diff --git a/README.md b/README.md
index 1b4d3221d..891d314eb 100644
--- a/README.md
+++ b/README.md
@@ -23,7 +23,7 @@ addon | version | maintainers | summary
--- | --- | --- | ---
[auth_admin_passkey](auth_admin_passkey/) | 17.0.1.0.0 | | Allows system administrator to authenticate with any account
[auth_admin_passkey_totp_mail_enforce](auth_admin_passkey_totp_mail_enforce/) | 17.0.1.0.0 | | Disable 2FA if Passkey is being used
-[auth_api_key](auth_api_key/) | 17.0.1.1.0 | | Authenticate http requests from an API key
+[auth_api_key](auth_api_key/) | 17.0.1.1.1 | | Authenticate http requests from an API key
[auth_api_key_group](auth_api_key_group/) | 17.0.1.0.1 | [](https://github.com/simahawk) | Allow grouping API keys together. Grouping per se does nothing. This feature is supposed to be used by other modules to limit access to services or records based on groups of keys.
[auth_api_key_server_env](auth_api_key_server_env/) | 17.0.1.0.0 | | Configure api keys via server env. This can be very useful to avoid mixing your keys between your various environments when restoring databases. All you have to do is to add a new section to your configuration file according to the following convention:
[auth_oidc](auth_oidc/) | 17.0.1.0.0 | [](https://github.com/sbidoul) | Allow users to login through OpenID Connect Provider
diff --git a/auth_api_key/README.rst b/auth_api_key/README.rst
index e7ed039f9..5914929d3 100644
--- a/auth_api_key/README.rst
+++ b/auth_api_key/README.rst
@@ -7,7 +7,7 @@ Auth Api Key
!! This file is generated by oca-gen-addon-readme !!
!! changes will be overwritten. !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- !! source digest: sha256:5baa940e682e7653045bd8939d27f501b2409da7a9b3ec1ca80597eb2b79e7b7
+ !! source digest: sha256:ae78e8c4442001a4d138783fb1c46e4ad153932b5b8ca56333b08e21cdfbeaef
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
.. |badge1| image:: https://img.shields.io/badge/maturity-Production%2FStable-green.png
@@ -41,6 +41,19 @@ from known sources.
For unknown sources, it is a good practice to filter out this header at
proxy level.
+Odoo allows users to authenticate ``XMLRPC/JSONRPC`` calls using their
+API key instead of a password by native API keys (``res.users.apikey``).
+However, ``auth_api_key`` has some special features of its own such as:
+
+- API keys remain usable even when the user is inactive, if enabled via
+ settings (e.g., for system users in a shopinvader case).
+- Supports dual authentication via Basic Auth and API_KEY in separate
+ HTTP headers.
+- Admins can manage API keys for all users
+
+Given these advantages, particularly in use case like system user
+authentication, we have decided to keep the ``auth_api_key`` module
+
**Table of contents**
.. contents::
diff --git a/auth_api_key/__manifest__.py b/auth_api_key/__manifest__.py
index d429a0d46..2aca21667 100644
--- a/auth_api_key/__manifest__.py
+++ b/auth_api_key/__manifest__.py
@@ -5,7 +5,7 @@
"name": "Auth Api Key",
"summary": """
Authenticate http requests from an API key""",
- "version": "17.0.1.1.0",
+ "version": "17.0.1.1.1",
"license": "LGPL-3",
"author": "ACSONE SA/NV,Odoo Community Association (OCA)",
"website": "https://github.com/OCA/server-auth",
diff --git a/auth_api_key/static/description/index.html b/auth_api_key/static/description/index.html
index 4e38bbf0d..278ee2130 100644
--- a/auth_api_key/static/description/index.html
+++ b/auth_api_key/static/description/index.html
@@ -367,7 +367,7 @@ Auth Api Key
!! This file is generated by oca-gen-addon-readme !!
!! changes will be overwritten. !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!! source digest: sha256:5baa940e682e7653045bd8939d27f501b2409da7a9b3ec1ca80597eb2b79e7b7
+!! source digest: sha256:ae78e8c4442001a4d138783fb1c46e4ad153932b5b8ca56333b08e21cdfbeaef
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->
Authenticate http requests from an API key.
@@ -379,6 +379,18 @@ Auth Api Key
from known sources.
For unknown sources, it is a good practice to filter out this header at
proxy level.
+Odoo allows users to authenticate XMLRPC/JSONRPC calls using their
+API key instead of a password by native API keys (res.users.apikey).
+However, auth_api_key has some special features of its own such as:
+
+- API keys remain usable even when the user is inactive, if enabled via
+settings (e.g., for system users in a shopinvader case).
+- Supports dual authentication via Basic Auth and API_KEY in separate
+HTTP headers.
+- Admins can manage API keys for all users
+
+Given these advantages, particularly in use case like system user
+authentication, we have decided to keep the auth_api_key module
Table of contents