diff --git a/auth_api_key/README.rst b/auth_api_key/README.rst
new file mode 100644
index 0000000000..6fc2d05e57
--- /dev/null
+++ b/auth_api_key/README.rst
@@ -0,0 +1,123 @@
+============
+Auth Api Key
+============
+
+.. 
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! source digest: sha256:455a0f8646088cc228c9423fcbabbc1d81cabbebd0cac6dcf07bbbe000a6fc87
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Production%2FStable-green.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Production/Stable
+.. |badge2| image:: https://img.shields.io/badge/licence-LGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/lgpl-3.0-standalone.html
+    :alt: License: LGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github
+    :target: https://github.com/OCA/server-auth/tree/18.0/auth_api_key
+    :alt: OCA/server-auth
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/server-auth-18-0/server-auth-18-0-auth_api_key
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
+    :target: https://runboat.odoo-community.org/builds?repo=OCA/server-auth&target_branch=18.0
+    :alt: Try me on Runboat
+
+|badge1| |badge2| |badge3| |badge4| |badge5|
+
+Authenticate http requests from an API key.
+
+API keys are codes passed in (in the http header API-KEY) by programs
+calling an API in order to identify -in this case- the calling program's
+user.
+
+Take care while using this kind of mechanism since information into http
+headers are visible in clear. Thus, use it only to authenticate requests
+from known sources.
+
+For unknown sources, it is a good practice to filter out this header at
+proxy level.
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Configuration
+=============
+
+The api key menu is available into Settings > Technical in debug mode.
+By default, when you create an API key, the key is saved into the
+database.
+
+If you want to manage them via serve environment settings use
+auth_api_key_server_env.
+
+Usage
+=====
+
+To apply this authentication system to your http request you must set
+'api_key' as value for the 'auth' parameter of your route definition
+into your controller.
+
+.. code:: python
+
+   class MyController(Controller):
+
+       @route('/my_service', auth='api_key', ...)
+       def my_service(self, *args, **kwargs):
+           pass
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-auth/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20auth_api_key%0Aversion:%2018.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+-------
+
+* ACSONE SA/NV
+
+Contributors
+------------
+
+-  Denis Robinet <denis.robinet@acsone.eu>
+-  Laurent Mignon <laurent.mignon@acsone.eu>
+-  Quentin Groulard <quentin.groulard@acsone.eu>
+-  Sébastien Beau <sebastien.beau@akretion.com>
+-  Chafique Delli <chafique.delli@akretion.com>
+-  Thien Vo Hong <thienvh@trobz.com>
+
+Other credits
+-------------
+
+The migration of this module from 17.0 to 18.0 was financially supported
+by Camptocamp.
+
+Maintainers
+-----------
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+This module is part of the `OCA/server-auth <https://github.com/OCA/server-auth/tree/18.0/auth_api_key>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.
diff --git a/auth_api_key/__init__.py b/auth_api_key/__init__.py
new file mode 100644
index 0000000000..0650744f6b
--- /dev/null
+++ b/auth_api_key/__init__.py
@@ -0,0 +1 @@
+from . import models
diff --git a/auth_api_key/__manifest__.py b/auth_api_key/__manifest__.py
new file mode 100644
index 0000000000..a8fa4ae7a4
--- /dev/null
+++ b/auth_api_key/__manifest__.py
@@ -0,0 +1,19 @@
+# Copyright 2018 ACSONE SA/NV
+# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
+
+{
+    "name": "Auth Api Key",
+    "summary": """
+        Authenticate http requests from an API key""",
+    "version": "18.0.1.0.0",
+    "license": "LGPL-3",
+    "author": "ACSONE SA/NV,Odoo Community Association (OCA)",
+    "website": "https://github.com/OCA/server-auth",
+    "development_status": "Production/Stable",
+    "depends": ["base_setup"],
+    "data": [
+        "security/ir.model.access.csv",
+        "views/auth_api_key.xml",
+        "views/res_config_settings.xml",
+    ],
+}
diff --git a/auth_api_key/i18n/auth_api_key.pot b/auth_api_key/i18n/auth_api_key.pot
new file mode 100644
index 0000000000..16489df0cb
--- /dev/null
+++ b/auth_api_key/i18n/auth_api_key.pot
@@ -0,0 +1,108 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+# 	* auth_api_key
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 17.0\n"
+"Report-Msgid-Bugs-To: \n"
+"Last-Translator: \n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: \n"
+
+#. module: auth_api_key
+#: model:ir.model,name:auth_api_key.model_auth_api_key
+msgid "API Key"
+msgstr ""
+
+#. module: auth_api_key
+#: model:ir.model.constraint,message:auth_api_key.constraint_auth_api_key_name_uniq
+msgid "Api Key name must be unique."
+msgstr ""
+
+#. module: auth_api_key
+#: model:ir.actions.act_window,name:auth_api_key.auth_api_key_act_window
+#: model:ir.ui.menu,name:auth_api_key.auth_api_key_menu
+msgid "Auth Api Key"
+msgstr ""
+
+#. module: auth_api_key
+#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__create_uid
+msgid "Created by"
+msgstr ""
+
+#. module: auth_api_key
+#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__create_date
+msgid "Created on"
+msgstr ""
+
+#. module: auth_api_key
+#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__display_name
+msgid "Display Name"
+msgstr ""
+
+#. module: auth_api_key
+#: model:ir.model,name:auth_api_key.model_ir_http
+msgid "HTTP Routing"
+msgstr ""
+
+#. module: auth_api_key
+#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__id
+msgid "ID"
+msgstr ""
+
+#. module: auth_api_key
+#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__key
+msgid "Key"
+msgstr ""
+
+#. module: auth_api_key
+#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__write_uid
+msgid "Last Updated by"
+msgstr ""
+
+#. module: auth_api_key
+#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__write_date
+msgid "Last Updated on"
+msgstr ""
+
+#. module: auth_api_key
+#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__name
+msgid "Name"
+msgstr ""
+
+#. module: auth_api_key
+#: model:ir.model.fields,help:auth_api_key.field_auth_api_key__key
+msgid ""
+"The API key. Enter a dummy value in this field if it is\n"
+"        obtained from the server environment configuration."
+msgstr ""
+
+#. module: auth_api_key
+#. odoo-python
+#: code:addons/auth_api_key/models/auth_api_key.py:0
+#, python-format
+msgid "The key %s is not allowed"
+msgstr ""
+
+#. module: auth_api_key
+#: model:ir.model.fields,help:auth_api_key.field_auth_api_key__user_id
+msgid ""
+"The user used to process the requests authenticated by\n"
+"        the api key"
+msgstr ""
+
+#. module: auth_api_key
+#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__user_id
+msgid "User"
+msgstr ""
+
+#. module: auth_api_key
+#. odoo-python
+#: code:addons/auth_api_key/models/auth_api_key.py:0
+#, python-format
+msgid "User is not allowed"
+msgstr ""
diff --git a/auth_api_key/i18n/it.po b/auth_api_key/i18n/it.po
new file mode 100644
index 0000000000..cfb1f39043
--- /dev/null
+++ b/auth_api_key/i18n/it.po
@@ -0,0 +1,121 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+# 	* auth_api_key
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 15.0\n"
+"Report-Msgid-Bugs-To: \n"
+"PO-Revision-Date: 2024-08-17 18:58+0000\n"
+"Last-Translator: mymage <stefano.consolaro@mymage.it>\n"
+"Language-Team: none\n"
+"Language: it\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+"X-Generator: Weblate 5.6.2\n"
+
+#. module: auth_api_key
+#: model:ir.model,name:auth_api_key.model_auth_api_key
+msgid "API Key"
+msgstr "Chiave API"
+
+#. module: auth_api_key
+#: model:ir.model.constraint,message:auth_api_key.constraint_auth_api_key_name_uniq
+msgid "Api Key name must be unique."
+msgstr "La chiave API deve essere univoca."
+
+#. module: auth_api_key
+#: model:ir.actions.act_window,name:auth_api_key.auth_api_key_act_window
+#: model:ir.ui.menu,name:auth_api_key.auth_api_key_menu
+msgid "Auth Api Key"
+msgstr "Chiave API di autenticazione"
+
+#. module: auth_api_key
+#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__create_uid
+msgid "Created by"
+msgstr "Creato da"
+
+#. module: auth_api_key
+#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__create_date
+msgid "Created on"
+msgstr "Creato il"
+
+#. module: auth_api_key
+#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__display_name
+msgid "Display Name"
+msgstr "Nome visualizzato"
+
+#. module: auth_api_key
+#: model:ir.model,name:auth_api_key.model_ir_http
+msgid "HTTP Routing"
+msgstr "Instradamento HTTP"
+
+#. module: auth_api_key
+#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__id
+msgid "ID"
+msgstr "ID"
+
+#. module: auth_api_key
+#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__key
+msgid "Key"
+msgstr "Chiave"
+
+#. module: auth_api_key
+#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__write_uid
+msgid "Last Updated by"
+msgstr "Ultimo aggiornamento di"
+
+#. module: auth_api_key
+#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__write_date
+msgid "Last Updated on"
+msgstr "Ultimo aggiornamento il"
+
+#. module: auth_api_key
+#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__name
+msgid "Name"
+msgstr "Nome"
+
+#. module: auth_api_key
+#: model:ir.model.fields,help:auth_api_key.field_auth_api_key__key
+msgid ""
+"The API key. Enter a dummy value in this field if it is\n"
+"        obtained from the server environment configuration."
+msgstr ""
+"Chiave API. Se viene acquisita dalla configurazione\n"
+"        ambiente del server, inserire nel campo un valore fittizio."
+
+#. module: auth_api_key
+#. odoo-python
+#: code:addons/auth_api_key/models/auth_api_key.py:0
+#, python-format
+msgid "The key %s is not allowed"
+msgstr "Chiave %s non autorizzata"
+
+#. module: auth_api_key
+#: model:ir.model.fields,help:auth_api_key.field_auth_api_key__user_id
+msgid ""
+"The user used to process the requests authenticated by\n"
+"        the api key"
+msgstr ""
+"Utente utilizzato per elaborare le richieste autenticate\n"
+"        dalla chiave API"
+
+#. module: auth_api_key
+#: model:ir.model.fields,field_description:auth_api_key.field_auth_api_key__user_id
+msgid "User"
+msgstr "Utente"
+
+#. module: auth_api_key
+#. odoo-python
+#: code:addons/auth_api_key/models/auth_api_key.py:0
+#, python-format
+msgid "User is not allowed"
+msgstr "Utente non autorizzato"
+
+#~ msgid "Last Modified on"
+#~ msgstr "Ultima modifica il"
+
+#~ msgid "Server Env Defaults"
+#~ msgstr "Variabili ambiente predefinite del server"
diff --git a/auth_api_key/models/__init__.py b/auth_api_key/models/__init__.py
new file mode 100644
index 0000000000..7c1ac84290
--- /dev/null
+++ b/auth_api_key/models/__init__.py
@@ -0,0 +1,4 @@
+from . import ir_http
+from . import auth_api_key
+from . import res_company
+from . import res_config_settings
diff --git a/auth_api_key/models/auth_api_key.py b/auth_api_key/models/auth_api_key.py
new file mode 100644
index 0000000000..cdbda3b93e
--- /dev/null
+++ b/auth_api_key/models/auth_api_key.py
@@ -0,0 +1,78 @@
+# Copyright 2018 ACSONE SA/NV
+# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
+
+from odoo import _, api, fields, models, tools
+from odoo.exceptions import AccessError, ValidationError
+from odoo.tools import consteq
+
+
+class AuthApiKey(models.Model):
+    _name = "auth.api.key"
+    _description = "API Key"
+
+    name = fields.Char(required=True)
+    key = fields.Char(
+        required=True,
+        help="""The API key. Enter a dummy value in this field if it is
+        obtained from the server environment configuration.""",
+    )
+    user_id = fields.Many2one(
+        comodel_name="res.users",
+        string="User",
+        required=True,
+        help="""The user used to process the requests authenticated by
+        the api key""",
+    )
+    # Not using related to stay backward compatible with having active keys
+    # for archived users (no need being invoiced by Odoo for api request users)
+    active = fields.Boolean(
+        compute="_compute_active", readonly=False, store=True, default=True
+    )
+
+    _sql_constraints = [("name_uniq", "unique(name)", "Api Key name must be unique.")]
+
+    @api.model
+    def _retrieve_api_key(self, key):
+        return self.browse(self._retrieve_api_key_id(key))
+
+    @api.model
+    @tools.ormcache("key")
+    def _retrieve_api_key_id(self, key):
+        if not self.env.user.has_group("base.group_system"):
+            raise AccessError(_("User is not allowed"))
+        for api_key in self.search([]):
+            if api_key.key and consteq(key, api_key.key):
+                return api_key.id
+        raise ValidationError(_(f"The key {key} is not allowed"))
+
+    @api.model
+    @tools.ormcache("key")
+    def _retrieve_uid_from_api_key(self, key):
+        return self._retrieve_api_key(key).user_id.id
+
+    def _clear_key_cache(self):
+        self.env.registry.clear_cache()
+
+    @api.depends(
+        "user_id.active", "user_id.company_id.archived_user_disable_auth_api_key"
+    )
+    def _compute_active(self):
+        option_disable_key = self.user_id.company_id.archived_user_disable_auth_api_key
+        for record in self:
+            if option_disable_key:
+                record.active = record.user_id.active
+            # To stay coherent if the option is disabled the active field is not
+            # changed. Because the field is stored, it should not be an issue.
+
+    @api.model_create_multi
+    def create(self, vals_list):
+        records = super().create(vals_list)
+        if any(["key" in vals or "user_id" in vals for vals in vals_list]):
+            self._clear_key_cache()
+        return records
+
+    def write(self, vals):
+        super().write(vals)
+        if "key" in vals or "user_id" in vals:
+            self._clear_key_cache()
+        return True
diff --git a/auth_api_key/models/ir_http.py b/auth_api_key/models/ir_http.py
new file mode 100644
index 0000000000..7b02f0c39c
--- /dev/null
+++ b/auth_api_key/models/ir_http.py
@@ -0,0 +1,36 @@
+# Copyright 2018 ACSONE SA/NV
+# Copyright 2017 Akretion (http://www.akretion.com).
+# @author Sébastien BEAU <sebastien.beau@akretion.com>
+# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
+
+import logging
+
+from odoo import models
+from odoo.exceptions import AccessDenied
+from odoo.http import request
+
+_logger = logging.getLogger(__name__)
+
+
+class IrHttp(models.AbstractModel):
+    _inherit = "ir.http"
+
+    @classmethod
+    def _auth_method_api_key(cls):
+        headers = request.httprequest.environ
+        api_key = headers.get("HTTP_API_KEY")
+        if api_key:
+            request.update_env(user=1)
+            auth_api_key = request.env["auth.api.key"]._retrieve_api_key(api_key)
+            if auth_api_key:
+                # reset _env on the request since we change the uid...
+                # the next call to env will instantiate an new
+                # odoo.api.Environment with the user defined on the
+                # auth.api_key
+                request._env = None
+                request.update_env(user=auth_api_key.user_id.id)
+                request.auth_api_key = api_key
+                request.auth_api_key_id = auth_api_key.id
+                return True
+        _logger.error("Wrong HTTP_API_KEY, access denied")
+        raise AccessDenied()
diff --git a/auth_api_key/models/res_company.py b/auth_api_key/models/res_company.py
new file mode 100644
index 0000000000..adfdf2cb78
--- /dev/null
+++ b/auth_api_key/models/res_company.py
@@ -0,0 +1,17 @@
+# Copyright 2023 Camptocamp SA
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html)
+
+from odoo import fields, models
+
+
+class ResCompany(models.Model):
+    _inherit = "res.company"
+
+    archived_user_disable_auth_api_key = fields.Boolean(
+        string="Disable API key for archived user",
+        help=(
+            "If checked, when a user is archived/unactivated the same change is "
+            "propagated to his related api key. It is not retroactive (nothing is done "
+            " when enabling/disabling this option)."
+        ),
+    )
diff --git a/auth_api_key/models/res_config_settings.py b/auth_api_key/models/res_config_settings.py
new file mode 100644
index 0000000000..f7cc3aeaff
--- /dev/null
+++ b/auth_api_key/models/res_config_settings.py
@@ -0,0 +1,12 @@
+# Copyright 2023 Camptocamp SA
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html)
+
+from odoo import fields, models
+
+
+class ResConfigSettings(models.TransientModel):
+    _inherit = "res.config.settings"
+
+    archived_user_disable_auth_api_key = fields.Boolean(
+        related="company_id.archived_user_disable_auth_api_key", readonly=False
+    )
diff --git a/auth_api_key/pyproject.toml b/auth_api_key/pyproject.toml
new file mode 100644
index 0000000000..4231d0cccb
--- /dev/null
+++ b/auth_api_key/pyproject.toml
@@ -0,0 +1,3 @@
+[build-system]
+requires = ["whool"]
+build-backend = "whool.buildapi"
diff --git a/auth_api_key/readme/CONFIGURE.md b/auth_api_key/readme/CONFIGURE.md
new file mode 100644
index 0000000000..f791dd13ab
--- /dev/null
+++ b/auth_api_key/readme/CONFIGURE.md
@@ -0,0 +1,6 @@
+The api key menu is available into Settings \> Technical in debug mode.
+By default, when you create an API key, the key is saved into the
+database.
+
+If you want to manage them via serve environment settings use
+auth_api_key_server_env.
diff --git a/auth_api_key/readme/CONTRIBUTORS.md b/auth_api_key/readme/CONTRIBUTORS.md
new file mode 100644
index 0000000000..efda422667
--- /dev/null
+++ b/auth_api_key/readme/CONTRIBUTORS.md
@@ -0,0 +1,6 @@
+- Denis Robinet \<<denis.robinet@acsone.eu>\>
+- Laurent Mignon \<<laurent.mignon@acsone.eu>\>
+- Quentin Groulard \<<quentin.groulard@acsone.eu>\>
+- Sébastien Beau \<<sebastien.beau@akretion.com>\>
+- Chafique Delli \<<chafique.delli@akretion.com>\>
+- Thien Vo Hong \<<thienvh@trobz.com>\>
diff --git a/auth_api_key/readme/CREDITS.md b/auth_api_key/readme/CREDITS.md
new file mode 100644
index 0000000000..a2a771b1ca
--- /dev/null
+++ b/auth_api_key/readme/CREDITS.md
@@ -0,0 +1 @@
+The migration of this module from 17.0 to 18.0 was financially supported by Camptocamp.
\ No newline at end of file
diff --git a/auth_api_key/readme/DESCRIPTION.md b/auth_api_key/readme/DESCRIPTION.md
new file mode 100644
index 0000000000..4cac579599
--- /dev/null
+++ b/auth_api_key/readme/DESCRIPTION.md
@@ -0,0 +1,19 @@
+Authenticate http requests from an API key.
+
+API keys are codes passed in (in the http header API-KEY) by programs
+calling an API in order to identify -in this case- the calling program's
+user.
+
+Take care while using this kind of mechanism since information into http
+headers are visible in clear. Thus, use it only to authenticate requests
+from known sources.
+
+For unknown sources, it is a good practice to filter out this header at
+proxy level.
+
+Odoo allows users to authenticate `XMLRPC/JSONRPC` calls using their API key instead of a password by native API keys (`res.users.apikey`). However, `auth_api_key` has some special features of its own such as:
+- API keys remain usable even when the user is inactive, if enabled via settings (e.g., for system users in a shopinvader case).
+- Supports dual authentication via Basic Auth and API_KEY in separate HTTP headers.
+- Admins can manage API keys for all users
+
+Given these advantages, particularly in use case like system user authentication, we have decided to keep the `auth_api_key` module
\ No newline at end of file
diff --git a/auth_api_key/readme/USAGE.md b/auth_api_key/readme/USAGE.md
new file mode 100644
index 0000000000..547d48759c
--- /dev/null
+++ b/auth_api_key/readme/USAGE.md
@@ -0,0 +1,11 @@
+To apply this authentication system to your http request you must set
+'api_key' as value for the 'auth' parameter of your route definition
+into your controller.
+
+``` python
+class MyController(Controller):
+
+    @route('/my_service', auth='api_key', ...)
+    def my_service(self, *args, **kwargs):
+        pass
+```
diff --git a/auth_api_key/security/ir.model.access.csv b/auth_api_key/security/ir.model.access.csv
new file mode 100644
index 0000000000..b964d8c1de
--- /dev/null
+++ b/auth_api_key/security/ir.model.access.csv
@@ -0,0 +1,2 @@
+id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
+access_auth_api_key,access_auth_api_key,model_auth_api_key,base.group_system,1,1,1,1
diff --git a/auth_api_key/static/description/icon.png b/auth_api_key/static/description/icon.png
new file mode 100644
index 0000000000..3a0328b516
Binary files /dev/null and b/auth_api_key/static/description/icon.png differ
diff --git a/auth_api_key/static/description/index.html b/auth_api_key/static/description/index.html
new file mode 100644
index 0000000000..c1b7ac4c31
--- /dev/null
+++ b/auth_api_key/static/description/index.html
@@ -0,0 +1,465 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<meta name="generator" content="Docutils: https://docutils.sourceforge.io/" />
+<title>Auth Api Key</title>
+<style type="text/css">
+
+/*
+:Author: David Goodger (goodger@python.org)
+:Id: $Id: html4css1.css 9511 2024-01-13 09:50:07Z milde $
+:Copyright: This stylesheet has been placed in the public domain.
+
+Default cascading style sheet for the HTML output of Docutils.
+Despite the name, some widely supported CSS2 features are used.
+
+See https://docutils.sourceforge.io/docs/howto/html-stylesheets.html for how to
+customize this style sheet.
+*/
+
+/* used to remove borders from tables and images */
+.borderless, table.borderless td, table.borderless th {
+  border: 0 }
+
+table.borderless td, table.borderless th {
+  /* Override padding for "table.docutils td" with "! important".
+     The right padding separates the table cells. */
+  padding: 0 0.5em 0 0 ! important }
+
+.first {
+  /* Override more specific margin styles with "! important". */
+  margin-top: 0 ! important }
+
+.last, .with-subtitle {
+  margin-bottom: 0 ! important }
+
+.hidden {
+  display: none }
+
+.subscript {
+  vertical-align: sub;
+  font-size: smaller }
+
+.superscript {
+  vertical-align: super;
+  font-size: smaller }
+
+a.toc-backref {
+  text-decoration: none ;
+  color: black }
+
+blockquote.epigraph {
+  margin: 2em 5em ; }
+
+dl.docutils dd {
+  margin-bottom: 0.5em }
+
+object[type="image/svg+xml"], object[type="application/x-shockwave-flash"] {
+  overflow: hidden;
+}
+
+/* Uncomment (and remove this text!) to get bold-faced definition list terms
+dl.docutils dt {
+  font-weight: bold }
+*/
+
+div.abstract {
+  margin: 2em 5em }
+
+div.abstract p.topic-title {
+  font-weight: bold ;
+  text-align: center }
+
+div.admonition, div.attention, div.caution, div.danger, div.error,
+div.hint, div.important, div.note, div.tip, div.warning {
+  margin: 2em ;
+  border: medium outset ;
+  padding: 1em }
+
+div.admonition p.admonition-title, div.hint p.admonition-title,
+div.important p.admonition-title, div.note p.admonition-title,
+div.tip p.admonition-title {
+  font-weight: bold ;
+  font-family: sans-serif }
+
+div.attention p.admonition-title, div.caution p.admonition-title,
+div.danger p.admonition-title, div.error p.admonition-title,
+div.warning p.admonition-title, .code .error {
+  color: red ;
+  font-weight: bold ;
+  font-family: sans-serif }
+
+/* Uncomment (and remove this text!) to get reduced vertical space in
+   compound paragraphs.
+div.compound .compound-first, div.compound .compound-middle {
+  margin-bottom: 0.5em }
+
+div.compound .compound-last, div.compound .compound-middle {
+  margin-top: 0.5em }
+*/
+
+div.dedication {
+  margin: 2em 5em ;
+  text-align: center ;
+  font-style: italic }
+
+div.dedication p.topic-title {
+  font-weight: bold ;
+  font-style: normal }
+
+div.figure {
+  margin-left: 2em ;
+  margin-right: 2em }
+
+div.footer, div.header {
+  clear: both;
+  font-size: smaller }
+
+div.line-block {
+  display: block ;
+  margin-top: 1em ;
+  margin-bottom: 1em }
+
+div.line-block div.line-block {
+  margin-top: 0 ;
+  margin-bottom: 0 ;
+  margin-left: 1.5em }
+
+div.sidebar {
+  margin: 0 0 0.5em 1em ;
+  border: medium outset ;
+  padding: 1em ;
+  background-color: #ffffee ;
+  width: 40% ;
+  float: right ;
+  clear: right }
+
+div.sidebar p.rubric {
+  font-family: sans-serif ;
+  font-size: medium }
+
+div.system-messages {
+  margin: 5em }
+
+div.system-messages h1 {
+  color: red }
+
+div.system-message {
+  border: medium outset ;
+  padding: 1em }
+
+div.system-message p.system-message-title {
+  color: red ;
+  font-weight: bold }
+
+div.topic {
+  margin: 2em }
+
+h1.section-subtitle, h2.section-subtitle, h3.section-subtitle,
+h4.section-subtitle, h5.section-subtitle, h6.section-subtitle {
+  margin-top: 0.4em }
+
+h1.title {
+  text-align: center }
+
+h2.subtitle {
+  text-align: center }
+
+hr.docutils {
+  width: 75% }
+
+img.align-left, .figure.align-left, object.align-left, table.align-left {
+  clear: left ;
+  float: left ;
+  margin-right: 1em }
+
+img.align-right, .figure.align-right, object.align-right, table.align-right {
+  clear: right ;
+  float: right ;
+  margin-left: 1em }
+
+img.align-center, .figure.align-center, object.align-center {
+  display: block;
+  margin-left: auto;
+  margin-right: auto;
+}
+
+table.align-center {
+  margin-left: auto;
+  margin-right: auto;
+}
+
+.align-left {
+  text-align: left }
+
+.align-center {
+  clear: both ;
+  text-align: center }
+
+.align-right {
+  text-align: right }
+
+/* reset inner alignment in figures */
+div.align-right {
+  text-align: inherit }
+
+/* div.align-center * { */
+/*   text-align: left } */
+
+.align-top    {
+  vertical-align: top }
+
+.align-middle {
+  vertical-align: middle }
+
+.align-bottom {
+  vertical-align: bottom }
+
+ol.simple, ul.simple {
+  margin-bottom: 1em }
+
+ol.arabic {
+  list-style: decimal }
+
+ol.loweralpha {
+  list-style: lower-alpha }
+
+ol.upperalpha {
+  list-style: upper-alpha }
+
+ol.lowerroman {
+  list-style: lower-roman }
+
+ol.upperroman {
+  list-style: upper-roman }
+
+p.attribution {
+  text-align: right ;
+  margin-left: 50% }
+
+p.caption {
+  font-style: italic }
+
+p.credits {
+  font-style: italic ;
+  font-size: smaller }
+
+p.label {
+  white-space: nowrap }
+
+p.rubric {
+  font-weight: bold ;
+  font-size: larger ;
+  color: maroon ;
+  text-align: center }
+
+p.sidebar-title {
+  font-family: sans-serif ;
+  font-weight: bold ;
+  font-size: larger }
+
+p.sidebar-subtitle {
+  font-family: sans-serif ;
+  font-weight: bold }
+
+p.topic-title {
+  font-weight: bold }
+
+pre.address {
+  margin-bottom: 0 ;
+  margin-top: 0 ;
+  font: inherit }
+
+pre.literal-block, pre.doctest-block, pre.math, pre.code {
+  margin-left: 2em ;
+  margin-right: 2em }
+
+pre.code .ln { color: gray; } /* line numbers */
+pre.code, code { background-color: #eeeeee }
+pre.code .comment, code .comment { color: #5C6576 }
+pre.code .keyword, code .keyword { color: #3B0D06; font-weight: bold }
+pre.code .literal.string, code .literal.string { color: #0C5404 }
+pre.code .name.builtin, code .name.builtin { color: #352B84 }
+pre.code .deleted, code .deleted { background-color: #DEB0A1}
+pre.code .inserted, code .inserted { background-color: #A3D289}
+
+span.classifier {
+  font-family: sans-serif ;
+  font-style: oblique }
+
+span.classifier-delimiter {
+  font-family: sans-serif ;
+  font-weight: bold }
+
+span.interpreted {
+  font-family: sans-serif }
+
+span.option {
+  white-space: nowrap }
+
+span.pre {
+  white-space: pre }
+
+span.problematic, pre.problematic {
+  color: red }
+
+span.section-subtitle {
+  /* font-size relative to parent (h1..h6 element) */
+  font-size: 80% }
+
+table.citation {
+  border-left: solid 1px gray;
+  margin-left: 1px }
+
+table.docinfo {
+  margin: 2em 4em }
+
+table.docutils {
+  margin-top: 0.5em ;
+  margin-bottom: 0.5em }
+
+table.footnote {
+  border-left: solid 1px black;
+  margin-left: 1px }
+
+table.docutils td, table.docutils th,
+table.docinfo td, table.docinfo th {
+  padding-left: 0.5em ;
+  padding-right: 0.5em ;
+  vertical-align: top }
+
+table.docutils th.field-name, table.docinfo th.docinfo-name {
+  font-weight: bold ;
+  text-align: left ;
+  white-space: nowrap ;
+  padding-left: 0 }
+
+/* "booktabs" style (no vertical lines) */
+table.docutils.booktabs {
+  border: 0px;
+  border-top: 2px solid;
+  border-bottom: 2px solid;
+  border-collapse: collapse;
+}
+table.docutils.booktabs * {
+  border: 0px;
+}
+table.docutils.booktabs th {
+  border-bottom: thin solid;
+  text-align: left;
+}
+
+h1 tt.docutils, h2 tt.docutils, h3 tt.docutils,
+h4 tt.docutils, h5 tt.docutils, h6 tt.docutils {
+  font-size: 100% }
+
+ul.auto-toc {
+  list-style-type: none }
+
+</style>
+</head>
+<body>
+<div class="document" id="auth-api-key">
+<h1 class="title">Auth Api Key</h1>
+
+<!-- !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!! This file is generated by oca-gen-addon-readme !!
+!! changes will be overwritten.                   !!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!! source digest: sha256:455a0f8646088cc228c9423fcbabbc1d81cabbebd0cac6dcf07bbbe000a6fc87
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->
+<p><a class="reference external image-reference" href="https://odoo-community.org/page/development-status"><img alt="Production/Stable" src="https://img.shields.io/badge/maturity-Production%2FStable-green.png" /></a> <a class="reference external image-reference" href="http://www.gnu.org/licenses/lgpl-3.0-standalone.html"><img alt="License: LGPL-3" src="https://img.shields.io/badge/licence-LGPL--3-blue.png" /></a> <a class="reference external image-reference" href="https://github.com/OCA/server-auth/tree/18.0/auth_api_key"><img alt="OCA/server-auth" src="https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github" /></a> <a class="reference external image-reference" href="https://translation.odoo-community.org/projects/server-auth-18-0/server-auth-18-0-auth_api_key"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external image-reference" href="https://runboat.odoo-community.org/builds?repo=OCA/server-auth&amp;target_branch=18.0"><img alt="Try me on Runboat" src="https://img.shields.io/badge/runboat-Try%20me-875A7B.png" /></a></p>
+<p>Authenticate http requests from an API key.</p>
+<p>API keys are codes passed in (in the http header API-KEY) by programs
+calling an API in order to identify -in this case- the calling program’s
+user.</p>
+<p>Take care while using this kind of mechanism since information into http
+headers are visible in clear. Thus, use it only to authenticate requests
+from known sources.</p>
+<p>For unknown sources, it is a good practice to filter out this header at
+proxy level.</p>
+<p><strong>Table of contents</strong></p>
+<div class="contents local topic" id="contents">
+<ul class="simple">
+<li><a class="reference internal" href="#configuration" id="toc-entry-1">Configuration</a></li>
+<li><a class="reference internal" href="#usage" id="toc-entry-2">Usage</a></li>
+<li><a class="reference internal" href="#bug-tracker" id="toc-entry-3">Bug Tracker</a></li>
+<li><a class="reference internal" href="#credits" id="toc-entry-4">Credits</a><ul>
+<li><a class="reference internal" href="#authors" id="toc-entry-5">Authors</a></li>
+<li><a class="reference internal" href="#contributors" id="toc-entry-6">Contributors</a></li>
+<li><a class="reference internal" href="#other-credits" id="toc-entry-7">Other credits</a></li>
+<li><a class="reference internal" href="#maintainers" id="toc-entry-8">Maintainers</a></li>
+</ul>
+</li>
+</ul>
+</div>
+<div class="section" id="configuration">
+<h1><a class="toc-backref" href="#toc-entry-1">Configuration</a></h1>
+<p>The api key menu is available into Settings &gt; Technical in debug mode.
+By default, when you create an API key, the key is saved into the
+database.</p>
+<p>If you want to manage them via serve environment settings use
+auth_api_key_server_env.</p>
+</div>
+<div class="section" id="usage">
+<h1><a class="toc-backref" href="#toc-entry-2">Usage</a></h1>
+<p>To apply this authentication system to your http request you must set
+‘api_key’ as value for the ‘auth’ parameter of your route definition
+into your controller.</p>
+<pre class="code python literal-block">
+<span class="k">class</span> <span class="nc">MyController</span><span class="p">(</span><span class="n">Controller</span><span class="p">):</span><span class="w">
+
+</span>    <span class="nd">&#64;route</span><span class="p">(</span><span class="s1">'/my_service'</span><span class="p">,</span> <span class="n">auth</span><span class="o">=</span><span class="s1">'api_key'</span><span class="p">,</span> <span class="o">...</span><span class="p">)</span><span class="w">
+</span>    <span class="k">def</span> <span class="nf">my_service</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span><span class="w">
+</span>        <span class="k">pass</span>
+</pre>
+</div>
+<div class="section" id="bug-tracker">
+<h1><a class="toc-backref" href="#toc-entry-3">Bug Tracker</a></h1>
+<p>Bugs are tracked on <a class="reference external" href="https://github.com/OCA/server-auth/issues">GitHub Issues</a>.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+<a class="reference external" href="https://github.com/OCA/server-auth/issues/new?body=module:%20auth_api_key%0Aversion:%2018.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**">feedback</a>.</p>
+<p>Do not contact contributors directly about support or help with technical issues.</p>
+</div>
+<div class="section" id="credits">
+<h1><a class="toc-backref" href="#toc-entry-4">Credits</a></h1>
+<div class="section" id="authors">
+<h2><a class="toc-backref" href="#toc-entry-5">Authors</a></h2>
+<ul class="simple">
+<li>ACSONE SA/NV</li>
+</ul>
+</div>
+<div class="section" id="contributors">
+<h2><a class="toc-backref" href="#toc-entry-6">Contributors</a></h2>
+<ul class="simple">
+<li>Denis Robinet &lt;<a class="reference external" href="mailto:denis.robinet&#64;acsone.eu">denis.robinet&#64;acsone.eu</a>&gt;</li>
+<li>Laurent Mignon &lt;<a class="reference external" href="mailto:laurent.mignon&#64;acsone.eu">laurent.mignon&#64;acsone.eu</a>&gt;</li>
+<li>Quentin Groulard &lt;<a class="reference external" href="mailto:quentin.groulard&#64;acsone.eu">quentin.groulard&#64;acsone.eu</a>&gt;</li>
+<li>Sébastien Beau &lt;<a class="reference external" href="mailto:sebastien.beau&#64;akretion.com">sebastien.beau&#64;akretion.com</a>&gt;</li>
+<li>Chafique Delli &lt;<a class="reference external" href="mailto:chafique.delli&#64;akretion.com">chafique.delli&#64;akretion.com</a>&gt;</li>
+<li>Thien Vo Hong &lt;<a class="reference external" href="mailto:thienvh&#64;trobz.com">thienvh&#64;trobz.com</a>&gt;</li>
+</ul>
+</div>
+<div class="section" id="other-credits">
+<h2><a class="toc-backref" href="#toc-entry-7">Other credits</a></h2>
+<p>The migration of this module from 17.0 to 18.0 was financially supported
+by Camptocamp.</p>
+</div>
+<div class="section" id="maintainers">
+<h2><a class="toc-backref" href="#toc-entry-8">Maintainers</a></h2>
+<p>This module is maintained by the OCA.</p>
+<a class="reference external image-reference" href="https://odoo-community.org">
+<img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" />
+</a>
+<p>OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.</p>
+<p>This module is part of the <a class="reference external" href="https://github.com/OCA/server-auth/tree/18.0/auth_api_key">OCA/server-auth</a> project on GitHub.</p>
+<p>You are welcome to contribute. To learn how please visit <a class="reference external" href="https://odoo-community.org/page/Contribute">https://odoo-community.org/page/Contribute</a>.</p>
+</div>
+</div>
+</div>
+</body>
+</html>
diff --git a/auth_api_key/tests/__init__.py b/auth_api_key/tests/__init__.py
new file mode 100644
index 0000000000..56e3e32a3a
--- /dev/null
+++ b/auth_api_key/tests/__init__.py
@@ -0,0 +1 @@
+from . import test_auth_api_key
diff --git a/auth_api_key/tests/test_auth_api_key.py b/auth_api_key/tests/test_auth_api_key.py
new file mode 100644
index 0000000000..7908c42eb7
--- /dev/null
+++ b/auth_api_key/tests/test_auth_api_key.py
@@ -0,0 +1,70 @@
+# Copyright 2018 ACSONE SA/NV
+# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
+from odoo.exceptions import AccessError, ValidationError
+from odoo.tests.common import TransactionCase
+
+
+class TestAuthApiKey(TransactionCase):
+    @classmethod
+    def setUpClass(cls, *args, **kwargs):
+        super().setUpClass(*args, **kwargs)
+        cls.AuthApiKey = cls.env["auth.api.key"]
+        cls.demo_user = cls.env.ref("base.user_demo")
+        cls.api_key_good = cls.AuthApiKey.create(
+            {"name": "good", "user_id": cls.demo_user.id, "key": "api_key"}
+        )
+
+    def test_lookup_key_from_db(self):
+        demo_user = self.env.ref("base.user_demo")
+        self.assertEqual(
+            self.env["auth.api.key"]._retrieve_uid_from_api_key("api_key"), demo_user.id
+        )
+
+    def test_wrong_key(self):
+        with self.assertRaises(ValidationError), self.env.cr.savepoint():
+            self.env["auth.api.key"]._retrieve_uid_from_api_key("api_wrong_key")
+
+    def test_user_not_allowed(self):
+        # only system users can check for key
+        with self.assertRaises(AccessError), self.env.cr.savepoint():
+            self.env["auth.api.key"].with_user(
+                user=self.demo_user
+            )._retrieve_uid_from_api_key("api_wrong_key")
+
+    def test_cache_invalidation(self):
+        self.assertEqual(
+            self.env["auth.api.key"]._retrieve_uid_from_api_key("api_key"),
+            self.demo_user.id,
+        )
+        self.api_key_good.write({"key": "updated_key"})
+        self.assertEqual(
+            self.env["auth.api.key"]._retrieve_uid_from_api_key("updated_key"),
+            self.demo_user.id,
+        )
+        with self.assertRaises(ValidationError):
+            self.env["auth.api.key"]._retrieve_uid_from_api_key("api_key")
+
+    def test_user_archived_unarchived_with_option_on(self):
+        self.env.company.archived_user_disable_auth_api_key = True
+        demo_user = self.env.ref("base.user_demo")
+        self.assertEqual(
+            self.env["auth.api.key"]._retrieve_uid_from_api_key("api_key"), demo_user.id
+        )
+        demo_user.active = False
+        with self.assertRaises(ValidationError):
+            self.env["auth.api.key"]._retrieve_uid_from_api_key("api_key")
+        demo_user.active = True
+        self.assertEqual(
+            self.env["auth.api.key"]._retrieve_uid_from_api_key("api_key"), demo_user.id
+        )
+
+    def test_user_archived_unarchived_with_option_off(self):
+        self.env.company.archived_user_disable_auth_api_key = False
+        demo_user = self.env.ref("base.user_demo")
+        self.assertEqual(
+            self.env["auth.api.key"]._retrieve_uid_from_api_key("api_key"), demo_user.id
+        )
+        demo_user.active = False
+        self.assertEqual(
+            self.env["auth.api.key"]._retrieve_uid_from_api_key("api_key"), demo_user.id
+        )
diff --git a/auth_api_key/views/auth_api_key.xml b/auth_api_key/views/auth_api_key.xml
new file mode 100644
index 0000000000..d536772b34
--- /dev/null
+++ b/auth_api_key/views/auth_api_key.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!-- Copyright 2019 ACSONE SA/NV
+     License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl). -->
+<odoo>
+    <record model="ir.ui.view" id="auth_api_key_form_view">
+        <field name="name">auth.api.key.form (in auth_api_key)</field>
+        <field name="model">auth.api.key</field>
+        <field name="arch" type="xml">
+            <form>
+                <sheet>
+                  <field name="active" invisible="1" />
+                  <widget
+                        name="web_ribbon"
+                        title="Archived"
+                        bg_color="bg-danger"
+                        invisible="active"
+                    />
+                    <label for="name" class="oe_edit_only" />
+                    <h1>
+                        <field name="name" class="oe_inline" />
+                    </h1>
+                    <group name="config" colspan="4" col="4">
+                        <field name="user_id" colspan="4" />
+                        <field name="key" colspan="4" password="True" />
+                    </group>
+                </sheet>
+            </form>
+        </field>
+    </record>
+    <record model="ir.ui.view" id="auth_api_key_tree_view">
+        <field name="name">auth.api.key.list (in auth_api_key)</field>
+        <field name="model">auth.api.key</field>
+        <field name="arch" type="xml">
+            <list>
+                <field name="name" />
+                <field name="user_id" />
+            </list>
+        </field>
+    </record>
+    <record model="ir.actions.act_window" id="auth_api_key_act_window">
+        <field name="name">Auth Api Key</field>
+        <field name="res_model">auth.api.key</field>
+        <field name="view_mode">list,form</field>
+        <field name="domain">[]</field>
+        <field name="context">{}</field>
+    </record>
+    <record model="ir.ui.menu" id="auth_api_key_menu">
+        <field name="name">Auth Api Key</field>
+        <field name="parent_id" ref="base.menu_custom" />
+        <field name="action" ref="auth_api_key_act_window" />
+        <field name="sequence" eval="100" />
+    </record>
+</odoo>
diff --git a/auth_api_key/views/res_config_settings.xml b/auth_api_key/views/res_config_settings.xml
new file mode 100644
index 0000000000..61438d4a22
--- /dev/null
+++ b/auth_api_key/views/res_config_settings.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!-- Copyright 2023 Camptocamp SA
+     License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl). -->
+<odoo>
+
+  <record id="res_config_settings_view_form" model="ir.ui.view">
+    <field name="name">res.config.settings.form.inherit</field>
+    <field name="model">res.config.settings</field>
+    <field name="inherit_id" ref="base_setup.res_config_settings_view_form" />
+    <field name="arch" type="xml">
+      <xpath expr="//block[@id='user_default_rights']" position="inside">
+        <setting
+                    groups="base.group_no_one"
+                    id="api_key_archive_with_user"
+                    string="Disable API key when archiving user"
+                >
+          <field name="archived_user_disable_auth_api_key" />
+        </setting>
+
+      </xpath>
+
+    </field>
+  </record>
+
+</odoo>