Advanced MCP Server FAQs

These frequently asked questions cover the most common setup, security, and operational topics for the Advanced MCP Server module. For the complete feature list, see Advanced MCP Server Features.

Getting Started

Is this module compatible with both Odoo Enterprise and Community?

Yes. Fully compatible with Odoo Enterprise (On-premise and Odoo.SH) and Odoo Community. Not compatible with Odoo Online (SaaS) because Odoo Online does not allow third-party apps.

Which AI clients can I connect to Odoo?

Any MCP-compliant client. The wizard generates ready-to-paste snippets for Cursor, Claude Code CLI, Gemini CLI, Continue.dev, Claude Desktop, Claude.ai, and ChatGPT. Anything else that supports either an HTTP Bearer header or OAuth 2.1 works too.

Do I need an OpenAI / Anthropic API key for this module?

No. The AI work happens in the user’s own AI client. The MCP Server only handles authentication, the tool catalog, and the data side. The only exception is the Smart Search mode of the Knowledge Layer, which uses an embedding provider (OpenAI by default) — and only when you enable it. See Knowledge Layer Configuration.

Connections & Authentication

API key, Browser login, or Custom OAuth — which do I pick?

Pick by how your tool authenticates, not by which tool it is. Browser login (OAuth) is the simplest for tools that support MCP dynamic registration (claude.ai, ChatGPT, Claude Desktop). API key is the most universal for tools that use a config file (Cursor, CLIs). Custom OAuth is for server-to-server integrations with your own callback URL. See Connect a New AI Tool.

Why is the plaintext API key shown only once?

Like every Odoo API key, the value is hashed at rest. The wizard generates the plaintext in memory and persists only the hash when you click Save Connection. If you missed copying it, click Rotate Key on the connection form to issue a new one. See Rotate, Revoke, and Reactivate.

Can different users share a single API key?

No. Each person should have their own connection. Sharing a key defeats audit logs, ties everyone’s actions to one user, and means revoking it disconnects the whole team. The wizard makes per-user keys quick to create.

How do I tell whether a connection is currently in use?

Open MCP Server ‣ Configuration ‣ Connections. Connection rows are colour-coded: Connected (green), Awaiting (yellow), Idle (blue), Revoked (red). The form also shows a live status pill with an idle duration counter.

An employee just left — how do I cut their access?

Open the user’s connections and click the Active smart button (it flips to Revoked). The API key is deleted / the OAuth tokens are invalidated, every live session is deactivated, and pending approval requests are expired. See Rotate, Revoke, and Reactivate.

Can I prevent AI tools from self-registering as OAuth clients?

Yes. Switch off Allow Dynamic Client Registration in MCP Server ‣ Configuration ‣ Server Settings. From then on, every OAuth connection must be created by an admin through the Custom OAuth path of the wizard. See Browser Login (OAuth) — claude.ai, ChatGPT.

Permissions & Security

What does the AI act as inside Odoo?

Every action runs as the Odoo user attached to the connection. The AI cannot do anything that user cannot do — Odoo’s standard record rules, ACLs, and multi-company restrictions all apply. The MCP Server adds further restrictions on top, never fewer. See User Groups & Access Rights.

How do I make sure a connection cannot delete or send emails?

Open the connection form and either:

• Restrict Allowed Tools to a whitelist that does not include the risky tool, OR

• Add the tool to Tools that need approval so the AI’s call becomes a pending approval the admin reviews.

See Managing Connections and Human-in-the-Loop Approvals.

Can I restrict where a connection can be used from?

Yes. On the connection form, fill in Allowed IPs (one IP or CIDR per line) and/or Blocked IPs. The MCP Server rejects requests from disallowed addresses. See IP Restrictions.

What's in the audit logs?

Every request — method, tool, model, user, connection, IP, duration, status. Payloads are stored only when Log Payloads is enabled in Server Settings. Audit Logs are read-only — even admins can only view them. See Audit Logs.

Will the AI ever see records I don't have access to?

No. The AI inherits the connection user’s permissions. The Knowledge Layer also enforces ir.attachment ACLs — only chunks from files you can read are returned. Shared Pages can be further tightened with a Field Allowlist.

Tools & Workflows

What can the AI actually do?

The seeded catalog (45+ tools) lets the AI read records, search with filters, create, update, delete, run reports, send test emails, post chatter notes, schedule activities, trigger workflows, subscribe to events, search uploaded documents, and build charts and dashboards. See The Tool Catalog.

Can I disable a tool I don't trust?

Yes. Open MCP Server ‣ Configuration ‣ Tools, find the tool, and switch Active off. It immediately disappears from every connection’s catalog. For per-connection restrictions, use the Allowed Tools field on the Connection form.

How do I make the AI ask for approval before risky actions?

Configure approvals per connection. Add the risky tools to Tools that need approval, pick an Approver, and set the Approval Expiry hours. The AI’s call to those tools becomes a pending approval the approver reviews in plain English. See Human-in-the-Loop Approvals.

Can the AI preview a write operation before committing?

Yes. create_record, update_record, delete_record, and the batch variants all accept a dry_run=true flag. The MCP Server returns what would happen without writing anything. The AI is trained to use dry-run whenever the user’s request is ambiguous.

Knowledge Layer

Where do the indexed documents come from?

The Knowledge Layer indexes every ir.attachment in Odoo that is not excluded by mimetype, model, or size. This includes attachments on partners, employees, sales orders, support tickets, projects — everything. See Knowledge Layer Configuration.

Do I need an OpenAI API key for the Knowledge Layer?

Only for Smart Search (engine hybrid). Basic Search (engine fulltext) works out of the box with no external dependency.

Why does the AI sometimes say it can't find a document I uploaded?

Open MCP Server ‣ Knowledge ‣ Indexed Sources and look for the file. If its State is pending, the cron hasn’t picked it up yet. If failed, open the row and check the error message — usually a mimetype or size exclusion. If skipped, the document was excluded by a mimetype or model rule. See Indexed Sources & Chunks.

Can I prevent some attachments from being indexed?

Yes. In Knowledge Layer Configuration, add their mimetype to Excluded Mimetypes or their parent model to Excluded Models. Existing chunks are not deleted automatically — re-index to clean them up.

Visualisation, Pages, and Reports

Can the AI build a dashboard for my team?

Yes. Ask “build me a dashboard of last month’s sales” or “give me a CRM overview”. The AI calls compose_dashboard, shows the result inline (Claude.ai, Claude Desktop), and offers to save it as a public URL. See Dashboards & Pulse Reports.

Are saved Shared Pages live or static snapshots?

Live. The URL re-runs the underlying recipe on every visit, so the page always reflects current data. Revoke the page from MCP Server ‣ Shared Pages when you no longer need it.

Can I share a dashboard with someone who doesn't have an Odoo account?

Yes — that’s exactly what Shared Pages are for. The URL is token-gated. Use the Field Allowlist on the page to tighten what the visitor sees relative to the page owner’s full access. See Shared Pages.

What does the Pulse Report give me?

An A–F operational health diagnostic across up to eight dimensions (Sales, Invoicing, CRM, Activities, Email queue, Approvals, Inventory, Projects) with a polished dashboard ready to share. See Dashboards & Pulse Reports.

Events, Webhooks, and Automations

Can the AI subscribe to changes in Odoo?

Yes. Ask “ping me when project task X moves to Blocked” or “alert our Slack on every new sale order”. The AI calls subscribe_events and the subscription persists in MCP Server ‣ Event Subscriptions. See Event Subscriptions.

How do I send webhooks to Slack, Teams, or Discord?

Those endpoints expect a specific payload shape. Tell the AI the format (or the incoming-webhook URL) and it will set the Webhook Payload Template for you. See Webhook Delivery.

Troubleshooting & Maintenance

The AI tool says "Unauthorized" — what now?

Check, in order:

1. The master switch in MCP Server ‣ Configuration ‣ Server Settings is Enabled.

2. The connection’s status is not Revoked.

3. The AI tool is using the right key (no typo, no extra spaces).

4. The connection’s IP Restrictions allow the client’s IP.

5. The connection has not hit its rate limit (look for rate-limit error rows in the Audit Log).

See Troubleshooting.

How do I see what the AI tried to do but failed?

Open MCP Server ‣ Audit Logs, filter to Errors and the last hour. Each row shows the failing method, tool, error message, and (if payload logging is on) the request payload.

Where do I configure how long audit logs are kept?

MCP Server ‣ Configuration ‣ Server Settings ‣ Audit ‣ Audit Log Retention (days). The default is 90 days. See Enable & Configure the MCP Server.

See also

• Advanced MCP Server Features

• Configure the MCP Server

• Connection Management

• Troubleshooting

• Best Practices