This is a module which expose Odoo as a REST API
- Download this module and put it to your Odoo addons directory
- Install requirements with
pip install -r requirements.txt
Before making any request make sure to login and obtain session_id(This will act as your Authentication token), Send all your requests with session_id as a parameter for authentication. There are two ways to obtain session_id, the first one is using /web/session/authenticate/ route and the second one is using /auth/ route.
-
Using
/web/session/authenticate/routeSend a POST request with JSON body as shown below.
POST /web/session/authenticate/Request Body
{ "jsonrpc": "2.0", "params": { "login": "[email protected]", "password": "your_password", "db": "database_name" } }
Obtain
session_idfrom a cookie created(Not the one from a response). It'll be a long string something like "62dd55784cb0b1f69c584f7dc1eea6f587e32570", Then you can use this as a parameter to all requests. -
Using
/auth/routeIf you have set the default database then you can simply use
/authroute to do authentication asPOST /auth/Request Body
{ "params": { "login": "[email protected]", "password": "your_password", "db": "your_db_name" } }
Use
session_idfrom the response as a parameter to all requests.
Note: For security reasons, in production don't send session_id as a parameter, use a cookie instead.
Using /web/session/authenticate/ route for authentication
import json
import requests
import sys
AUTH_URL = 'http://localhost:8069/web/session/authenticate/'
headers = {'Content-type': 'application/json'}
# Remember to configure default db on odoo configuration file(dbfilter = ^db_name$)
# Authentication credentials
data = {
'params': {
'login': '[email protected]',
'password': 'yor_password',
'db': 'your_db_name'
}
}
# Authenticate user
res = requests.post(
AUTH_URL,
data=json.dumps(data),
headers=headers
)
# Get session_id from the response cookies
# We are going to use this as our API key
session_id = res.cookies.get('session_id', '')
# Example 1
# Get users
USERS_URL = 'http://localhost:8069/api/res.users/'
# Pass session_id for auth
# This will take time since it retrives all res.users fields
# You can use query param to fetch specific fields
params = {'session_id': session_id}
res = requests.get(
USERS_URL,
params=params
)
# This will be a very long response since it has many data
print(res.text)
# Example 2
# Get products(assuming you have products in you db)
# Here am using query param to fetch only product id and name(This will be faster)
USERS_URL = 'http://localhost:8069/api/product.product/'
# Pass session_id for auth
params = {'session_id': session_id, 'query': '{id, name}'}
res = requests.get(
USERS_URL,
params=params
)
# This will be small since we've retrieved only id and name
print(res.text)
Using /auth/ route for authentication
import json
import requests
AUTH_URL = 'http://localhost:8069/auth/'
headers = {'Content-type': 'application/json'}
# Remember to configure default db on odoo configuration file(dbfilter = ^db_name$)
# Authentication credentials
data = {
'params': {
'login': '[email protected]',
'password': 'yor_password',
'db': 'your_db_name'
}
}
# Authenticate user
res = requests.post(
AUTH_URL,
data=json.dumps(data),
headers=headers
)
# Get session_id from the response
# We are going to use this as our API key
session_id = json.loads(res.text)['result']['session_id']
# Example 1
# Get users
USERS_URL = 'http://localhost:8069/api/res.users/'
# Pass session_id for auth
# This will take time since it retrives all res.users fields
# You can use query param to fetch specific fields
params = {'session_id': session_id}
res = requests.get(
USERS_URL,
params=params
)
# This will be a very long response since it has many data
print(res.text)
# Example 2
# Get products(assuming you have products in you db)
# Here am using query param to fetch only product id and name(This will be faster)
USERS_URL = 'http://localhost:8069/api/product.product/'
# Pass session_id for auth
params = {'session_id': session_id, 'query': '{id, name}'}
res = requests.get(
USERS_URL,
params=params
)
# This will be small since we've retrieved only id and name
print(res.text)
Avoiding to send session_id as a parameter for security reasons
When authenticating users, you can use a cookie instead of sending session_id as a parameter, this method is recommended in production for security reasons, below is the example showing how to use a cookie.
import json
import requests
import sys
AUTH_URL = 'http://localhost:8069/web/session/authenticate/'
headers = {'Content-type': 'application/json'}
# Remember to configure default db on odoo configuration file(dbfilter = ^db_name$)
# Authentication credentials
data = {
'params': {
'login': '[email protected]',
'password': 'yor_password',
'db': 'your_db_name'
}
}
# Authenticate user
res = requests.post(
AUTH_URL,
data=json.dumps(data),
headers=headers
)
# Get response cookies
# We will use this to authenticate user
cookies = res.cookies
# Example 1
# Get users
USERS_URL = 'http://localhost:8069/api/res.users/'
# This will take time since it retrives all res.users fields
# You can use query param to fetch specific fields
res = requests.get(
USERS_URL,
cookies=cookies # Here we are sending cookies instead of `session_id`
)
# This will be a very long response since it has many data
print(res.text)
# Example 2
# Get products(assuming you have products in you db)
# Here am using query param to fetch only product id and name(This will be faster)
USERS_URL = 'http://localhost:8069/api/product.product/'
# Use query param to fetch only id and name
params = {'query': '{id, name}'}
res = requests.get(
USERS_URL,
params=params,
cookies=cookies # Here we are sending cookies instead of `session_id`
)
# This will be small since we've retrieved only id and name
print(res.text)GET /api/{model}/
-
query (optional):
This parameter is used to dynamically select fields to include on a response. For example if we want to select
idandnamefields fromres.usersmodel here is how we would do it.GET /api/res.users/?query={id, name}{ "count": 2, "prev": null, "current": 1, "next": null, "total_pages": 1, "result": [ { "id": 2, "name": "Administrator" }, { "id": 6, "name": "Reconwajenzi" } ] }
For nested records, for example if we want to select
id,nameandcompany_idfields fromres.usersmodel, but undercompany_idwe want to selectnamefield only. here is how we would do it.GET /api/res.users/?query={id, name, company_id{name}}{ "count": 2, "prev": null, "current": 1, "next": null, "total_pages": 1, "result": [ { "id": 2, "name": "Administrator", "company_id": { "name": "Singo Africa" } }, { "id": 6, "name": "Reconwajenzi", "company_id": { "name": "Singo Africa" } } ] }
For nested iterable records, for example if we want to select
id,nameandrelated_productsfields fromproduct.templatemodel, but underrelated_productswe want to selectnamefield only. here is how we would do it.GET /api/product.template/?query={id, name, related_products{name}{ "count": 2, "prev": null, "current": 1, "next": null, "total_pages": 1, "result": [ { "id": 16, "name": "Alaf Resincot Steel Roof-16", "related_products": [ {"name": "Alloy Steel AISI 4140 Bright Bars - All 5.8 meter longs"}, {"name": "Test product"} ] }, { "id": 18, "name": "Alaf Resincot Steel Roof-43", "related_products": [ {"name": "Alloy Steel AISI 4140 Bright Bars - All 5.8 meter longs"}, {"name": "Aluminium Sheets & Plates"}, {"name": "Test product"} ] } ] }
If you want to fetch all fields except few you can use exclude(-) operator. For example in the case above if we want to fetch all fields except
namefield, here is how we could do it
GET /api/product.template/?query={-name}{ "count": 3, "prev": null, "current": 1, "next": null, "total_pages": 1, "result": [ { "id": 1, ... // All fields except name }, { "id": 2 ... // All fields except name } ... ] }
There is also a wildcard(*) operator which can be used to fetch all fields, Below is an example which shows how you can fetch all product's fields but under
related_productsfield get all fields exceptid.GET /api/product.template/?query={*, related_products{-id}}{ "count": 3, "prev": null, "current": 1, "next": null, "total_pages": 1, "result": [ { "id": 1, "name": "Pen", "related_products"{ "name": "Pencil", ... // All fields except id } ... // All fields }, ... ] }
If you don't specify query parameter all fields will be returned.
-
filter (optional):
This is used to filter out data returned. For example if we want to get all products with id ranging from 60 to 70, here's how we would do it.
GET /api/product.template/?query={id, name}&filter=[["id", ">", 60], ["id", "<", 70]]{ "count": 3, "prev": null, "current": 1, "next": null, "total_pages": 1, "result": [ { "id": 67, "name": "Crown Paints Economy Superplus Emulsion" }, { "id": 69, "name": "Crown Paints Permacote" } ] }
-
page_size (optional) & page (optional):
These two allows us to do pagination. Hre page_size is used to specify number of records on a single page and page is used to specify the current page. For example if we want our page_size to be 5 records and we want to fetch data on page 3 here is how we would do it.
GET /api/product.template/?query={id, name}&page_size=5&page=3{ "count": 5, "prev": 2, "current": 3, "next": 4, "total_pages": 15, "result": [ {"id": 141, "name": "Borewell Slotting Pipes"}, {"id": 114, "name": "Bright Bars"}, {"id": 128, "name": "Chain Link Fence"}, {"id": 111, "name": "Cold Rolled Sheets - CRCA & GI Sheets"}, {"id": 62, "name": "Crown Paints Acrylic Primer/Sealer Undercoat"} ] }
Note:
prev,current,nextandtotal_pagesshows the previous page, current page, next page and the total number of pages respectively. -
limit (optional):
This is used to limit the number of results returned on a request regardless of pagination. For example
GET /api/product.template/?query={id, name}&limit=3{ "count": 3, "prev": null, "current": 1, "next": null, "total_pages": 1, "result": [ {"id": 16, "name": "Alaf Resincot Steel Roof-16"}, {"id": 18, "name": "Alaf Resincot Steel Roof-43"}, {"id": 95, "name": "Alaf versatile steel roof"} ] }
GET /api/{model}/{id}
-
query (optional):
Here query parameter works exactly the same as explained before except it selects fields on a single record. For example
GET /api/product.template/95/?query={id, name}{ "id": 95, "name": "Alaf versatile steel roof" }
POST /api/{model}/
- Content-Type: application/json
-
data (mandatory):
This is used to pass data to be posted. For example
POST /api/product.public.category/Request Body
{ "params": { "data": { "name": "Test category_2" } } }
Response
{ "jsonrpc": "2.0", "id": null, "result": 398 }
The number on
resultis theidof the newly created record. -
context (optional):
This is used to pass any context if it's needed when creating new record. The format of passing it is
Request Body
{ "params": { "context": { "context_1": "context_1_value", "context_2": "context_2_value", .... }, "data": { "field_1": "field_1_value", "field_2": "field_2_value", .... } } }
PUT /api/{model}/
- Content-Type: application/json
-
data (mandatory):
This is used to pass data to update, it works with filter parameter, See example below
-
filter (mandatory):
This is used to filter data to update. For example
PUT /api/product.template/Request Body
{ "params": { "filter": [["id", "=", 95]], "data": { "name": "Test product" } } }
Response
{ "jsonrpc": "2.0", "id": null, "result": true }
Note: If the result is true it means success and if false or otherwise it means there was an error during update.
-
context (optional): Just like in GET context is used to pass any context associated with record update. The format of passing it is
Request Body
{ "params": { "context": { "context_1": "context_1_value", "context_2": "context_2_value", .... }, "filter": [["id", "=", 95]], "data": { "field_1": "field_1_value", "field_2": "field_2_value", .... } } }
-
operation (optional):
This is only applied to
one2manyandmany2manyfields. The concept is sometimes you might not want to replace all records on eitherone2manyormany2manyfields, instead you might want to add other records or remove some records, this is where put operations comes in place. Thre are basically three PUT operations which are push, pop and delete.- push is used to add/append other records to existing linked records
- pop is used to remove/unlink some records from the record being updated but it doesn't delete them on the system
- delete is used to remove/unlink and delete records permanently on the system
For example here is how you would update
related_product_idswhich ismany2manyfield with PUT operationsPUT /api/product.template/Request Body
{ "params": { "filter": [["id", "=", 95]], "data": { "related_product_ids": { "push": [102, 30], "pop": [45], "delete": [55] } } } }
This will append product with ids 102 and 30 as related products to product with id 95 and from there unlink product with id 45 and again unlink product with id 55 and delete it from the system. So if befor this request product with id 95 had [20, 37, 45, 55] as related product ids, after this request it will be [20, 37, 102, 30].
Note: You can use one operation or two or all three at a time depending on what you want to update on your field. If you dont use these operations on
one2manyandmany2manyfields, existing values will be replaced by new values passed, so you need to be very carefull on this part.Response:
{ "jsonrpc": "2.0", "id": null, "result": true }
PUT /api/{model}/{id}
- Content-Type: application/json
- data (mandatory)
- context (optional)
- PUT operation(push, pop, delete) (optional)
All parameters works the same as explained on previous section, what changes is that here they apply to a single record being updated and we don't have filter parameter because id of record to be updated is passed on URL as {id}. Example to give us an idea of how this works.
PUT /api/product.template/95/
Request Body
{
"params": {
"data": {
"related_product_ids": {
"push": [102, 30],
"pop": [45],
"delete": [55]
}
}
}
}DELETE /api/{model}/
-
filter (mandatory):
This is used to filter data to delete. For example
DELETE /api/product.template/?filter=[["id", "=", 95]]Response
{ "result": true }
Note: If the result is true it means success and if false or otherwise it means there was an error during deletion.
DELETE /api/{model}/{id}
This takes no parameter and we don't have filter parameter because id of record to be deleted is passed on URL as {id}. Example to give us an idea of how this works.
DELETE /api/product.template/95/
Response
{
"result": true
}Sometimes you might need to call model's function or a function bound to a record, inorder to do so, send a POST request with a body containing arguments(args) and keyword arguments(kwargs) required by the function you want to call.
Below is how you can call model's function
POST /object/{model}/{function name}
Request Body
{
"params": {
"args": [arg1, arg2, ..],
"kwargs ": {
"key1": "value1",
"key2": "value2",
...
}
}
}And below is how you can call a function bound to a record
POST /object/{model}/{record_id}/{function name}
Request Body
{
"params": {
"args": [arg1, arg2, ..],
"kwargs ": {
"key1": "value1",
"key2": "value2",
...
}
}
}In both cases the response will be the result returned by the function called