I am trying to build a custom integration between *Salesforce and Odoo 16 Enterprise* using a custom module and *API key-based authentication*. What I’ve Done: Created a custom module with a @http.route('/sf/get_products', auth='api_key', type='json', methods=['POST'], csrf=False) Created a boolean field sfcost on product categories, used to filter products returned in the response Generated an API key from an *Internal User* (with Inventory/User access) Set auth_api_key = True in odoo.conf

Fetch data from Odoo 16 E to Salesforce using API

Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:

CRM
e-Commerce
Účetnictví
Sklad
PoS
Project
MRP

All apps

All Posts Lidé Odznaky

Štítky (View all)

odoo accounting v14 pos v15

O tomto fóru

Pomoc

Fetch data from Odoo 16 E to Salesforce using API

javascript

1 Odpovědět

682 Zobrazení

D. PARMAR

I am trying to build a custom integration between Salesforce and Odoo 16 Enterprise using a custom module and API key-based authentication.

What I’ve Done:

Created a custom module with a @http.route('/sf/get_products', auth='api_key', type='json', methods=['POST'], csrf=False)
Created a boolean field sfcost on product categories, used to filter products returned in the response
Generated an API key from an Internal User (with Inventory/User access)
Set auth_api_key = True in odoo.conf
Restarted the Odoo service fully

Problem:

Despite all correct headers and method (Authorization: Bearer <key>, Content-Type: application/json, POST), Odoo always returns: odoo.exceptions.AccessDenied: Access Denied

I even created a test route /sf/ping to just return the user name and still get AccessDenied.

Christoph Farnleitner

Can you elaborate on auth='api_key' since that's not actually a thing

Desk Enterprise

hii,

Enable API Key Authentication in odoo.conf

You're correct to set:
auth_api_key = True

Make sure it is not commented out, and Odoo has been restarted after this change.

Use the Correct HTTP Header

For auth='api_key', Odoo expects the header exactly like this:
Authorization: Bearer <API_KEY>

API Key Must Belong to a User with Correct Group Access

You mentioned the user has Inventory / User access. That’s good for product data. But make sure this user also has access to "Technical Features" or is in the group that can access the endpoint logic (e.g., if your route does ORM queries).

Also:

Check that the API key was generated for an Internal user, not a portal or public user.
Confirm the key is still active and tied to the right user.

This is case-sensitive, and no extra space or typo is tolerated.

Test with a minimal route:
@http.route('/sf/ping', auth='api_key', type='json', methods=['POST'], csrf=False)

def ping(self, **kwargs):

return {"user": request.env.user.name}

Test with curl:
curl -X POST https://yourdomain.com/sf/ping \

-H "Authorization: Bearer <your_api_key>" \

-H "Content-Type: application/json" \

-d '{}'

Enjoying the discussion? Don't just read, join in!

Create an account today to enjoy exclusive features and engage with our awesome community!

Přihlásit se

Related Posts	Odpovědi	Zobrazení
Odoo 18 custom event(s) within a JavaScript form controller javascript	0 čvn 25	398
How to use multi label switching interface in Odoo Vyřešeno javascript	1 čvn 25	670
Error: Missing type for doActionButton request javascript	1 kvě 25	1235
My website is still not indexing properly despite implementing all recommended changes in Odoo, including modifying the head code and updating the Robots.txt file. It has been several days, yet the issue persists. javascript	0 bře 25	727
Caused by: TypeError: Cannot read properties of undefined (reading 'name') javascript	1 pro 24	3794

This question has been flagged