Secure, documented REST API and outbound webhooks for any Odoo model — built, installed, and supported by ECOSIRE for Odoo 17/18/19. One-time license from $349.00 USD for Odoo 17, 18, 19 — includes 12 months of updates and support.

Secure, documented REST API and outbound webhooks for any Odoo model — built, installed, and supported by ECOSIRE for Odoo 17/18/19.
No payment now. This sends a quote request to our team — we'll follow up by email with pricing and next steps.
Odoo ships a capable XML-RPC and JSON-RPC layer, but modern integration teams expect clean REST — predictable URLs, JSON bodies, bearer tokens, OpenAPI docs, and event-driven webhooks. Bridging that gap by hand means writing controllers, wiring authentication, hardening record-level access, and re-testing on every Odoo upgrade. The REST API & Webhooks Toolkit is a net-new module that ECOSIRE builds, installs, and supports for you, turning your Odoo instance into a first-class integration platform.
Auto-generated versioned REST endpoints (GET/POST/PATCH/DELETE) for each selected Odoo model, e.g. /api/v1/res.partner, mapped to ORM search_read, create, write and unlink
Long-lived API token authentication plus an OAuth2 client-credentials flow, with per-token expiry and revocation from a dedicated settings view
Per-token scopes that restrict access to specific models and actions (read-only, write, delete) so each integration gets least-privilege credentials
Access is enforced through Odoo's native ir.model.access.csv and record rules — endpoints run as a real user (auth='user'), never bypassing security
Outbound webhooks on record create/write/unlink events, wired via ORM overrides and base.automation, targeting your external URLs
HMAC-SHA256 signed webhook payloads with a shared secret so receivers can verify authenticity and reject spoofed calls
This is a BUILD-TO-ORDER engagement, not an instant apps.odoo.com download. After purchase, an ECOSIRE Odoo engineer scopes the exact models, fields, and events you need to expose, then delivers a production-ready custom module (its own __manifest__.py, controllers, models, security rules, and views) tailored to your data model and hardened for your Odoo edition. Typical delivery is 2–4 weeks depending on the number of models and integration targets.
At its core the toolkit auto-generates versioned REST endpoints (for example GET/POST/PATCH/DELETE /api/v1/<model>) over the models you choose. Requests flow through Odoo's http.Controller layer with auth='user' so every call runs inside a real Odoo session and honors your existing ir.model.access.csv rules and record rules — a token cannot read or write anything the mapped user is not already allowed to touch. Authentication supports long-lived API tokens and an OAuth2 client-credentials flow, with per-token scopes so a warehouse app can be limited to stock.picking while a CRM sync only sees crm.lead.
Outbound webhooks close the event loop. Using Odoo's ORM overrides and base.automation / automated actions, the module fires signed HTTP POST callbacks to your endpoints when records are created, written, or unlinked — new sale.order, confirmed account.move, updated res.partner — with configurable payload templates, HMAC signatures, retry-with-backoff, and a delivery log so nothing is silently lost. Every inbound and outbound call is captured with status code, latency, and payload size, and each endpoint carries its own rate limit to protect the server.
Developers get a live Swagger/OpenAPI 3 specification generated from the enabled endpoints, so your integrators can explore, authenticate, and test straight from the browser. The module is built cleanly on the standard framework — no core patching — so it installs alongside your other apps and survives upgrades. ECOSIRE supports Odoo 17, 18, and 19, on Community or Enterprise, and hands over full source plus documentation and a support window so your team owns and can extend the result.
Engineers wiring Odoo into external apps — mobile clients, e-commerce fronts, partner portals — who want clean REST, bearer tokens, and an OpenAPI spec instead of hand-rolling XML-RPC calls and reverse-engineering field names.
Odoo partners and integrators delivering multi-system projects who need a reliable, security-aware REST + webhook layer they can configure per client rather than rebuilding controllers and auth for every engagement.
In-house technical owners connecting Odoo to iPaaS tools, warehouse scanners, or accounting systems, who need event-driven webhooks, per-token rate limits, and full request logging to keep integrations observable and safe.
Buy the license on ecosire.com and download the REST API & Webhooks Toolkit module ZIP from your account dashboard.
Extract the ZIP into your Odoo custom addons folder on the server (or upload via Apps > Install from file on Odoo.sh / runbot).
Activate Developer Mode, open Apps, click Update Apps List, search for REST API & Webhooks Toolkit, and press Install.
Open the new menu, paste your ECOSIRE license key, connect any external credentials (Shopify, Amazon, Stripe, etc.), and save.
Run the built-in connection test, sync your first 10 records, and schedule the recurring cron. Contact support if anything fails.
| Criterion | ECOSIRE | Custom Build | Competitor | Odoo Native |
|---|---|---|---|---|
| REST endpoints with clean JSON (not raw RPC method calls) | ||||
| Token + OAuth2 authentication with per-token scopes | ||||
| Outbound webhooks on record create/write/unlink events | ||||
| Signed payloads (HMAC) + retry with delivery log | ||||
| Auto-generated Swagger/OpenAPI 3 documentation | ||||
| Per-endpoint rate limiting and request logging | ||||
| Enforces existing ir.model.access.csv + record rules | ||||
| Built and hardened for your exact models on Odoo 17/18/19 | ||||
| Full source handover, docs, training + support window |
This is a build-to-order engagement, not an instant download. After purchase an ECOSIRE engineer scopes the exact models, fields, and events you want exposed, then builds and delivers a production-ready custom module. Typical lead time is 2–4 weeks depending on how many models and webhook targets are in scope. We install it in staging first, run smoke tests, then deploy to production with you.
Every engagement includes a post-delivery support window for bug fixes and configuration questions, plus a documented upgrade path. Because the module is built cleanly on the standard framework (controllers, ORM, base.automation, ir.model.access.csv) with no core patching, it moves across Odoo 17, 18 and 19 predictably. You receive full source code, so your team can extend endpoints and webhooks independently, and we offer optional ongoing maintenance retainers.
For simple back-office scripting, sometimes. But XML-RPC and JSON-RPC expose raw model methods, have no per-token scoping, no OpenAPI docs, no rate limiting, and no outbound webhooks. This toolkit adds a REST surface with bearer/OAuth2 auth, per-endpoint limits, signed event webhooks, and generated Swagger docs — the things modern integration teams and iPaaS tools expect.
No. Endpoints run as a real Odoo user via auth='user', so every call is filtered through your existing ir.model.access.csv and record rules — a token can never read or write records the mapped user cannot. On top of that we add per-token scopes (which models and actions), optional field-level allow-lists, token expiry/revocation, IP allow-listing, and per-endpoint rate limits.
We support Odoo 17, 18 and 19, on both Community and Enterprise, self-hosted or on Odoo.sh. During scoping we confirm your exact version and edition and build the module against it, including any edition-specific models you want exposed. If you later upgrade, the handover includes a version-migration path.
Yes. Outbound webhooks are wired through ORM create/write/unlink overrides and Odoo automated actions, so they can trigger on record creation, updates, stage changes, or your own conditions. Each webhook has a configurable JSON payload template, an HMAC signature for verification, and retry-with-backoff, so it can safely deliver to any HTTPS endpoint — iPaaS, a partner API, or your own microservice — with a full delivery log.
Secure, documented REST API and outbound webhooks for any Odoo model — built, installed, and supported by ECOSIRE for Odoo 17/18/19.