ood.ooo

n8n Integration

Connect your n8n workflows to ood.ooo to automate Odoo operations using webhooks. Create customers from forms, send daily reports, trigger alerts, and more.

Overview

The ood.ooo n8n webhook integration allows you to trigger Odoo operations from your n8n workflows. Whether you want to create records, query data, or send natural language requests to AI, you can do it all through a simple HTTP endpoint.

Getting Started

Webhook Endpoint

POST https://bob.ood.ooo/api/n8n/webhook

Authentication

Choose one of two authentication methods:

Option 1: API Key (Recommended)

RECOMMENDED

API keys provide secure, long-lived authentication perfect for automated workflows.

Step 1: Generate API Key
  1. Login to ood.ooo
  2. Go to Dashboard → Settings → API Keys
  3. Click "Generate New API Key"
  4. Select "webhook" scope
  5. Copy the generated key (starts with sk_live_)

⚠️ Important: Save your API key immediately. It will only be shown once!

Step 2: Add to n8n Headers

Use one of these header formats:

Authorization Bearer (Recommended)

Authorization: Bearer sk_live_xxxxxxxxxxxxx

X-API-Key Header (Alternative)

X-API-Key: sk_live_xxxxxxxxxxxxx
Step 3 (Optional): HMAC Signature Verification

For enhanced security, configure HMAC signature verification in your API key settings:

  1. Go to Dashboard → Settings → API Keys
  2. Edit your API key
  3. Enable "HMAC Signature Verification"
  4. Copy the HMAC secret
  5. Configure n8n to sign requests (see HMAC section below)
X-HMAC-Signature: <hex_signature_using_sha256>

Option 2: Session Cookie

TESTING ONLY

Use session cookies for quick testing. Not recommended for production workflows.

  1. Login to ood.ooo
  2. Open browser DevTools (F12)
  3. Go to Application → Cookies
  4. Copy your session cookie
  5. Add it to your n8n HTTP Request node headers

⚠️ Warning: Session cookies expire and change frequently. Use API keys for production.

Supported Actions

1. execute_method

Execute any Odoo method directly (search_read, create, write, unlink, etc.)

{
  "action": "execute_method",
  "model": "res.partner",
  "method": "search_read",
  "args": [[["is_company", "=", true]]],
  "kwargs": {
    "fields": ["name", "email", "phone"],
    "limit": 10
  }
}

2. chat

Send natural language queries to AI

{
  "action": "chat",
  "message": "List all customers with outstanding invoices over $1000"
}

3. get_config

Retrieve your Odoo configuration

{
  "action": "get_config"
}

4. test_connection

Test if Odoo connection is working

{
  "action": "test_connection"
}

Common Odoo Operations

Create Record

{
  "action": "execute_method",
  "model": "res.partner",
  "method": "create",
  "args": [{
    "name": "New Customer",
    "email": "customer@example.com"
  }]
}

Update Record

{
  "action": "execute_method",
  "model": "res.partner",
  "method": "write",
  "args": [
    [123],
    {"phone": "+1234567890"}
  ]
}

Delete Record

{
  "action": "execute_method",
  "model": "res.partner",
  "method": "unlink",
  "args": [[123, 124, 125]]
}

Search and Read

{
  "action": "execute_method",
  "model": "sale.order",
  "method": "search_read",
  "args": [[
    ["state", "=", "sale"],
    ["date_order", ">=", "2025-01-01"]
  ]],
  "kwargs": {
    "fields": ["name", "partner_id", "amount_total"],
    "order": "date_order desc",
    "limit": 50
  }
}

Example Use Cases

Create Customer from Form Submission

Automatically create Odoo customers when users submit contact forms on your website.

  • Trigger: Webhook from form
  • Action: Create customer in res.partner model
  • Response: Send confirmation email

Daily Sales Report

Send automated daily sales reports to your team every morning.

  • Trigger: Schedule (9 AM daily)
  • Action: Chat query for confirmed sales orders
  • Response: Email report to management

Low Stock Alerts

Get notified when product inventory falls below threshold.

  • Trigger: Schedule (every 6 hours)
  • Action: Search products with qty_available < 10
  • Response: Send alert if low stock found

Best Practices

  • Use API Keys for Production: Never use session cookies in production workflows. Generate API keys with proper scopes and enable HMAC verification for sensitive operations
  • Test Connection First: Always test with test_connection before complex workflows
  • Use Batch Operations: Prefer search_read over multiple read calls
  • Limit Results: Always set limit in kwargs to avoid large responses
  • Error Handling: Add error handling nodes in your n8n workflow
  • Logging: Enable logging in n8n to debug webhook calls
  • Rate Limiting: Monitor the X-RateLimit-Remaining header to avoid hitting rate limits
  • Secure API Keys: Store API keys in n8n credentials or environment variables, never hard-code them

Error Handling

All responses include a success field. On error:

{
  "success": false,
  "error": "Error message",
  "details": "Detailed error information"
}

Common Errors

  • 401 Unauthorized - Not authenticated, check session cookie
  • 404 Not Found - No Odoo configuration, configure at Settings
  • 500 Internal Server Error - Check error details in response

HMAC Signature Verification

For production webhooks, enable HMAC signature verification to ensure requests are authentic and haven't been tampered with.

How HMAC Works

  1. You configure an HMAC secret when creating/editing your API key
  2. Before sending a request, generate a signature using the secret and request body
  3. Include the signature in the X-HMAC-Signature header
  4. ood.ooo verifies the signature matches the request body

Generate HMAC Signature (Node.js)

const crypto = require('crypto');

// Your request body
const requestBody = {
  action: "execute_method",
  model: "res.partner",
  method: "search_read",
  args: [[["is_company", "=", true]]],
  kwargs: { fields: ["name", "email"], limit: 10 }
};

// Your HMAC secret from API key settings
const hmacSecret = "your_hmac_secret_here";

// Generate signature
const bodyString = JSON.stringify(requestBody);
const signature = crypto
  .createHmac('sha256', hmacSecret)
  .update(bodyString)
  .digest('hex');

// Add to headers
const headers = {
  'Authorization': 'Bearer sk_live_xxxxxxxxxxxxx',
  'X-HMAC-Signature': signature,
  'Content-Type': 'application/json'
};

Generate HMAC Signature (Python)

import hmac
import hashlib
import json

# Your request body
request_body = {
    "action": "execute_method",
    "model": "res.partner",
    "method": "search_read",
    "args": [[["is_company", "=", True]]],
    "kwargs": {"fields": ["name", "email"], "limit": 10}
}

# Your HMAC secret from API key settings
hmac_secret = "your_hmac_secret_here"

# Generate signature
body_string = json.dumps(request_body, separators=(',', ':'))
signature = hmac.new(
    hmac_secret.encode('utf-8'),
    body_string.encode('utf-8'),
    hashlib.sha256
).hexdigest()

# Add to headers
headers = {
    'Authorization': 'Bearer sk_live_xxxxxxxxxxxxx',
    'X-HMAC-Signature': signature,
    'Content-Type': 'application/json'
}

💡 Tip: HMAC verification is optional but highly recommended for production webhooks. It prevents unauthorized requests even if your API key is compromised.

Rate Limits

When using API keys, requests are rate-limited to prevent abuse:

  • 100 requests per minute per API key

Rate Limit Headers

When rate limited (429 status), the response includes:

HTTP/1.1 429 Too Many Requests
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 2025-01-28T12:00:00.000Z

{
  "error": "Rate limit exceeded",
  "limit": 100,
  "resetAt": "2025-01-28T12:00:00.000Z"
}

Session cookie authentication does not have rate limits but is not recommended for production.

Ready to Get Started?

Head over to your settings to get your webhook URL and start building workflows!

Go to Settings
Back to Documentation