We can extend Odoo internally by using modules. But Many of its features and all of the data are available from the outside for analysis and integration .
By using XML RPC web service we can connect to a odoo database, and access all of its data.
While connecting to a odoo database using XML-RPC normally we will be providing username and password for authentication.
There is a new feature called ‘Developer API Keys’ introduced in odoo14, where we can generate API keys and can be used for authentication purposes.
Using this API key you can’t log in to the odoo from the user interface, but you can use this API key inside a webservice like XML-RPC.
Instead of using a password in XML-RPC we can use this API key for authentication.
A user can generate any number of keys based on its purpose, and also delete keys if it is no longer needed.
Let us see how to generate this API keys in Odoo:
For generating key, go to your Preferences (or My Profile)
In the Account Security tab you can find a section Developer API Keys
Click on NEW API KEY to generate a key. It will ask to confirm your password, enter your password and click CONFIRM PASSWORD.
After that you need to enter the description for the key, the description must be as clear and complete as possible. This description is used to identify the key later, there is no other way to identify the key, for what purpose that key is created. So try to give clear description so you can decide whether this key needs to be deleted or not.
By clicking GENERATE KEY, the API key will be generated
You need to store this key securely, because it will not show up again and we can’t retrieve it later if we lost the key.
This key provides full access to your user account. You can use it instead of a password for RPC access. Remember cannot be used for logged in from UI
All the generated API keys will be listed under the Developer API Keys section. There you can delete the key if no longer is needed. Once the key is deleted we can't undo or reset that key, it will be permanently deleted.
Similarly a user can generate as much API Keys as they want.
Lets see the usage of a generated API key in XML RPC
This is a sample python file which connects to the odoo database using XML RPC.
It simply authenticates the given user, if authentication was successful a user id will be returned and the corresponding message will be printed, if authentication failed, a failed message will be printed.
Odoo running url, database name, username and passwords are given. Generally the user password will be given for authentication, here instead for user password the generated API key is given.
Let’s run this file
By using the API key the user successfully authenticated. If we entered a wrong API Key authentication will be a failure.
If I run this after deleting that API key in odoo, authentication will fail because that key no longer exists.
Similarly a user can generate any number of keys and use it for RPC access.