Send login, signup, checkout, and transaction OTPs over WhatsApp and SMS with verification flows for website, portal, and POS. A build-to-order Odoo module ECOSIRE scopes, builds, installs, and supports for your Odoo 17/18/19 instance. Built to order by ECOSIRE for Odoo 17, 18, 19 — indicative price from $299.00 USD; request a quote for a scoped proposal.

Send login, signup, checkout, and transaction OTPs over WhatsApp and SMS with verification flows for website, portal, and POS. A build-to-order Odoo module ECOSIRE scopes, builds, installs, and supports for your Odoo 17/18/19 instance.
Sin pago ahora. Esto envía una solicitud de presupuesto a nuestro equipo; te responderemos por correo con precios y próximos pasos.
Odoo core ships a strong TOTP-based two-factor authentication for internal backend users, but it runs out of road exactly where customer-facing risk lives. There is no native OTP challenge on the website login and signup forms, no phone-number verification at registration, no step-up confirmation on eCommerce checkout, and no OTP gate on sensitive portal actions or POS operations. Fraudulent signups, unverified mobile numbers, account-takeover on the customer portal, and unauthorized POS refunds or price overrides all slip through because Odoo has no channel to challenge the person on the other end. Adding a WhatsApp app-authenticator on top of TOTP does not solve this either — your customers don't run a TOTP app; they have a phone number.
WhatsApp OTP delivery via the WhatsApp Cloud API or a BSP (Twilio, 360dialog) using pre-approved message templates
SMS OTP fallback plus a priority-ordered multi-provider routing chain stored in an `otp.channel.config` model
OTP challenge injected into website login, `auth_signup`, and portal authentication controllers
Mobile-number verification at registration that stamps `partner.phone` / `mobile` as verified before the account activates
Step-up OTP confirmation on the eCommerce checkout confirmation step in `website_sale`
OWL POS confirmation screen for high-risk actions (refunds, price overrides, session close)
We build a dedicated Odoo module that delivers one-time passwords over WhatsApp (via the WhatsApp Cloud API or a BSP such as Twilio/360dialog) and SMS, then verifies them across every customer-facing surface. Technically, the module introduces its own otp.request and otp.channel.config models (models.Model) that store a hashed OTP, an issue timestamp, a configurable TTL, and an attempt counter, with @api.depends computes for is_expired and attempts_remaining. Provider credentials and routing rules live in encrypted ir.config_parameter records surfaced through a res.config.settings panel. The verification flows hook the website controllers (website_sale, portal, and auth_signup) so login, signup, and the checkout confirmation step raise an OTP challenge rendered in QWeb/OWL, and the POS is extended with a small OWL screen that confirms high-risk actions before they commit. A dedicated ir.actions.server / automated action re-sends or escalates when the primary channel fails.
Security and configurability are first-class. OTP TTL, code length, maximum retries, resend cool-down, and rate limits per phone number are all admin-configurable. Access is enforced with ir.model.access.csv plus record rules so an OTP request is only ever visible to the user or session that owns it, and every issue/verify/fail event is written to the chatter and to an audit log for compliance. Multi-provider fallback routing means if WhatsApp delivery fails or a number is not WhatsApp-reachable, the module automatically falls back to SMS (or a secondary provider) using a priority-ordered otp.channel.config chain, so a single provider outage never locks your customers out. All OTP dispatch is also exposed over Odoo's XML-RPC/JSON-RPC API so headless or mobile front-ends can trigger and verify the same flows. It works on Odoo Community and Enterprise across 17.0, 18.0, and 19.0 — we handle the version-specific controller and OWL differences.
Because this is a build-to-order engagement, nothing is a black-box download. We start with a short scoping call to map exactly which surfaces you want gated (website login, signup, checkout, portal actions, POS), your provider(s), your compliance needs, and your Odoo version and edition. We then build against a written scope, ship the module to a staging instance for UAT, and only go live once you've signed off. Typical delivery is 2–4 weeks from confirmed scope, and you receive the full source, a git repository handover, and a post-go-live support window.
Teams running Odoo website sales and POS who need to verify customer phone numbers at signup and add a WhatsApp/SMS OTP step at checkout and on POS refunds to cut fraud and chargebacks without adding friction for the person actually holding the phone.
Owners of account-security posture who need customer-facing 2FA beyond Odoo's backend TOTP, with configurable TTL and retry limits, per-number rate limiting, and a complete audit trail of every OTP issue and verification for compliance review.
The team maintaining the Odoo instance who want a supportable, well-documented module with clean `ir.model.access.csv` rules, encrypted provider credentials, and a git handover — not a fragile custom hack, and not an opaque marketplace binary.
Developers running a headless storefront or mobile app against Odoo who need to trigger and verify the same OTP flows over XML-RPC/JSON-RPC so authentication stays consistent across web, portal, POS, and custom front-ends.
Compre la licencia en ecosire.com y descargue el módulo ZIP WhatsApp OTP & Two-Factor Authentication for Odoo desde el panel de su cuenta.
Extraiga el ZIP en su carpeta de complementos personalizados de Odoo en el servidor (o cárguelo a través de Aplicaciones > Instalar desde archivo en Odoo.sh/runbot).
Active el modo de desarrollador, abra Aplicaciones, haga clic en Actualizar lista de aplicaciones, busque WhatsApp OTP & Two-Factor Authentication for Odoo y presione Instalar.
Abra el nuevo menú, pegue su clave de licencia de ECOSIRE, conecte cualquier credencial externa (Shopify, Amazon, Stripe, etc.) y guarde.
Ejecute la prueba de conexión integrada, sincronice sus primeros 10 registros y programe el cron recurrente. Póngase en contacto con el soporte si algo falla.
| Criterio | ECOSIRE | Construcción personalizada | Competidor | Odoo Nativo |
|---|---|---|---|---|
| Customer-facing OTP (login/signup/checkout) | Built into website, portal, and POS flows | Possible but you scope and build every hook yourself | Often login-only; checkout/POS coverage varies | |
| Delivery channels | WhatsApp + SMS with multi-provider fallback routing | Whatever you integrate; fallback rarely built | Usually a single fixed channel or provider | |
| Phone verification at registration | Verifies mobile before account activates | Buildable, adds scope and test effort | Sometimes; often bolt-on | |
| Configurability (TTL, retries, rate limits) | Admin-configurable via settings panel | Whatever you decide to expose | Fixed or limited options | |
| Security & audit | Hashed OTPs, record rules, full audit log | Depends entirely on developer discipline | Varies; audit trail often missing | |
| Odoo 17/18/19 + Community/Enterprise | Built and tested for your exact version/edition | You maintain version compatibility | Version support varies by listing | |
| Source code & ownership | Full source + git repo handover | You own it, and you maintain it | Often obfuscated or license-locked binary | |
| Support & upgrades | Post-go-live window + optional retainer | Internal team or none | Ticket queue, no scope guarantees |
Odoo's native 2FA is TOTP-based and protects internal backend user logins — it assumes the user runs an authenticator app. This module targets customer-facing surfaces (website login, signup, checkout, portal actions, POS) and delivers one-time passwords over WhatsApp and SMS to a phone number, which is what your customers actually have. The two are complementary and can run side by side.
This is a build-to-order module, not an instant download. Typical delivery is 2–4 weeks from confirmed scope. The timeline starts once we've agreed exactly which surfaces to gate, your provider(s), and your Odoo version and edition on the scoping call. Simpler scopes land faster; broad POS-plus-portal-plus-headless scopes sit at the upper end.
We build against the WhatsApp Cloud API directly or through a Business Solution Provider such as Twilio or 360dialog, and pair it with an SMS gateway of your choice for fallback. You bring your own provider account and credentials; we wire them in as encrypted config parameters and set up the pre-approved WhatsApp message templates. Tell us your preferred providers on the scoping call and we'll confirm fit.
Yes. Every engagement includes a post-go-live support window for defect fixes and configuration adjustments, plus the full source and a git repository handover so you're never locked in. Longer-term maintenance, Odoo version upgrades (e.g. moving from 18.0 to 19.0), and new gated surfaces are available as a follow-on support retainer.
It works on both. We build for Community or Enterprise on Odoo 17.0, 18.0, or 19.0 and handle the version-specific controller and OWL differences. Let us know your exact version and edition during scoping so we build and test against a matching instance.
Yes. OTPs are hashed (never stored in plaintext), TTL and retry limits are configurable, and per-number rate limiting blunts brute-force and flooding abuse. Multi-provider fallback routing means if WhatsApp delivery fails or a number isn't WhatsApp-reachable, the module automatically falls back to SMS or a secondary provider, so a single provider outage doesn't strand your customers.
Yes. The dispatch and verification logic is exposed over Odoo's XML-RPC/JSON-RPC API, so a custom front-end, mobile app, or middleware can trigger and verify the same OTPs that the website and POS use, keeping authentication consistent across every channel.
Send login, signup, checkout, and transaction OTPs over WhatsApp and SMS with verification flows for website, portal, and POS. A build-to-order Odoo module ECOSIRE scopes, builds, installs, and supports for your Odoo 17/18/19 instance.