I am trying to build a custom integration between *Salesforce and Odoo 16 Enterprise* using a custom module and *API key-based authentication*. What I’ve Done: Created a custom module with a @http.route('/sf/get_products', auth='api_key', type='json', methods=['POST'], csrf=False) Created a boolean field sfcost on product categories, used to filter products returned in the response Generated an API key from an *Internal User* (with Inventory/User access) Set auth_api_key = True in odoo.conf

Fetch data from Odoo 16 E to Salesforce using API

Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:

CRM
e-Commerce
Boekhouding
Voorraad
PoS
Project
MRP

All apps

Alle posts Personen Badges

Labels (Bekijk alle)

odoo accounting v14 pos v15

Over dit forum

Help

Fetch data from Odoo 16 E to Salesforce using API

javascript

1 Beantwoorden

571 Weergaven

D. PARMAR

I am trying to build a custom integration between Salesforce and Odoo 16 Enterprise using a custom module and API key-based authentication.

What I’ve Done:

Created a custom module with a @http.route('/sf/get_products', auth='api_key', type='json', methods=['POST'], csrf=False)
Created a boolean field sfcost on product categories, used to filter products returned in the response
Generated an API key from an Internal User (with Inventory/User access)
Set auth_api_key = True in odoo.conf
Restarted the Odoo service fully

Problem:

Despite all correct headers and method (Authorization: Bearer <key>, Content-Type: application/json, POST), Odoo always returns: odoo.exceptions.AccessDenied: Access Denied

I even created a test route /sf/ping to just return the user name and still get AccessDenied.

Christoph Farnleitner

Can you elaborate on auth='api_key' since that's not actually a thing

Desk Enterprise

hii,

Enable API Key Authentication in odoo.conf

You're correct to set:
auth_api_key = True

Make sure it is not commented out, and Odoo has been restarted after this change.

Use the Correct HTTP Header

For auth='api_key', Odoo expects the header exactly like this:
Authorization: Bearer <API_KEY>

API Key Must Belong to a User with Correct Group Access

You mentioned the user has Inventory / User access. That’s good for product data. But make sure this user also has access to "Technical Features" or is in the group that can access the endpoint logic (e.g., if your route does ORM queries).

Also:

Check that the API key was generated for an Internal user, not a portal or public user.
Confirm the key is still active and tied to the right user.

This is case-sensitive, and no extra space or typo is tolerated.

Test with a minimal route:
@http.route('/sf/ping', auth='api_key', type='json', methods=['POST'], csrf=False)

def ping(self, **kwargs):

return {"user": request.env.user.name}

Test with curl:
curl -X POST https://yourdomain.com/sf/ping \

-H "Authorization: Bearer <your_api_key>" \

-H "Content-Type: application/json" \

-d '{}'

Geniet je van het gesprek? Blijf niet alleen lezen, doe ook mee!

Maak vandaag nog een account aan om te profiteren van exclusieve functies en deel uit te maken van onze geweldige community!

Aanmelden

Gerelateerde posts	Antwoorden	Weergaven
Odoo 18 custom event(s) within a JavaScript form controller javascript	0 jun. 25	279
How to use multi label switching interface in Odoo Opgelost javascript	1 jun. 25	584
Error: Missing type for doActionButton request javascript	1 mei 25	1147
My website is still not indexing properly despite implementing all recommended changes in Odoo, including modifying the head code and updating the Robots.txt file. It has been several days, yet the issue persists. javascript	0 mrt. 25	665
Caused by: TypeError: Cannot read properties of undefined (reading 'name') javascript	1 dec. 24	3643

Deze vraag is gerapporteerd