I am trying to build a custom integration between *Salesforce and Odoo 16 Enterprise* using a custom module and *API key-based authentication*. What I’ve Done: Created a custom module with a @http.route('/sf/get_products', auth='api_key', type='json', methods=['POST'], csrf=False) Created a boolean field sfcost on product categories, used to filter products returned in the response Generated an API key from an *Internal User* (with Inventory/User access) Set auth_api_key = True in odoo.conf

Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:

CRM
e-Commerce
Akuntansi
Inventaris
PoS
Project
MRP

All apps

Semua Post Orang Lencana-Lencana

Label (Lihat semua)

odoo accounting v14 pos v15

Mengenai forum ini

Help

Fetch data from Odoo 16 E to Salesforce using API

javascript

1 Balas

1909 Tampilan

D. PARMAR

I am trying to build a custom integration between Salesforce and Odoo 16 Enterprise using a custom module and API key-based authentication.

What I’ve Done:

Created a custom module with a @http.route('/sf/get_products', auth='api_key', type='json', methods=['POST'], csrf=False)
Created a boolean field sfcost on product categories, used to filter products returned in the response
Generated an API key from an Internal User (with Inventory/User access)
Set auth_api_key = True in odoo.conf
Restarted the Odoo service fully

Problem:

Despite all correct headers and method (Authorization: Bearer <key>, Content-Type: application/json, POST), Odoo always returns: odoo.exceptions.AccessDenied: Access Denied

I even created a test route /sf/ping to just return the user name and still get AccessDenied.

Christoph Farnleitner

Can you elaborate on auth='api_key' since that's not actually a thing

D Enterprise

hii,

Enable API Key Authentication in odoo.conf

You're correct to set:
auth_api_key = True

Make sure it is not commented out, and Odoo has been restarted after this change.

Use the Correct HTTP Header

For auth='api_key', Odoo expects the header exactly like this:
Authorization: Bearer <API_KEY>

API Key Must Belong to a User with Correct Group Access

You mentioned the user has Inventory / User access. That’s good for product data. But make sure this user also has access to "Technical Features" or is in the group that can access the endpoint logic (e.g., if your route does ORM queries).

Also:

Check that the API key was generated for an Internal user, not a portal or public user.
Confirm the key is still active and tied to the right user.

This is case-sensitive, and no extra space or typo is tolerated.

Test with a minimal route:
@http.route('/sf/ping', auth='api_key', type='json', methods=['POST'], csrf=False)

def ping(self, **kwargs):

return {"user": request.env.user.name}

Test with curl:
curl -X POST https://yourdomain.com/sf/ping \

-H "Authorization: Bearer <your_api_key>" \

-H "Content-Type: application/json" \

-d '{}'

Menikmati diskusi? Jangan hanya membaca, ikuti!

Buat akun sekarang untuk menikmati fitur eksklufi dan agar terlibat dengan komunitas kami!

Daftar

Post Terkait	Replies	Tampilan
Error While Installing Accounting Module in Odoo 19 Enterprise (Works on Another PC) javascript	0 Nov 25	195
Cannot import @website_sale/js/utils javascript	2 Nov 25	679
Cómo cerrar una transferencia interna al recibirla desde la vista de código de barras stock.picking javascript	0 Jul 25	1166
Why use the Lazy Translation function _lt() javascript	1 Jul 25	6488
How to use ReactJS and Next.js to build a fully customizable, open-source headless frontend for Odoo javascript	0 Jul 25	2301

Pertanyaan ini telah diberikan tanda