When trying to connect to the Odoo API from an external system, the request fails with 403 Forbidden, even though the API token is valid and the user has full access rights to the intended models. The same operation works correctly inside the Odoo backend, but any external call through JSON-RPC or REST returns 403, suggesting an access restriction rather than an authentication failure. I have already verified the token, endpoint URL, database name, and user permissions, and also tested from different networks and tools like Postman, but the result is the same. No errors appear in Odoo logs except the 403 response. This raises the question of whether the issue is related to record rules, CORS settings, firewall/proxy, rate-limit security settings, or a configuration change after an update. I’m looking for guidance on why Odoo rejects external API calls with 403 and how to correctly allow external systems to access the API.