Mail Icon contact@ksolves.com Phone Icon 1800 121 0218 , +1 (646) 203-1075 , +971 551395627
img

Project Name

Connected Claude AI to Odoo.sh With Per-User OAuth on Serverless Cloud Run

Connected Claude AI to Odoo.sh With Per-User OAuth on Serverless Cloud Run
Industry
SaaS
Technology
GCP Cloud Run, MCP (Model Context Protocol), Google OAuth 2.0, Odoo JSON-RPC API, and Docker

Loading
Connected Claude AI to Odoo.sh With Per-User OAuth on Serverless Cloud Run
Overview

The team operates an internal Odoo.sh-hosted platform serving as the central hub for business operations, covering sales, inventory, invoicing, and customer management.

 

With a growing reliance on AI-powered assistants like Claude.ai for day-to-day decision support, the disconnect between the AI layer and the ERP backend has become a critical bottleneck.

 

The organisation needed a way to let every team member interact with Odoo data through natural language, securely, without sharing credentials or writing custom integration code for each use case. The ambition was clear: make the ERP conversationally accessible while maintaining enterprise-grade access control for every user.

Key Challenges

Every workaround the team had tried created a new problem, which is a security gap, a maintenance burden, or a workflow that only worked for one person at a time.

  • No Programmatic Multi-User Access: Odoo.sh lacked a built-in mechanism for multiple users to access data programmatically through an AI assistant without sharing a single set of credentials, making secure, per-user AI access architecturally impossible on the existing setup.
  • Manual Login Dependency: Every data lookup required a team member to log into the Odoo web interface, navigate to the relevant module, and extract the information manually, adding 3 to 5 minutes to every query and breaking the conversational AI workflow entirely.
  • Shared Credential Security Risk: Existing workarounds relied on a single shared API key or admin account, creating an audit trail gap, violating least-privilege access principles, and leaving no way to revoke access for a specific individual.
  • No AI-to-ERP Bridge: Claude.ai had no native connector to Odoo.sh. There was no standardised protocol or middleware to translate natural language queries into structured Odoo API calls; every lookup required a manual handoff between systems.
  • Stateless Authentication Challenge: Each AI session needed to authenticate as a specific user without persisting tokens client-side, requiring a serverless-compatible OAuth flow capable of handling per-session identity without state management overhead.
  • Infrastructure Overhead Concerns: Running a persistent middleware server for an internal tool was disproportionate to the use case. The team needed a zero-idle-cost, auto-scaling solution that incurred no cost when not in active use.
Our Solution

Ksolves, an AI-first Odoo development and DevOps consulting company, designed and deployed a serverless MCP (Model Context Protocol) connector hosted on GCP Cloud Run that acts as a secure bridge between Claude.ai and Odoo.sh backend. The architecture follows a zero-trust, per-user authentication model: every interaction is authenticated via Google OAuth 2.0, mapped to a specific Odoo user, and executed with that user's exact permissions. No shared credentials, no elevated access, and no credential leakage at any point in the flow.

  • MCP Server on Cloud Run: Built a containerised MCP Server deployed on GCP Cloud Run that receives structured tool-use requests from Claude.ai, translates them into Odoo JSON-RPC API calls, and returns formatted responses: all within a stateless, auto-scaling serverless runtime with no persistent infrastructure to maintain.
  • Per-User Google OAuth 2.0 Flow: Implemented a complete OAuth 2.0 consent and token exchange flow so each user authenticates with their own Google identity. The MCP Server maps this identity to the corresponding Odoo user, ensuring every API call executes under the correct permission scope with instant revocation capability.
  • Odoo API Integration Layer: Developed a structured integration layer translating Claude.ai's natural language tool calls into precise Odoo JSON-RPC method calls, supporting read, search, and data retrieval operations across sales orders, invoices, contacts, and inventory models.
  • Zero Credential Sharing Architecture: Eliminated all shared API keys and admin tokens entirely. Each session is scoped to an individual user's OAuth token, tokens are never persisted client-side, and revocation is instant via Google's OAuth console, establishing a full per-user audit trail.
  • Serverless Auto-Scaling with Zero Idle Cost: GCP Cloud Run scales to zero when idle and spins up in under 2 seconds on demand, ensuring the connector incurs no infrastructure cost during off-hours while handling concurrent requests seamlessly during peak usage.

Technology Stack

Category Technology
Platform GCP Cloud Run
AI/ML MCP (Model Context Protocol)
Security Google OAuth 2.0
Integration Odoo JSON-RPC API
Infrastructure Docker
Impact

From manual browser logins and shared credentials to conversational ERP access: secure, per-user, and serverless.

  • Data Retrieval Time Reduced by ~90%: Natural language queries via Claude.ai now return structured Odoo data in under 20 seconds. it replaced a manual login, navigation, and copy-paste process that averaged 3 to 5 minutes per query.
  • Shared Credentials Eliminated 100% Per-User Authentication: Every session now authenticates via individual Google OAuth 2.0 tokens mapped to specific Odoo user permissions. It replaced a single shared admin API key that left no individual audit trail and no clean revocation path.
  • Infrastructure Cost Reduced to Near-Zero at Idle: GCP Cloud Run scales to zero between requests, projected idle-hour cost is zero, with per-invocation billing only during active use, replacing a fixed-cost persistent middleware server.
  • Manual ERP Context Switches Eliminated: All supported queries are now handled within the Claude.ai conversation, eliminating an estimated 10 to 15 daily browser context switches between Claude.ai and the Odoo interface that were breaking team workflows.
Solution Architecture
stream-dfd
Conclusion

The problem was not that the team lacked good tools. They had Claude.ai for decision support and Odoo.sh for operations. The problem was that those two systems had no way to talk to each other without a browser in the middle, a shared credential creating a security gap, and a manual process breaking the workflow every time. Ksolves, an AI-first Odoo development and DevOps consulting company, closed that gap with a single serverless connector. Every team member now queries Odoo data conversationally from Claude.ai, authenticated under their own identity, with no shared credentials and no persistent infrastructure cost. Data that used to take 5 minutes to retrieve now arrives in under 20 seconds. The zero-trust, per-user model establishes the governance baseline for every AI-to-ERP integration that follows, and with the MCP pattern now in place, extending the same conversational access to CRM, HRMS, or project management requires a connector, not a rebuild.

Have A Project Idea?
What is 7 + 1 ? * icon

Ready to Make Your ERP Conversationally Accessible with AI?

Other Success Stories
Migrated a Deprecated NGINX Ingress to Kong With Zero Downtime

Migrated a Deprecated NGINX Ingress to Kong With Zero Downtime

Read the Story
Cut ERP Disaster Recovery Time by 85% With Automated Azure Failover

Cut ERP Disaster Recovery Time by 85% With Automated Azure Failover

Read the Story
100% Tagging Compliance Delivered Across 100+ Terraform Stacks for an AdTech Platform

100% Tagging Compliance Delivered Across 100+ Terraform Stacks for an AdTech Platform

Read the Story
img
img
img
img
img
img
img