not need to write any custom code to expose a model. As long as the module that owns the model is installed, /api/<model_name>/ is immediately available. Query parameters control field selection, filtering with ORM domain syntax, pagination, and ordering.

Features

JWT Authentication

Secure token-based authentication using PyJWT 2.x. Token expiration is configurable via the EXPIRATION_IN_SECONDS environment variable (default: 3600s).

List & Retrieve Records

GET endpoints for listing records with field selection, limit, offset, ordering, and ORM domain filtering via query parameters.

Create Records

POST endpoint to create new records on any installed Odoo model, with full field support including relational fields.

Update Records

PUT endpoint for partial or full updates to existing records. Only the fields you send are modified.

Delete Records

DELETE endpoint to remove records from any model. Returns 404 if the record does not exist.

Relational Field Support

Many2one, Many2many, and One2many fields are fully supported with nested data expansion for linked records.

Endpoint Reference

MethodPathDescription
GET/authObtain a JWT token. Pass db, login, and password as headers.
GET/api/<model>/List records. Supports: fields, limit, offset, order, args (domain filter).
GET/api/<model>/<id>Retrieve a single record by ID.
POST/api/<model>/Create a new record. Send field values as a JSON body.
PUT/api/<model>/<id>Update an existing record. Only the fields in the body are modified.
DELETE/api/<model>/<id>Delete a record by ID.

Usage Examples

Authenticate first to obtain a JWT token, then use it in subsequent requests:

# 1. Obtain a JWT token
curl -X GET "https://your-odoo.com/auth" \
  -H "db: your_database" \
  -H "login: admin" \
  -H "password: your_password"

# Response
{
  "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..."
}

List and create records using the token:

# 2. List records (e.g. res.partner)
curl -X GET "https://your-odoo.com/api/res.partner/?fields=name,email&limit=10" \
  -H "Authorization: Bearer <token>" \
  -H "db: your_database"

# Create a record
curl -X POST "https://your-odoo.com/api/res.partner/" \
  -H "Authorization: Bearer <token>" \
  -H "db: your_database" \
  -H "Content-Type: application/json" \
  -d '{"name": "Jane Doe", "email": "jane@example.com"}'

Configuration

The module ships with a default secret key for development. Override it for production via environment variables on your Odoo server:

# In your Odoo server environment
SECRET_KEY=your_very_secret_key_here
EXPIRATION_IN_SECONDS=7200

Always set a strong SECRET_KEY in production. The built-in default key must never be used in a live environment.

Summary

  • Zero boilerplate - any installed model is immediately accessible via REST, no custom code required
  • JWT authentication - industry-standard token-based security with configurable expiration
  • Full CRUD - GET, POST, PUT, and DELETE endpoints with field selection, filtering, and pagination
  • Relational fields - Many2one, Many2many, and One2many resolved automatically with nested expansion
  • OpenAPI documented - full specification available on SwaggerHub for easy client generation