πŸ’¬ MCP Server for Odoo : Product Description
πŸ’¬

MCP Server for Odoo : Product Description


The Model Context Protocol (MCP) is the open standard that AI assistants β€” such as Claude, Cursor, VS Code and Windsurf β€” use to connect securely to external systems and act on their data.

With the much. MCP Server module, you can seamlessly integrate Odoo with any MCP-capable AI assistant, establishing a governed, bi-directional channel between your Odoo environment and the assistant β€” so users can query and manage business data in natural language, while an administrator keeps precise control over what is reachable.

ℹ️ Info

AvailabilitiesOdoo.sh, Odoo On Premise
Odoo Versionsv16, v17, v18 and v19
ComponentsOdoo module mcp_server + mcp-server-odoo client (runs on the user's computer)

Table of Contents

How it works

The integration is delivered in two parts that work together:

  • The MCP Server module runs on your Odoo server. It provides the secure API endpoints (REST and MCP-aware XML-RPC), the per-model permission layer, the audit log, and the configuration screens inside Odoo.
  • The mcp-server-odoo client runs on each user's local computer, next to their AI assistant. It bridges the assistant to your Odoo instance over MCP.

Data flows directly between the user's machine and your Odoo server β€” it does not pass through a third-party MCP host. Every request is authenticated as a real Odoo user, so Odoo's own groups, record rules and access rights always apply, with the MCP permission layer adding a second, narrower gate on top.

Data retrieval : read processes


If your users need answers that live in Odoo β€” about customers, inventory, sales, finance, HR or projects β€” the assistant can retrieve them conversationally. Read access covers the following use-cases.

Searching and reading records

The assistant can query any MCP-enabled model with the following capabilities:

  • Search records with filters (Odoo domains), pagination and ordering
  • Read specific records and a chosen set of fields
  • Count records matching a filter
  • Group and aggregate records (read_group)
  • Name-search and name-get for relational lookups

The integration allows you to:

βœ… Search records with natural-language filters ("Spanish leads not contacted in 30 days")

βœ… Read individual records and selected fields on demand

βœ… Count, group and aggregate without building an Odoo report

βœ… Restrict reads to only the models an administrator has enabled

Discovering the data model

Before it can answer, an assistant needs to know what is available. Discovery exposes:

  • The list of MCP-enabled models (technical and display names)
  • The fields of a model and their types (fields_get)
  • Whether a model is enabled and which operations are allowed
  • System information: database name, Odoo version, language, timezone, MCP version

The integration allows you to:

βœ… List the models exposed to MCP

βœ… Inspect a model's fields and metadata

βœ… Check per-model access and allowed operations before acting

βœ… Validate the connection and API key through dedicated endpoints

Data management : write processes


Where an administrator has granted it, the assistant can also maintain data β€” creating contacts, updating orders, logging tasks. Every write operation is gated per model and per operation.

Creating records

Creation covers the following operations:

  • Create a new record with supplied values
  • Duplicate an existing record (copy)
  • Create by name (name_create) for quick relational entries

The integration allows you to:

βœ… Create new records (contacts, products, orders, tasks…) when Allow Create is enabled

βœ… Duplicate existing records to speed up data entry

βœ… Prevent creation entirely on any model β€” off by default

Updating records

Updates cover the following operations:

  • Write new values to existing records
  • Archive and unarchive records (toggle_active, action_archive, action_unarchive)

The integration allows you to:

βœ… Update field values on existing records when Allow Update is enabled

βœ… Archive or restore records conversationally

βœ… Keep updates off by default, opting in per model

Deleting and archiving records

Deletion covers the following operations:

  • Delete records permanently (unlink, action_delete)

The integration allows you to:

βœ… Delete records β€” for example clean up test data β€” only when Allow Delete is enabled

βœ… Prefer archiving over deletion by exposing only update rights

βœ… Block deletion entirely, which is the default for every model

Posting messages

The assistant can add to a record's chatter:

  • Post a message on a record (message_post)

The integration allows you to:

βœ… Log notes and messages on records (treated as an update operation)

βœ… Keep an activity trail of assistant-driven changes

Governance, security and administration


The integration is designed so that AI access is narrow, governed and audited. Administrators control everything from inside Odoo.

Enabling models and permissions

Access is defined per model, one row per exposed model, with four independent operation toggles:

  • Model, Active flag
  • Allow Read, Allow Create, Allow Update, Allow Delete
  • Free-text notes

The integration allows you to:

βœ… Expose exactly the models you choose β€” anything not listed is invisible to MCP

βœ… Grant operations independently per model (read-only by default)

βœ… Enable many models at once with a bulk selection wizard

βœ… Disable a model temporarily without deleting its configuration

Authentication

Every request (except the health check) is authenticated as a real Odoo user:

  • Per-user API key via the X-API-Key header (recommended for AI clients)
  • Existing Odoo session cookie as a fallback
  • Rejection with a clear error when neither is valid

The integration allows you to:

βœ… Authenticate assistants with per-user API keys

βœ… Tie every action to an Odoo user, so native permissions and the audit log stay meaningful

βœ… Revoke access instantly by removing a key or group membership

Global access control and rate limiting

Administrators hold two system-wide safeguards:

  • A master switch that enables or disables all MCP access at once
  • A configurable request limit per user per minute

The integration allows you to:

βœ… Turn all MCP access on or off with a single switch (an emergency stop)

βœ… Cap requests per user per minute to prevent abuse or runaway agents

βœ… Allow unlimited requests where appropriate, or enforce a fair-usage ceiling

Audit logging and retention

All MCP activity can be recorded and reviewed inside Odoo:

  • Authentication successes and failures, model access, permission denials, errors and rate-limit hits
  • Request/response details, user, IP address, endpoint, operation and duration

The integration allows you to:

βœ… Log every MCP event for security auditing and troubleshooting

βœ… Review activity inside Odoo, filtered by event type, user or date

βœ… Automatically purge old logs through a scheduled cleanup job that honours your retention policy

For installation, configuration and day-to-day usage, see the MCP Server User Documentation.