API keys
Generate and manage the API keys used to authenticate MCP-compatible IDEs (Cursor, Windsurf) against Aidoo.
Overview
Aidoo API keys authenticate requests coming from MCP-compatible IDEs (Cursor, Windsurf, etc.) that don't support OAuth. Each key is tied to a user and a company, with granular permissions over allowed operations.
All keys follow the format:
aid_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
The aid_live_ prefix is common to every key. The next 8 characters serve as a visual identifier in the dashboard.
When is it needed? For Claude.ai, ChatGPT, Claude Desktop and Claude Code, you don't need to handle any API key: authentication happens automatically through OAuth (see Connecting with Claude). API keys are only used for IDEs that don't support OAuth (Cursor, Windsurf, etc.).
Create an API key
- Sign in to the Aidoo dashboard
- Go to Team from the side menu
- Click Generate an API key next to the relevant member
- Assign a descriptive name (e.g. "Cursor - Accounting")
- Select the desired permissions
- Click Create
Important: the full key is only shown once. Copy it immediately and store it in a secure place. It cannot be retrieved later.
Permissions
Every API key has permissions that define which operations are allowed on Odoo. You can configure them precisely depending on the use case.
| Permission | Description |
|---|---|
query | Search records (filters, domains) |
read | Read fields of existing records |
create | Create new records |
write | Update existing records |
execute | Call server methods on Odoo models |
schema | Inspect model structure (fields, types, relations) |
report | Generate reports and data extracts |
workflow | Run sequences of actions validated visually |
Default permissions: query, read and schema. This read-only set is suitable for most exploratory use cases.
Recommendations by profile
- Consultation / Reporting:
query,read,schema,report - Day-to-day management:
query,read,create,write,schema - Full automation: all permissions
Key management
List keys
From the API keys page in the dashboard:
- Owners and admins see all the company's keys
- Members only see their own keys
Each key shows: name, identification prefix, active permissions, last used date and creation date.
Revoke a key
Revocation is immediate and final. A revoked key cannot be reactivated.
- Owners and admins can revoke any of the company's keys
- Members can only revoke their own keys
To revoke:
- Go to API keys
- Click Revoke next to the relevant key
- Confirm the action in the confirmation modal
Remember to update your IDE's MCP configuration if you replace a revoked key.
Use in an IDE
Once the key is created, configure it in your MCP-compatible IDE (Cursor, Windsurf, etc.) following the full guide: Local clients (IDEs).
Example for Cursor (~/.cursor/mcp.json):
{
"mcpServers": {
"aidoo": {
"url": "https://mcp.aidoo.fr/sse",
"headers": {
"Authorization": "Bearer aid_live_your_key_here"
}
}
}
}
Best practices
- One key per user: don't share a key between several people
- Minimum permissions: only grant the strictly necessary permissions
- Regular rotation: revoke and recreate your keys periodically
- Explicit naming: use descriptive names to quickly identify each key (e.g. "Cursor - Marie - Accounting")
- Never version a key in a Git repository or a shared file