Skip to Content
This question has been flagged
jsonrpcodoo17
3 Replies
4950 Views
Avatar
Ids MG

When using JSON-RPC external API, do I need to call the common authenticate method before each object call? It only seems to authenticate and return the user id.

 So if I did that once, can I store that user id and use it for all further object calls? Or is there some kind of expiring session stored on the server I need to be aware of?

Avatar
Discard
Ids MG
Author

I know how authentication works and that there are other techniques that can be used. But I want to minimize the number of authentication calls for JSON-RPC. Does anyone know if that can be done once or needs to be done before each object call?

Ids MG
Author

According to Odoo Support:

When using Odoo's JSON-RPC interface, you do not need to execute the authentication call before each object call. The authentication process should be done once to obtain the user ID and a session token, and then you can use these credentials for subsequent calls.

Avatar
Ajin A K
Best Answer

It depends on the specific implementation of the JSON-RPC API you're using. Here's a breakdown of the two common scenarios:

1. Session-based Authentication:

  • In this case, a successful authenticate call establishes a session on the server. This session is identified by a key or token (often not the user ID itself).
  • Subsequent object calls typically require including this session key or token in the request header or as a parameter.
  • This session has an expiration time. You don't need to call authenticate again until the session expires.

2. Token-based Authentication:

  • Here, authenticate might return a JSON Web Token (JWT) or a similar token containing user information and claims.
  • Subsequent object calls would require including this token in the request header (usually as an "Authorization" header).
  • JWTs are self-contained and expire after a set time. You need to re-authenticate (get a new token) before the current one expires.

How to determine which method your API uses?

  • Check the API documentation for details on authentication and authorization.
  • Look for keywords like "session", "token", "JWT", or expiration time.
  • If unsure, consult the API provider's support resources.

Here are some best practices for handling authentication with JSON-RPC APIs:

  • Store tokens securely: If using tokens, store them securely in memory or a secure storage mechanism like the keychain. Avoid storing them in plain text.
  • Refresh tokens before expiry: Monitor token expiry and refresh it before it expires to avoid interruptions in your application.
  • Handle errors gracefully: Implement proper error handling for authentication failures.

By understanding the authentication method and implementing best practices, you can efficiently manage user sessions and keep your JSON-RPC interactions secure.

Avatar
Discard
Avatar
Ray Carnes (ray)
Best Answer

You need to send an authenticated User ID and Password (or API key) with each request.


Avatar
Discard
Avatar
Long Duong Nhat
Best Answer 
Hi Ids MG,
Please try using Restful API. Odoo has an endpoint (/web/session/authenticate) to connect to the database and log in.
The API response has more information for you and it will have a session to help you maintain the connection.
Reference source: https://github.com/odoo/odoo/blob/17.0/addons/web/controllers/session.py#L29


Avatar
Discard
Related Posts Replies Views Activity
Odoo JsonRPC : Get m2m, m2o or o2m nested field with read method
odoo jsonrpc odoo17
Avatar
0
Feb 25
510
How to Fetch Product Images via JSON-RPC in Odoo?
jsonrpc
Avatar
Avatar
1
Feb 25
400
Odoo 17
odoo17
Avatar
1
Feb 25
37
Existing Field Labels not displayed after installing new module
odoo17
Avatar
Avatar
1
Feb 25
528
Odoo time-sheets rights to add
odoo17
Avatar
1
Jan 25
518