Claude · ChatGPT · Gemini · Cursor · n8n

AI MCP Server for Odoo

Connect Claude, ChatGPT, Cursor, or any MCP client to live Odoo data. Expose only the apps you approve, run every call as a chosen user, and audit everything from inside Odoo.

Buy now · $119 Book a demo

One-time $119. No subscription.

Native /mcp endpointApp-based access bundlesExecution-user controlFull audit trail

Why this exists

AI without limits is a liability. Odoo without context is hard to read.

Two problems sit between Odoo and a useful AI assistant. A raw connection hands a model far more reach than anyone wants, and the data it finds is spread across dozens of technical models. The MCP Server closes both gaps. It gives clients a discoverable map of your instance and caps what they can touch from three directions at once.

Business language, real models

Customers, vendors, RFQs, invoices, transfers, and opportunities map to the models behind them. The server ships a glossary, model guidance, and prompts so the AI knows an invoice means account.move and an RFQ means purchase.order.

Access capped from three sides

Final reach is the intersection of Odoo ACLs, the execution user, and the access bundle. You decide exactly what clients can read, create, update, or delete. Nothing is left to chance.

Built for administrators

Pick apps like Inventory, Sales, Purchase, CRM, and Accounting. The server computes the matching models for you. Fine-tune by model name only when a workflow needs it.

Odoo-native control center

Turn MCP on. Control everything from Odoo.

Enable the server, generate a bearer token, choose allowed origins, pick the execution user, copy a client config, set rate limits and IP allowlists, manage log retention, and write an instance playbook for your business rules.

Odoo MCP server settings panel showing the execution user, bearer token, allowed origins, and rate limits

OAuth-first endpoint

A native /mcp endpoint with OAuth 2.1 and PKCE, protected-resource metadata, dynamic client registration, short-lived tokens, and a bearer-token fallback.

Execution user

Every MCP tool call runs as the internal Odoo user you select, so permissions stay predictable and traceable.

Allowed origins and IPs

Restrict browser origins and client IP addresses for safer hosted access from remote AI clients.

Instance playbook

Describe your custom rules, modules, field meanings, naming conventions, and approval flows so the AI reads your instance correctly.

Access bundles

Expose apps, not your whole database.

Choose the business apps an AI client should see and the server computes the matching Odoo models. Add include models for a special workflow. Add exclude models for anything that must stay hidden, even when it matches an app.

InventorySalesPurchaseCRMAccountingWebsiteProjectManufacturingHelpdeskHRContacts

Odoo MCP access bundle configuration selecting business apps like Inventory, Sales, and Purchase

Manual include and exclude model controls for the Odoo MCP server

Include and exclude models

Add a one-off model when a workflow needs it. Exclude a risky or irrelevant model even if it matches an app pattern.

Odoo MCP access bundles showing how many models each bundle exposes

See model counts before you connect

Check which bundles are active, how many models each one matches, and whether access is broad enough for the workflow you have in mind.

Permission engine

Read-only by default. CRUD only when allowed.

This is not a blind gateway. Create, write, and delete tools show up only when the execution user, Odoo ACLs, and the bundle preset all agree on the operation.

Odoo ACLs

Normal Odoo user permissions and record rules still apply. The server never goes around them.

Execution user cap

The selected user carries read, write, create, and delete flags. Tools cannot exceed them.

Bundle cap

Each access bundle adds its own permission preset on top, per app and per model.

Final MCP tools

The client sees only the tools that survive every cap. Nothing more.

Permission presets per bundle

No accessRead onlyRead + writeRead + write + createFull CRUDCustom

MCP tools exposed to AI

Useful tools, not unlimited power.

The server exposes discovery tools, record tools, prompts, and resources. What a client actually sees depends on the permissions that survive every cap.

Discovery tools

Understand before acting

Health, diagnostics, system info, instance guide, exposed model list, semantic glossary, question resolver, search, and fetch.

odoo_diagnostics

odoo_instance_guide

odoo_list_models

odoo_resolve_question

odoo_semantic_glossary

Record tools

Read and act on records

Search records, read by ID, browse with pagination, count, inspect fields, then create, write, and delete when your permissions allow it.

odoo_search / odoo_read

odoo_browse / odoo_count

odoo_create / odoo_write

odoo_delete

create_res_partner_contact

Prompts and resources

Built-in guidance for clients

Clients read Odoo resources and use prompt templates for safe reads, safe updates, inventory checks, and sales-assistant workflows.

odoo://guide

odoo://models

odoo://health

odoo://diagnostics

safe_odoo_read / safe_odoo_update

Odoo semantic layer

The AI reads Odoo words, not just table names.

A business glossary and model hints let questions like “overdue invoices”, “open RFQs”, “internal transfers”, and “stale opportunities” land on the right models.

ChatGPT returning an answer from live Odoo data resolved through the MCP semantic glossary

Business glossary

Customer, vendor, and contact resolve to res.partner. Invoice and bill resolve to account.move. RFQ resolves to purchase.order. Transfer resolves to stock.picking.

Instance playbook

Add your own business rules, custom modules, field meanings, naming conventions, and approval flows so answers match how your team works.

Question resolver

Plain-language questions resolve into likely models, fields, domains, ordering, and notes on anything ambiguous before the AI runs a query.

Model guidance

Per-model business terms, prompt hints, cache settings, and safe field metadata help clients work with fewer mistakes.

Connect your AI clients

One Odoo server, many AI clients.

Use the same governed layer from Claude, ChatGPT, Gemini CLI, Cursor, Claude Code, n8n, LangChain, and crewAI. Remote HTTP for hosted Odoo, a local STDIO bridge for development.

Connect ChatGPT to Odoo

Paste the endpoint, sign in through OAuth, and ask real Odoo questions as your chosen execution user.

Connect Claude to Odoo

Use Claude against the same permissioned endpoint, resources, prompts, and model restrictions.

Copy config from Odoo

Remote config or local STDIO bridge

Generate a remote config for hosted Odoo, or a local STDIO bridge config for development on your own machine.

cursor_mcp.json

{

"mcpServers": {

"niyu-odoo": {

"url": "https://your-odoo.com/mcp",

"headers": {"Authorization": "Bearer TOKEN" }

}

Authentication and endpoint setup

Clear endpoint, OAuth metadata, and a token fallback make the first connection from any client straightforward.

Diagnostics, audit, and hardening

Know what is exposed. Know what happened.

Health checks report the enabled state, auth mode, execution user, and exposed model count. The audit log records the user, model, operation, record IDs, status, IP, duration, and timestamp for every call.

Health and diagnostics

Check the enabled state, auth mode, bearer token, execution user, exposed model count, origin restrictions, and client configs in one place.

Odoo MCP server audit log listing every tool call with user, model, operation, and status

Audit every tool call

Track the user, model, operation, method, record IDs, request data, status, error message, IP, user agent, duration, and timestamp. Successful, denied, and failed calls all land here.

Sensitive-field filtering

Passwords, tokens, API keys, secrets, sessions, OTP fields, and payment- or bank-account-like fields are blocked from exposure.

No blind all-field reads

Reading __all__ fields is blocked. Clients request explicit fields or use safe defaults, so nothing leaks by accident.

Forced-domain enforcement

Forced domains apply to both reads and mutations, so scoped access stays scoped even when a client asks for more.

Rate limits and IP allowlist

Cap requests per minute and restrict clients by IP address whenever a deployment calls for it.

Real Odoo questions

Let AI work with the ERP without opening the whole ERP.

Here is what teams can ask once the right apps, models, and permissions are exposed.

Sales

Show quotations older than 14 days.
Which customers have open follow-ups?
Draft a note on this opportunity.

Inventory

Check stock by warehouse.
Find pending receipts.
Explain the stock moves for this product.

Accounting

List overdue invoices.
Find unpaid vendor bills.
Summarize invoices by customer.

Purchase

Show open RFQs.
Find purchases from this vendor.
Create a draft vendor contact.

OAuth-ready remote MCP

Real connector login, not token copy-paste.

OAuth-capable clients discover the authorization server, open an Odoo login and consent screen, receive short-lived scoped tokens, refresh them safely, and call the same governed tools.

Live ERP from anywhere

Open Claude on your phone. Ask Odoo. Get the answer.

Check unpaid invoices, stock availability, recent orders, or pipeline from your phone. The answer comes from live Odoo data, bounded by access bundles, allowed fields, forced domains, rate limits, and audit logs.

Questions teams ask before buying

Does this work only with ChatGPT?+

No. It speaks the Model Context Protocol, so any MCP client connects: Claude, ChatGPT, Gemini CLI, Cursor, Claude Code, n8n, LangChain, crewAI, and VS Code. The same governed endpoint serves all of them.

Can it create, update, or delete Odoo records?+

Yes, when you allow it. Every new install is read-only. Write, create, and delete tools appear only when the execution user, Odoo's own access rights, and the access bundle all permit the operation.

Do admins need to know technical model names?+

No. You pick business apps such as Inventory, Sales, Purchase, CRM, and Accounting, and the module maps them to the right models. Drop to names like sale.order or stock.picking only when you want to fine-tune.

What stops the AI from reaching everything?+

Several limits stack. The execution user's permissions, the assigned bundle, Odoo ACLs and record rules, sensitive-field filtering, excluded models, allowed origins, IP allowlists, and a full audit log. Anything outside those bounds never reaches the client.

Does it support Cursor and Claude Code?+

Yes. Copy a remote MCP config with OAuth metadata straight from Odoo, or use the local STDIO bridge config for development and localhost instances.

Can it call arbitrary Odoo methods?+

The generic method-call endpoint stays off by default. Production workflows use explicit MCP tools and the model permissions you approve, so nothing runs that you have not allowed.

The rest of the AI layer for Odoo

The MCP server pairs well with the rest of what we build for Odoo teams.

Smart Stock

AI Demand Forecasting

Forecast demand from your Odoo sales history and get reorder recommendations before you stock out.

Learn more→AI Services

Custom AI for Odoo

Need a tailored agent, pipeline, or integration? Our team builds AI solutions on top of your Odoo instance.

Learn more→AI Analyst

Ask Odoo in Plain English

A chat analyst that answers questions over your Odoo data without writing SQL.

Learn more→

Make Odoo AI-ready, permission-safe, and auditable.

A native MCP endpoint, OAuth and bearer auth, execution-user control, app-based access bundles, safe CRUD permissions, a semantic glossary, diagnostics, and a full audit trail. One MCP layer for Odoo teams, a one-time $119.

$119one-time

Paid module

Buy now· $119 Book a demo

Secure checkout

Need help choosing, or a custom setup? Talk to us or book a call.

Money-back guaranteeFree supportLive demo