Decide exactly which Odoo apps, data types, and fields each AI key can reach – and from which locations.
Overview
Giving an AI tool an API key does not mean it can see your entire Odoo system. You layer three types of control on top of the linked Odoo user’s normal permissions:
- App Access – limit the key to specific installed Odoo apps (Sales, Inventory, Accounting, etc.)
- Model Access – control read, create, update, and delete rights per data type, plus field and record filters
- IP Rules – restrict which network locations can use the key
Together, these let you safely let AI read customer names without touching payroll, or update products without deleting invoices.
How It Works
When AI makes a request, Odoo checks rules in this order:
- Is the key active and not expired?
- Is the request coming from an allowed IP (and not on the deny list)?
- Does the linked Odoo user have permission for this action?
- Is the data type (model) allowed for this key?
- Are only permitted fields being read or written?
- Does the record match any domain filter?
If any check fails, the request is blocked and recorded as an error in the audit log.
App Access and Model Access are configured on each API key form, under their own tabs.
Step-by-Step Guide
Restrict by Odoo App
- Open an API key and go to the App Access tab.
- Click Add a line and pick an installed Odoo app (e.g. Sales, CRM, Inventory).
- Add more apps as needed. Only data from these apps will be reachable.
- Save the key. Test with Run API Test to confirm access works.
Restrict by Data Type (Model)
- On the same API key, open the Model Access tab.
- Add a line and select a data type (e.g. Customer, Sales Order, Product).
- Check the actions allowed: Read, Create, Write, Delete.
- Optionally fill Field Allowlist with comma-separated field names (e.g.
name, email, phone). - Optionally add a Domain Filter to limit which records apply (e.g. only draft orders).
- Save and test.
Restrict by IP Address
- On the main key form, scroll to IP Allowlist or IP Denylist.
- Enter one IP address or range per line (e.g.
192.168.1.0/24for your office network). - Save. Requests from other locations will be rejected.
Fields Table – App Access
| Field Name | Description | Example |
|---|---|---|
Odoo App / Module |
Which installed app this key may access |
Sales (sale_management) |
Module Name |
Technical name shown automatically |
sale_management |
Fields Table – Model Access
| Field Name | Description | Example |
|---|---|---|
Model |
The data type being controlled |
Customer (res.partner) |
Active |
Turn off a rule without deleting it |
Checked |
Allow Read |
AI can view records of this type |
Yes |
Allow Create |
AI can create new records |
No |
Allow Write |
AI can update existing records |
No |
Allow Delete |
AI can remove records |
No |
Field Allowlist |
Only these fields can be read or written |
name, email, phone, city |
Domain Filter |
Only records matching this condition |
Only companies: is_company = true |
Fields Table – IP Rules (on API Key)
| Field Name | Description | Example |
|---|---|---|
IP Allowlist |
Only these IPs may use the key (empty = all allowed) |
203.0.113.0/24 |
IP Denylist |
These IPs are always blocked |
198.51.100.99 |
Field Explanations
Odoo App / Module
Groups data by the Odoo app that owns it. Restricting to “Sales” means AI can work with sales-related data but not accounting or HR – even if the user could normally see those apps.
Module Name
The internal identifier for the app. You usually do not need to change this – it fills in automatically when you pick an app.
Model
A specific kind of record in Odoo – customers, products, invoices, etc. Use this for precise control when app-level access is too broad.
Allow Read / Create / Write / Delete
Four separate switches. For read-only AI assistants, enable only Read. For automation that creates leads, enable Read and Create but leave Delete off.
Field Allowlist
Comma-separated list of field names. If empty, all fields the user can normally see are allowed. If filled, AI can only touch those fields – great for hiding salary or cost data.
Domain Filter
A condition that limits which records count. Example: only show orders in “Draft” state. Ask your Odoo partner if you need help writing filters.
IP Allowlist
Extra network security. Useful when your AI tool runs from a fixed office IP or VPN. One address or CIDR range per line.
IP Denylist
Checked before the allowlist. Block a suspicious IP immediately without changing allowlist rules.
Tips
- Start with read-only access (Read checked, Create/Write/Delete off) for new AI integrations. Add write access only after you trust the workflow.
- Combine App Access (broad) with Model Access (precise). App Access limits scope; Model Access fine-tunes actions within that scope.
- If no App Access or Model Access lines exist, the key follows only the linked Odoo user’s normal permissions – which may be wider than you expect.
Common Mistakes
- Allowing Delete on sensitive data: AI can misinterpret instructions. Keep Delete disabled unless you have a specific, tested use case.
- Empty field allowlist on HR or payroll data: Without a field list, AI may expose fields like salary or bank details. Always whitelist safe fields for sensitive models.
- IP allowlist on cloud AI tools: Services like Claude use changing cloud IPs. IP allowlists work best for self-hosted AI or fixed VPN endpoints, not public SaaS tools.