One secure API in front of every Odoo.
ODXProxy is a high-performance Rust reverse proxy that gives your apps one safe, unified JSON-RPC API in front of any number of Odoo instances — with auth, a method allowlist, metrics, and clustering out of the box.
Odoo as the brain, not the interface.
ODXProxy is the seam between your business logic and your users. Odoo stays the engine and the gatekeeper — business rules, permissions, and the single source of truth — while people interact through natural, purpose-built interfaces on a separate layer.
The result: the ERP is fed by the work people already do — a form, a mobile app, a portal, a bot. They contribute to the business and its data through workflows that feel natural, often without ever “using the ERP.”
Presentation layer
ODXProxy
one safe JSON-RPC seam
Odoo
business logic · permissions · system of record
the engine & gatekeeper — never exposed directly
POST /api/odoo/execute
x-api-key: <PROXY_API_KEY>
Content-Type: application/json
{
"id": "01J9Z8K3QJ7Y5T2N6V4W8X0ABC",
"action": "search_read",
"model_id": "res.partner",
"params": [[["is_company", "=", true]]],
"keyword": { "fields": ["name", "email"], "limit": 10 },
"odoo_instance": {
"url": "https://erp.example.com",
"db": "prod",
"user_id": 2,
"api_key": "<ODOO_USER_API_KEY>"
}
}200 OK
{
"jsonrpc": "2.0",
"id": "01J9Z8K3QJ7Y5T2N6V4W8X0ABC",
"result": [
{ "name": "Acme Corp", "email": "hello@acme.example" }
]
}Note: an Odoo logic error comes back as HTTP 200 with an error object — always check the error field, not just the status.
Self-host in one container.
ODXProxy ships as a single distroless image that runs as a non-root user (UID 65532) and refuses to run as root. Pull it, point it at your license, and you have a secure API in front of Odoo.
Deployment guide →docker pull terrakernel/odxproxy docker run -p 3000:3000 \ -e LICENSE_KEY=<your-license-key> \ terrakernel/odxproxy
Illustrative — see the getting-started guide for the full run command, ports, and environment.
Works with your stack
Skip the wire format — use a native client. One protocol, official SDKs for the languages your apps already speak.
How a request flows
- 1
Integrity check
Validated on every request against a trusted clock — not the system clock.
- 2
Transforming request
The action is validated against the 9-method allowlist and mapped to Odoo's call.
- 3
Forward to Odoo
The call runs against the Odoo instance named in the request body.
- 4
JSON-RPC reply
A clean JSON-RPC 2.0 envelope comes back — result or error.
High performance, built on Rust
ODXProxy is written in Rust on an async, non-blocking stack. It adds a thin, predictable layer in front of Odoo — high throughput and low latency, with a small memory footprint that’s comfortable to run anywhere.
Rust
A compiled, memory-safe systems language — no garbage-collection pauses and a tiny runtime footprint under load.
Tokio
A battle-tested asynchronous runtime that handles thousands of concurrent Odoo calls on a small thread pool.
Axum + Hyper
An ergonomic HTTP stack speaking HTTP/1.1 and HTTP/2, with built-in br / gzip / deflate response compression.
Why ODXProxy
One front door for many Odoo instances
The target Odoo instance is specified per request, so a single proxy deployment can route to many backends — ideal for multi-tenant SaaS, agencies, and microservice fleets.
A safer, smaller API surface
Odoo's execute_kw can call any model method. ODXProxy restricts callers to a curated allowlist of 9 actions, shrinking the blast radius of a leaked credential.
Call any Odoo business method
Beyond CRUD — invoke a model's public methods by name to trigger real Odoo workflows like posting an invoice or confirming an order, still authenticated and scoped to the Odoo user's own permissions.
A uniform, language-agnostic protocol
Every response is a clean JSON-RPC 2.0 envelope, so SDKs in Python, Swift, Java, JavaScript, and PHP all speak one simple spec.
Operational hardening built in
Refuses to run as root, ships systemd/OpenRC hardening and a distroless nonroot image, and shuts down gracefully under load.
Observability built in
A Prometheus metrics endpoint, structured JSON logs, and a request id on every call you can trace end to end — so you can see exactly how your Odoo traffic behaves.
Tamper-resistant by design
Cryptographically signed (ECDSA P-256) and re-validated on every request against a trusted external time source, so a rolled-back system clock can't slip past integrity checks.
Clustering ready
Optional Redis-based heartbeat and upstream pools let you run a fleet of proxies behind one address.
Stop wiring every app to Odoo’s raw RPC.
Deploy the proxy, set one API key, and make your first request in minutes.