How to Create Backend Records from Website Forms in Odoo 18
By Braincuber Team
Published on April 16, 2026
Connecting your front-end website interactions with real-time backend data management is essential for any modern business application. In Odoo 18, you can seamlessly create backend records directly from custom-built website forms, enabling a smooth data entry workflow for users. This complete tutorial demonstrates how to build website forms that submit data to Odoo's backend, using QWeb templates, custom controllers, and the powerful res.partner model.
What You'll Learn:
- Step by step guide to creating QWeb templates for website forms
- Beginner guide to building custom controllers in Odoo 18
- Complete tutorial on connecting frontend forms to backend res.partner model
- How to handle CSRF token validation for secure form submissions
- Best practices for creating customer records from public-facing forms
- Strategy for adding website menu items for form navigation
- How to implement success feedback pages after record creation
Understanding Odoo 18 Website Integration
Odoo 18 represents the newest evolution of the robust open-source business application suite. The Website module empowers users to create fully integrated, dynamic websites with real-time backend connectivity. This step by step guide explores how to generate backend records through custom-built website forms, demonstrating a practical example of adding customer (res.partner) records from public-facing forms.
QWeb Templates
Create dynamic HTML forms using Odoo's powerful QWeb templating engine with built-in security features.
Custom Controllers
Handle form submissions and connect frontend interactions with backend ORM operations securely.
res.partner Model
Integrate with Odoo's native contact model to create customer records from website submissions.
CSRF Security
Implement proper CSRF token handling to ensure secure form submissions and prevent vulnerabilities.
Creating the Website Form Template
To create a QWeb template with input fields for customer details in Odoo 18, you need to define an XML file inside your custom module. This file contains an HTML form wrapped in Odoo's QWeb syntax, allowing you to render the form on the website. The form typically includes fields like name, email, and phone, and posts the data to a custom controller URL for backend processing.
Set Up Your Custom Module
Complete tutorial: create a new custom module or use an existing one. Inside your module, create a views directory and add a customer_form.xml file. This file will contain your QWeb template definitions. Make sure your module has proper __manifest__.py and __init__.py files.
Create the QWeb Template
Step by step guide: define a QWeb template with the customer_form_template id. Wrap your form in website.layout to ensure proper styling and integration with Odoo's website theme system. Add input fields for name, email, and phone with appropriate form-control classes.
Include CSRF Token
Beginner guide: add a hidden CSRF token field using request.csrf_token() to ensure secure form submissions. This is critical for preventing cross-site request forgery attacks. The token is automatically validated by Odoo's controller framework.
Create Success Page Template
Complete tutorial: define a separate customer_success_template to display confirmation after successful record creation. This provides user feedback and improves the overall experience. The success template is rendered by the controller after processing the form submission.
Configure Website Menu
Step by step guide: add a website.menu record to make your form accessible from the website navigation. Set the parent_id to website.main_menu and define the URL as /website/customer/form. This creates a "Create Customer" menu item for easy access.
QWeb Template XML Structure
Here is the complete XML structure for the customer form template. This includes the form fields, CSRF token, success page, and menu configuration. Copy this into your views/customer_form.xml file within your custom Odoo module.
Create New Customer
Customer Created Successfully!
Create Customer
/website/customer/form
60
Important: Template ID Naming
Replace custom_module_name with your actual module name in both template IDs. The controller will reference these same template IDs when rendering pages.
Creating the Website Controller
To make the form work, you need to create a custom controller in Odoo 18. This controller handles two main routes: displaying the form when someone visits the page and processing the data when the form is submitted. The controller uses the request object to access form data and create records in the res.partner model.
Set Up Controller Structure
Complete tutorial: create a Python controller file in your module's controllers directory. Import http and request from odoo, then define a controller class extending http.Controller. This class will contain route methods for handling form display and submission.
Add Form Display Route
Step by step guide: create a route method decorated with @http.route for /website/customer/form. Set type to 'http', auth to "public", and website=True. This makes the form accessible to public users. Return request.render() with your template ID.
Create Record Processing Method
Beginner guide: add another route for /website/customer/create that handles POST requests. Extract name, email, and phone from the post data. Use request.env['res.partner'].sudo().create() to create the customer record. Set customer_rank to 1 to mark as customer.
Redirect to Success Page
Complete tutorial: after successfully creating the record, return request.render() with the customer_success_template. This displays the confirmation message to the user. The form data is now stored in the backend res.partner model.
Controller Code Example
The following Python code demonstrates the complete controller implementation. Add this to your controllers/__init__.py or create a new controllers/customer_controller.py file. Ensure you export the controller in your module's __init__.py.
from odoo import http
from odoo.http import request
class WebsiteCustomerForm(http.Controller):
@http.route(['/website/customer/form'], type='http', auth="public", website=True)
def customer_form(self, **kw):
return request.render('custom_module_name.customer_form_template')
@http.route(['/website/customer/create'], type='http', auth="public", methods=['POST'], website=True, csrf=True)
def create_customer(self, **post):
request.env['res.partner'].sudo().create({
'name': post.get('name'),
'email': post.get('email'),
'phone': post.get('phone'),
'customer_rank': 1,
})
return request.render('custom_module_name.customer_success_template')
Important: Security Settings
The auth="public" setting allows unauthenticated users to access the form. If you need authenticated users only, change to auth="user". The csrf=True parameter enables CSRF protection for the POST route.
Understanding the Complete Flow
After adding the controller to your custom module, the complete workflow works as follows. When users click the "Create Customer" menu item, they are directed to the customer form page where they can enter their details. After submitting the form, the controller receives the data, creates the record in the res.partner model, and redirects the user to a success confirmation page.
| Component | Purpose |
|---|---|
| QWeb Template | Renders the HTML form with input fields and CSRF token |
| Website Menu | Provides navigation link to the form URL |
| Controller Route | Handles HTTP requests and renders templates |
| res.partner Model | Stores customer records in Odoo's database |
| Success Template | Displays confirmation after successful record creation |
Testing Your Implementation
Once you have deployed your custom module with the form and controller, follow these steps to test the complete workflow. This ensures that everything is working correctly and records are being created in the backend as expected.
Access the Customer Form
Complete tutorial: click the "Create Customer" menu item in your website's main navigation. This loads the customer form page with input fields for name, email, and phone. Verify that the form is properly styled and responsive.
Fill and Submit the Form
Step by step guide: enter the customer name (required), email, and phone number in the form fields. Click the Submit button. The form data is sent to the /website/customer/create endpoint with the CSRF token for validation.
Check Confirmation Page
Beginner guide: after submission, you should see a "Customer Created Successfully!" confirmation message. This confirms that the controller successfully processed the form data and created the backend record.
Verify in Backend
Complete tutorial: navigate to the Contacts app in Odoo's backend. Search for the customer name you entered. The new contact should appear in the list with the email and phone details you submitted from the website form.
Best Practices and Security Considerations
When implementing website forms that create backend records, it is essential to follow security best practices. The CSRF token validation ensures that form submissions originate from your website and not from malicious external sources. Always validate and sanitize input data before creating records.
Always Use CSRF
Always include and validate CSRF tokens in your forms to prevent cross-site request forgery attacks.
Validate Input Data
Always validate email formats, required fields, and sanitize data before creating records in the database.
Use sudo() Judiciously
Use sudo() only when necessary for public users. Consider implementing access rights checks for better security.
Provide User Feedback
Always show success or error messages to users. Redirect to appropriate pages after form submission.
Frequently Asked Questions
How do I create a custom website form in Odoo 18?
Create a QWeb template in your module's views directory with HTML form fields wrapped in website.layout. Add a hidden CSRF token field using request.csrf_token() and configure the form action to point to your custom controller endpoint.
What is the res.partner model used for in Odoo?
The res.partner model is Odoo's native contact model that stores customer, vendor, and individual contact records. It includes fields for name, email, phone, address, and various business-related properties. Setting customer_rank to 1 marks a partner as a customer.
Why is CSRF token validation important?
CSRF (Cross-Site Request Forgery) token validation prevents malicious websites from submitting forms on behalf of your users. Odoo automatically validates CSRF tokens when csrf=True is set on your route decorator, protecting your application from unauthorized submissions.
How do I add a menu item for my website form?
Add a website.menu record in your XML file with name set to your menu label, url set to your form route, and parent_id referencing website.main_menu. This creates a navigation link in your website's main menu that users can click to access the form.
Can I create records in other models besides res.partner?
Yes, you can create records in any Odoo model using the same approach. Simply replace 'res.partner' with your target model name in the controller's create() call, and adjust the field names to match your model's fields. Ensure the model has access rights configured for public users if needed.
Need Help with Odoo 18 Website Development?
Our Odoo experts can help you build custom website forms, controllers, and backend integrations. From QWeb templates to complex data workflows, we help businesses create seamless user experiences.