diff --git a/auth_api_key/readme/DESCRIPTION.md b/auth_api_key/readme/DESCRIPTION.md index 6d09ff29d8..4cac579599 100644 --- a/auth_api_key/readme/DESCRIPTION.md +++ b/auth_api_key/readme/DESCRIPTION.md @@ -10,3 +10,10 @@ from known sources. For unknown sources, it is a good practice to filter out this header at proxy level. + +Odoo allows users to authenticate `XMLRPC/JSONRPC` calls using their API key instead of a password by native API keys (`res.users.apikey`). However, `auth_api_key` has some special features of its own such as: +- API keys remain usable even when the user is inactive, if enabled via settings (e.g., for system users in a shopinvader case). +- Supports dual authentication via Basic Auth and API_KEY in separate HTTP headers. +- Admins can manage API keys for all users + +Given these advantages, particularly in use case like system user authentication, we have decided to keep the `auth_api_key` module \ No newline at end of file