diff --git a/README.md b/README.md
index 306356ab0..b1ddf5a39 100644
--- a/README.md
+++ b/README.md
@@ -21,6 +21,7 @@ Available addons
----------------
addon | version | maintainers | summary
--- | --- | --- | ---
+[auth_api_key](auth_api_key/) | 18.0.1.0.0 | | Authenticate http requests from an API key
[base_user_empty_password](base_user_empty_password/) | 18.0.1.0.0 | [](https://github.com/grindtildeath) | Allows to empty password of users
[//]: # (end addons)
diff --git a/auth_api_key/README.rst b/auth_api_key/README.rst
index 6fc2d05e5..1faa3bf11 100644
--- a/auth_api_key/README.rst
+++ b/auth_api_key/README.rst
@@ -7,7 +7,7 @@ Auth Api Key
!! This file is generated by oca-gen-addon-readme !!
!! changes will be overwritten. !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- !! source digest: sha256:455a0f8646088cc228c9423fcbabbc1d81cabbebd0cac6dcf07bbbe000a6fc87
+ !! source digest: sha256:bfed24ce8c3a57ea6a6270a37d412ab6fe00b5d2004270943ad5f9039a572fcc
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
.. |badge1| image:: https://img.shields.io/badge/maturity-Production%2FStable-green.png
@@ -41,6 +41,19 @@ from known sources.
For unknown sources, it is a good practice to filter out this header at
proxy level.
+Odoo allows users to authenticate ``XMLRPC/JSONRPC`` calls using their
+API key instead of a password by native API keys (``res.users.apikey``).
+However, ``auth_api_key`` has some special features of its own such as:
+
+- API keys remain usable even when the user is inactive, if enabled via
+ settings (e.g., for system users in a shopinvader case).
+- Supports dual authentication via Basic Auth and API_KEY in separate
+ HTTP headers.
+- Admins can manage API keys for all users
+
+Given these advantages, particularly in use case like system user
+authentication, we have decided to keep the ``auth_api_key`` module
+
**Table of contents**
.. contents::
diff --git a/auth_api_key/static/description/index.html b/auth_api_key/static/description/index.html
index c1b7ac4c3..7a7b1e4a9 100644
--- a/auth_api_key/static/description/index.html
+++ b/auth_api_key/static/description/index.html
@@ -367,7 +367,7 @@ Auth Api Key
!! This file is generated by oca-gen-addon-readme !!
!! changes will be overwritten. !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!! source digest: sha256:455a0f8646088cc228c9423fcbabbc1d81cabbebd0cac6dcf07bbbe000a6fc87
+!! source digest: sha256:bfed24ce8c3a57ea6a6270a37d412ab6fe00b5d2004270943ad5f9039a572fcc
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->
Authenticate http requests from an API key.
@@ -379,6 +379,18 @@ Auth Api Key
from known sources.
For unknown sources, it is a good practice to filter out this header at
proxy level.
+Odoo allows users to authenticate XMLRPC/JSONRPC calls using their
+API key instead of a password by native API keys (res.users.apikey).
+However, auth_api_key has some special features of its own such as:
+
+- API keys remain usable even when the user is inactive, if enabled via
+settings (e.g., for system users in a shopinvader case).
+- Supports dual authentication via Basic Auth and API_KEY in separate
+HTTP headers.
+- Admins can manage API keys for all users
+
+Given these advantages, particularly in use case like system user
+authentication, we have decided to keep the auth_api_key module
Table of contents
diff --git a/setup/_metapackage/pyproject.toml b/setup/_metapackage/pyproject.toml
index 2ff7adca3..b5735c8fa 100644
--- a/setup/_metapackage/pyproject.toml
+++ b/setup/_metapackage/pyproject.toml
@@ -1,7 +1,8 @@
[project]
name = "odoo-addons-oca-server-auth"
-version = "18.0.20241011.0"
+version = "18.0.20241011.1"
dependencies = [
+ "odoo-addon-auth_api_key==18.0.*",
"odoo-addon-base_user_empty_password==18.0.*",
]
classifiers=[