Is the odoo API security enough for online payment transactions?
I am a beginner in Odoo and security. I have read the odoo documentation about security:
The authentication itself is done through the authenticate function and returns a user identifier (uid) used in authenticated calls instead of the login.
The second endpoint is xmlrpc/2/object, is used to call methods of odoo models via the execute_kw RPC function. Each call to execute_kw takes the following parameters: the database to use, a string the user id (retrieved through authenticate), an integer the user’s password, a string ...
Also, I am reading about industry-standard protocol such as OpenID Connect for authorizing API calls.
I would like to know if I should use one of these protocols like OpenID with Keycloak server or I should trust in Odoo security itself for online payment transactions.