Skip to Content

Auth Api Key

by ,
Odoo
v 18.0 Third Party 1246
Download for v 18.0 Deploy on Odoo.sh
Availability
Odoo Online
Odoo.sh
On Premise
Lines of code 163
Technical Name auth_api_key
LicenseLGPL-3
Websitehttps://github.com/OCA/server-auth
Versions 12.0 13.0 14.0 15.0 16.0 17.0 18.0
You bought this module and need support? Click here!

Auth Api Key

Production/Stable License: LGPL-3 OCA/server-auth Translate me on Weblate Try me on Runboat

Authenticate http requests from an API key.

API keys are codes passed in (in the http header API-KEY) by programs calling an API in order to identify -in this case- the calling program’s user.

Take care while using this kind of mechanism since information into http headers are visible in clear. Thus, use it only to authenticate requests from known sources.

For unknown sources, it is a good practice to filter out this header at proxy level.

Odoo allows users to authenticate XMLRPC/JSONRPC calls using their API key instead of a password by native API keys (res.users.apikey). However, auth_api_key has some special features of its own such as:

  • API keys remain usable even when the user is inactive, if enabled via settings (e.g., for system users in a shopinvader case).
  • Supports dual authentication via Basic Auth and API_KEY in separate HTTP headers.
  • Admins can manage API keys for all users

Given these advantages, particularly in use case like system user authentication, we have decided to keep the auth_api_key module

Table of contents

Configuration

The api key menu is available into Settings > Technical in debug mode. By default, when you create an API key, the key is saved into the database.

If you want to manage them via serve environment settings use auth_api_key_server_env.

Usage

To apply this authentication system to your http request you must set ‘api_key’ as value for the ‘auth’ parameter of your route definition into your controller.

class MyController(Controller):

    @route('/my_service', auth='api_key', ...)
    def my_service(self, *args, **kwargs):
        pass

Bug Tracker

Bugs are tracked on GitHub Issues. In case of trouble, please check there if your issue has already been reported. If you spotted it first, help us to smash it by providing a detailed and welcomed feedback.

Do not contact contributors directly about support or help with technical issues.

Credits

Authors

  • ACSONE SA/NV

Contributors

Other credits

The migration of this module from 17.0 to 18.0 was financially supported by Camptocamp.

Maintainers

This module is maintained by the OCA.

Odoo Community Association

OCA, or the Odoo Community Association, is a nonprofit organization whose mission is to support the collaborative development of Odoo features and promote its widespread use.

This module is part of the OCA/server-auth project on GitHub.

You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

Please log in to comment on this module

  • The author can leave a single reply to each comment.
  • This section is meant to ask simple questions or leave a rating. Every report of a problem experienced while using the module should be addressed to the author directly (refer to the following point).
  • If you want to start a discussion with the author, please use the developer contact information. They can usually be found in the description.
Please choose a rating from 1 to 5 for this module.