Metadata-Version: 2.1
Name: odoo-addon-auth_api_key
Version: 18.0.1.0.2
Requires-Python: >=3.10
Requires-Dist: odoo==18.0.*
Summary: Authenticate http requests from an API key
Home-page: https://github.com/OCA/server-auth
License: LGPL-3
Author: ACSONE SA/NV,Odoo Community Association (OCA)
Author-email: support@odoo-community.org
Classifier: Programming Language :: Python
Classifier: Framework :: Odoo
Classifier: Framework :: Odoo :: 18.0
Classifier: License :: OSI Approved :: GNU Lesser General Public License v3 (LGPLv3)
Classifier: Development Status :: 5 - Production/Stable
Description-Content-Type: text/x-rst

.. image:: https://odoo-community.org/readme-banner-image
   :target: https://odoo-community.org/get-involved?utm_source=readme
   :alt: Odoo Community Association

============
Auth Api Key
============

.. 
   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
   !! This file is generated by oca-gen-addon-readme !!
   !! changes will be overwritten.                   !!
   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
   !! source digest: sha256:dcb7ce207df62f4e833b5d909efb2b85c3ab8d238c75be72072429c9f9839f78
   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

.. |badge1| image:: https://img.shields.io/badge/maturity-Production%2FStable-green.png
    :target: https://odoo-community.org/page/development-status
    :alt: Production/Stable
.. |badge2| image:: https://img.shields.io/badge/license-LGPL--3-blue.png
    :target: http://www.gnu.org/licenses/lgpl-3.0-standalone.html
    :alt: License: LGPL-3
.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github
    :target: https://github.com/OCA/server-auth/tree/18.0/auth_api_key
    :alt: OCA/server-auth
.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
    :target: https://translation.odoo-community.org/projects/server-auth-18-0/server-auth-18-0-auth_api_key
    :alt: Translate me on Weblate
.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
    :target: https://runboat.odoo-community.org/builds?repo=OCA/server-auth&target_branch=18.0
    :alt: Try me on Runboat

|badge1| |badge2| |badge3| |badge4| |badge5|

Authenticate http requests from an API key.

API keys are codes passed in (in the http header API-KEY) by programs
calling an API in order to identify -in this case- the calling program's
user.

Take care while using this kind of mechanism since information into http
headers are visible in clear. Thus, use it only to authenticate requests
from known sources.

For unknown sources, it is a good practice to filter out this header at
proxy level.

Odoo allows users to authenticate ``XMLRPC/JSONRPC`` calls using their
API key instead of a password by native API keys (``res.users.apikey``).
However, ``auth_api_key`` has some special features of its own such as:

- API keys remain usable even when the user is inactive, if enabled via
  settings (e.g., for system users in a shopinvader case).
- Supports dual authentication via Basic Auth and API_KEY in separate
  HTTP headers.
- Admins can manage API keys for all users

Given these advantages, particularly in use case like system user
authentication, we have decided to keep the ``auth_api_key`` module

**Table of contents**

.. contents::
   :local:

Configuration
=============

The api key menu is available into Settings > Technical in debug mode.
By default, when you create an API key, the key is saved into the
database.

If you want to manage them via serve environment settings use
auth_api_key_server_env.

Usage
=====

To apply this authentication system to your http request you must set
'api_key' as value for the 'auth' parameter of your route definition
into your controller.

.. code:: python

   class MyController(Controller):

       @route('/my_service', auth='api_key', ...)
       def my_service(self, *args, **kwargs):
           pass

Bug Tracker
===========

Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-auth/issues>`_.
In case of trouble, please check there if your issue has already been reported.
If you spotted it first, help us to smash it by providing a detailed and welcomed
`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20auth_api_key%0Aversion:%2018.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.

Do not contact contributors directly about support or help with technical issues.

Credits
=======

Authors
-------

* ACSONE SA/NV

Contributors
------------

- Denis Robinet <denis.robinet@acsone.eu>
- Laurent Mignon <laurent.mignon@acsone.eu>
- Quentin Groulard <quentin.groulard@acsone.eu>
- Sébastien Beau <sebastien.beau@akretion.com>
- Chafique Delli <chafique.delli@akretion.com>
- Thien Vo Hong <thienvh@trobz.com>

Other credits
-------------

The migration of this module from 17.0 to 18.0 was financially supported
by Camptocamp.

Maintainers
-----------

This module is maintained by the OCA.

.. image:: https://odoo-community.org/logo.png
   :alt: Odoo Community Association
   :target: https://odoo-community.org

OCA, or the Odoo Community Association, is a nonprofit organization whose
mission is to support the collaborative development of Odoo features and
promote its widespread use.

This module is part of the `OCA/server-auth <https://github.com/OCA/server-auth/tree/18.0/auth_api_key>`_ project on GitHub.

You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.
