Skip ke Konten
Pertanyaan ini telah diberikan tanda
authenticationapi
2 Replies
1196 Tampilan
Avatar
Martin

We'd like to develop a mobile app linked to a Odoo (19). Our goal is to use the JSON API, both because it seems to be the way of the future and also because we're more familiar with that kind of tech.


We have something that we can't figure out. Our goal is to have our end user to identify with their login/password in the app, and then use their credential to use the API (for example to retrieve their current holidays).

Issue: this works only using the API key, which cannot be generated from an endpoint - even with the user's password.

What's the current advice/strategy in this case? We could have a technical user with high access and use it everywhere but it looks extremely dangerous and actually not practical (I want to retrieve the current user's holiday, not all of them, etc).


People here making mobile apps, how are you interacting with the new API?

Avatar
Buang
Martin
Penulis

Thanks - I get the idea but your example is using the jsonrpc api - I don't see any way to use this "with_user "on the json2 ("rest") one.

Avatar
Cybrosys Techno Solutions Pvt.Ltd
Jawaban Terbai
Hi,

You're encountering a frequent issue when integrating Odoo 19 JSON-RPC API with mobile app user authentication. Since API keys are not suitable for individual mobile users authenticating with personal credentials, the correct solution is session-based authentication.
Why session-based authentication is ideal for mobile apps

    Users log in using their own username and password

    User context is automatically applied (no need to pass user ID manually)

    Access rights, record rules, and ACLs are enforced correctly

    No need to generate or maintain API keys for each user

Authenticate from the mobile app

Send a POST request to the Odoo session authentication endpoint:

POST https://your-odoo-instance.com/web/session/authenticate

Content-Type: application/json

Request payload:

{
    "jsonrpc": "2.0",
    "params": {
        "db": "your_database",
        "login": "user@example.com",
        "password": "user_password"
    }
}

If authentication succeeds:

    Odoo returns session_id

    The session_id is also set in response cookies

Store session_id securely in your mobile app

Use platform-specific secure storage:
Create a custom authenticated API endpoint in Odoo

In your custom Odoo module, define a controller with auth="user":

from odoo import http

class MobileHolidaysController(http.Controller):

    @http.route('/api/mobile/my/holidays', type='json', auth='user')
    def get_my_holidays(self, **kwargs):
        # Business logic goes here
        return {
            "status": "success",
            "message": "Authenticated successfully",
            "data": {}  # Replace with your actual holiday records
        }
Call the endpoint from the mobile app

Include the stored session_id in cookies for all requests:

POST https://your-odoo-instance.com/api/mobile/my/holidays

Cookie: session_id=your_stored_session_id
Content-Type: application/json

Payload:

{
    "jsonrpc": "2.0",
    "params": {}
}


Hope it helps

Avatar
Buang
Avatar
Ray Carnes (ray)
Jawaban Terbai

with_user might be helpful here

self.env['hr.leave'].with_user(mobile_user).search([])

https://www.odoo.com/forum/help-1/what-is-the-purpose-of-with-user-means-what-is-the-advantage-of-using-it-189340

Avatar
Buang
Post Terkait Replies Tampilan Aktivitas
How i can auth my user to access odoo with API Key or Access Token? Diselesaikan
authentication api
Avatar
Avatar
Avatar
Avatar
4
Agu 24
46103
Error when trying to authenticate through API (v14) Diselesaikan
authentication api
Avatar
Avatar
Avatar
Avatar
Avatar
5
Des 20
12304
Question about how to authentication using api key Diselesaikan
authentication api api-key
Avatar
Avatar
1
Sep 25
6941
API authentication not working with API key
authentication api api-key
Avatar
0
Jan 24
4877
How to authenticate users from res.users model in laradoo package
authentication api odoo
Avatar
0
Jul 21
4727