Skip to content

Commit

Permalink
[UDP] auth_api_key: Update description for reason to keep this module
Browse files Browse the repository at this point in the history
  • Loading branch information
@thienvh332
thienvh332 committed Oct 11, 2024
1 parent f7d6ce1 commit 10a5106
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions auth_api_key/readme/DESCRIPTION.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,3 +10,10 @@ from known sources.

For unknown sources, it is a good practice to filter out this header at
proxy level.

Odoo allows users to authenticate `XMLRPC/JSONRPC` calls using their API key instead of a password by native API keys (`res.users.apikey`). However, `auth_api_key` has some special features of its own such as:
- API keys remain usable even when the user is inactive, if enabled via settings (e.g., for system users in a shopinvader case).
- Supports dual authentication via Basic Auth and API_KEY in separate HTTP headers.
- Admins can manage API keys for all users

Given these advantages, particularly in use case like system user authentication, we have decided to keep the `auth_api_key` module

0 comments on commit 10a5106

Please sign in to comment.