Keeping API login details safe

Updated 11 June 2026

Treat Corporate ID, username, and password like keys to your building-not like a normal app preference.

Overview

The eTimeOffice fields on Odoo’s settings screen are the same credentials eTimeOffice gave you so automated systems can download punch data. Anyone who can change them can also break sync for the whole company or, in the worst case, misuse access if they copied the values outside Odoo.

How it works

Only people in the eTimeOffice Administrator group should open the integration block routinely. Odoo stores the values as system parameters; they are not meant to be emailed around in spreadsheets. When someone with HR admin rights leaves the company, rotate the eTimeOffice API password with your vendor, then update Odoo the same day.

Step-by-step guide

Fields table

Field explanations

Corporate ID

Not a “display only” field; it is part of what proves who you are to the API. Store it only in Odoo and your secure password manager, not in chat logs.

Username

Prefer a dedicated API user from eTimeOffice instead of a person’s daily web login, so you can rotate or disable it without locking someone out of their mailbox.

Password

The secret for that API user. Changing it at eTimeOffice without updating Odoo breaks every sync until both sides match again.

Active (integration)

Stops scheduled and manual pulls from running, but does not erase saved credentials-anyone with settings access can still read them, so group membership still matters.

Watch out: Screen sharing or training recordings: blur the eTimeOffice block before recording, because passwords can appear in replay even if typed quickly.

Common mistakes

Image

Keeping API login details safe