diff --git a/endpoint_auth_api_key/README.rst b/endpoint_auth_api_key/README.rst
new file mode 100644
index 00000000..e920a20b
--- /dev/null
+++ b/endpoint_auth_api_key/README.rst
@@ -0,0 +1,99 @@
+=====================
+Endpoint Auth API key
+=====================
+
+.. 
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! source digest: sha256:b3eb2a2fa2f116c150a93e188a2ee31d785ec793407301ecb71c55dd791339f4
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Alpha-red.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Alpha
+.. |badge2| image:: https://img.shields.io/badge/licence-LGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/lgpl-3.0-standalone.html
+    :alt: License: LGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fweb--api-lightgray.png?logo=github
+    :target: https://github.com/OCA/web-api/tree/17.0/endpoint_auth_api_key
+    :alt: OCA/web-api
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/web-api-17-0/web-api-17-0-endpoint_auth_api_key
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
+    :target: https://runboat.odoo-community.org/builds?repo=OCA/web-api&target_branch=17.0
+    :alt: Try me on Runboat
+
+|badge1| |badge2| |badge3| |badge4| |badge5|
+
+Provide API key auth for endpoints.
+
+.. IMPORTANT::
+   This is an alpha version, the data model and design can change at any time without warning.
+   Only for development or testing purpose, do not use in production.
+   `More details on development status <https://odoo-community.org/page/development-status>`_
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/web-api/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/web-api/issues/new?body=module:%20endpoint_auth_api_key%0Aversion:%2017.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+-------
+
+* Camptocamp
+
+Contributors
+------------
+
+-  Simone Orsi <simone.orsi@camptocamp.com>
+
+-  `Trobz <https://trobz.com>`__:
+
+      -  Son Ho <sonhd@trobz.com>
+
+Other credits
+-------------
+
+The migration of this module from 14.0 to 16.0 was financially supported
+by Camptocamp
+
+Maintainers
+-----------
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+.. |maintainer-simahawk| image:: https://github.com/simahawk.png?size=40px
+    :target: https://github.com/simahawk
+    :alt: simahawk
+
+Current `maintainer <https://odoo-community.org/page/maintainer-role>`__:
+
+|maintainer-simahawk| 
+
+This module is part of the `OCA/web-api <https://github.com/OCA/web-api/tree/17.0/endpoint_auth_api_key>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.
diff --git a/endpoint_auth_api_key/__init__.py b/endpoint_auth_api_key/__init__.py
new file mode 100644
index 00000000..0650744f
--- /dev/null
+++ b/endpoint_auth_api_key/__init__.py
@@ -0,0 +1 @@
+from . import models
diff --git a/endpoint_auth_api_key/__manifest__.py b/endpoint_auth_api_key/__manifest__.py
new file mode 100644
index 00000000..171a64fa
--- /dev/null
+++ b/endpoint_auth_api_key/__manifest__.py
@@ -0,0 +1,16 @@
+# Copyright 2021 Camptocamp SA
+# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
+
+{
+    "name": "Endpoint Auth API key",
+    "summary": """Provide API key auth for endpoints.""",
+    "version": "17.0.1.0.0",
+    "license": "LGPL-3",
+    "development_status": "Alpha",
+    "author": "Camptocamp, Odoo Community Association (OCA)",
+    "maintainers": ["simahawk"],
+    "website": "https://github.com/OCA/web-api",
+    "depends": ["endpoint", "auth_api_key_group"],
+    "demo": ["demo/api_key_demo.xml", "demo/endpoint_demo.xml"],
+    "data": ["views/endpoint_view.xml"],
+}
diff --git a/endpoint_auth_api_key/demo/api_key_demo.xml b/endpoint_auth_api_key/demo/api_key_demo.xml
new file mode 100644
index 00000000..ded71ff2
--- /dev/null
+++ b/endpoint_auth_api_key/demo/api_key_demo.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<odoo noupdate="1">
+
+  <record id="auth_api_key_demo" model="auth.api.key">
+    <field name="name">Endpoint API key demo</field>
+    <field name="key">cZ6dF2UQwNcm</field>
+    <field name="user_id" ref="base.user_demo" />
+  </record>
+
+  <record id="auth_api_key_demo2" model="auth.api.key">
+    <field name="name">Endpoint API key demo 2</field>
+    <field name="key">kV47QyOTC5mS</field>
+    <field name="user_id" ref="base.user_demo" />
+  </record>
+
+  <record id="auth_api_key_group_demo" model="auth.api.key.group">
+    <field name="name">Demo Group 1</field>
+    <field name="code">demo_group1</field>
+    <field name="auth_api_key_ids" eval="[(4, ref('auth_api_key_demo'))]" />
+  </record>
+
+</odoo>
diff --git a/endpoint_auth_api_key/demo/endpoint_demo.xml b/endpoint_auth_api_key/demo/endpoint_demo.xml
new file mode 100644
index 00000000..7063d2cc
--- /dev/null
+++ b/endpoint_auth_api_key/demo/endpoint_demo.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<odoo noupdate="1">
+
+    <record id="endpoint_demo_1" model="endpoint.endpoint">
+        <field name="name">Demo Endpoint - auth api key</field>
+        <field name="route">/demo/api/key</field>
+        <field name="request_method">GET</field>
+        <field name="auth_type">api_key</field>
+        <field
+            name="auth_api_key_group_ids"
+            eval="[(4, ref('auth_api_key_group_demo'))]"
+        />
+        <field name="exec_mode">code</field>
+        <field name="code_snippet">
+result = {"response": Response("ok")}
+        </field>
+    </record>
+
+</odoo>
diff --git a/endpoint_auth_api_key/i18n/endpoint_auth_api_key.pot b/endpoint_auth_api_key/i18n/endpoint_auth_api_key.pot
new file mode 100644
index 00000000..9942bb16
--- /dev/null
+++ b/endpoint_auth_api_key/i18n/endpoint_auth_api_key.pot
@@ -0,0 +1,30 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+# 	* endpoint_auth_api_key
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 16.0\n"
+"Report-Msgid-Bugs-To: \n"
+"Last-Translator: \n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: \n"
+
+#. module: endpoint_auth_api_key
+#: model:ir.model.fields,field_description:endpoint_auth_api_key.field_endpoint_endpoint__auth_api_key_group_ids
+#: model:ir.model.fields,field_description:endpoint_auth_api_key.field_endpoint_mixin__auth_api_key_group_ids
+msgid "Allowed API key groups"
+msgstr ""
+
+#. module: endpoint_auth_api_key
+#: model:ir.model,name:endpoint_auth_api_key.model_endpoint_mixin
+msgid "Endpoint mixin"
+msgstr ""
+
+#. module: endpoint_auth_api_key
+#: model_terms:ir.ui.view,arch_db:endpoint_auth_api_key.endpoint_mixin_form_view
+msgid "Manage groups"
+msgstr ""
diff --git a/endpoint_auth_api_key/i18n/it.po b/endpoint_auth_api_key/i18n/it.po
new file mode 100644
index 00000000..2a9fea0b
--- /dev/null
+++ b/endpoint_auth_api_key/i18n/it.po
@@ -0,0 +1,33 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+# 	* endpoint_auth_api_key
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 16.0\n"
+"Report-Msgid-Bugs-To: \n"
+"PO-Revision-Date: 2024-04-02 12:35+0000\n"
+"Last-Translator: mymage <stefano.consolaro@mymage.it>\n"
+"Language-Team: none\n"
+"Language: it\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+"X-Generator: Weblate 4.17\n"
+
+#. module: endpoint_auth_api_key
+#: model:ir.model.fields,field_description:endpoint_auth_api_key.field_endpoint_endpoint__auth_api_key_group_ids
+#: model:ir.model.fields,field_description:endpoint_auth_api_key.field_endpoint_mixin__auth_api_key_group_ids
+msgid "Allowed API key groups"
+msgstr "Consenti gruppi chiavi API"
+
+#. module: endpoint_auth_api_key
+#: model:ir.model,name:endpoint_auth_api_key.model_endpoint_mixin
+msgid "Endpoint mixin"
+msgstr "Mixin endpoint"
+
+#. module: endpoint_auth_api_key
+#: model_terms:ir.ui.view,arch_db:endpoint_auth_api_key.endpoint_mixin_form_view
+msgid "Manage groups"
+msgstr "Gestione gruppi"
diff --git a/endpoint_auth_api_key/models/__init__.py b/endpoint_auth_api_key/models/__init__.py
new file mode 100644
index 00000000..95c62dfe
--- /dev/null
+++ b/endpoint_auth_api_key/models/__init__.py
@@ -0,0 +1 @@
+from . import endpoint_mixin
diff --git a/endpoint_auth_api_key/models/endpoint_mixin.py b/endpoint_auth_api_key/models/endpoint_mixin.py
new file mode 100644
index 00000000..613d2079
--- /dev/null
+++ b/endpoint_auth_api_key/models/endpoint_mixin.py
@@ -0,0 +1,40 @@
+# Copyright 2021 Camptocamp SA
+# @author: Simone Orsi <simone.orsi@camptocamp.com>
+# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
+
+import werkzeug
+
+from odoo import fields, models
+
+
+class EndpointMixin(models.AbstractModel):
+    _inherit = "endpoint.mixin"
+
+    auth_api_key_group_ids = fields.Many2many(
+        comodel_name="auth.api.key.group",
+        string="Allowed API key groups",
+    )
+
+    def _selection_auth_type(self):
+        return super()._selection_auth_type() + [("api_key", "API key")]
+
+    def _validate_request(self, request):
+        super()._validate_request(request)
+        if self.auth_type == "api_key":
+            self._validate_api_key(request)
+        return
+
+    def _validate_api_key(self, request):
+        key_id = request.auth_api_key_id
+        if key_id not in self._allowed_api_key_ids():
+            self._logger.error("API key %s not allowed on %s", key_id, self.route)
+            raise werkzeug.exceptions.Forbidden()
+
+    def _allowed_api_key_ids(self):
+        return self.auth_api_key_group_ids.auth_api_key_ids.ids
+
+    def action_view_api_key_groups(self):
+        xmlid = "auth_api_key_group.auth_api_key_group_act_window"
+        action = self.env["ir.actions.act_window"]._for_xml_id(xmlid)
+        action["domain"] = [("id", "in", self.auth_api_key_group_ids.ids)]
+        return action
diff --git a/endpoint_auth_api_key/pyproject.toml b/endpoint_auth_api_key/pyproject.toml
new file mode 100644
index 00000000..4231d0cc
--- /dev/null
+++ b/endpoint_auth_api_key/pyproject.toml
@@ -0,0 +1,3 @@
+[build-system]
+requires = ["whool"]
+build-backend = "whool.buildapi"
diff --git a/endpoint_auth_api_key/readme/CONTRIBUTORS.md b/endpoint_auth_api_key/readme/CONTRIBUTORS.md
new file mode 100644
index 00000000..f2fa2f75
--- /dev/null
+++ b/endpoint_auth_api_key/readme/CONTRIBUTORS.md
@@ -0,0 +1,5 @@
+- Simone Orsi \<<simone.orsi@camptocamp.com>\>
+
+- [Trobz](https://trobz.com):
+
+  > - Son Ho \<<sonhd@trobz.com>\>
diff --git a/endpoint_auth_api_key/readme/CREDITS.md b/endpoint_auth_api_key/readme/CREDITS.md
new file mode 100644
index 00000000..44a62335
--- /dev/null
+++ b/endpoint_auth_api_key/readme/CREDITS.md
@@ -0,0 +1,2 @@
+The migration of this module from 14.0 to 16.0 was financially supported
+by Camptocamp
diff --git a/endpoint_auth_api_key/readme/DESCRIPTION.md b/endpoint_auth_api_key/readme/DESCRIPTION.md
new file mode 100644
index 00000000..7d9743ba
--- /dev/null
+++ b/endpoint_auth_api_key/readme/DESCRIPTION.md
@@ -0,0 +1 @@
+Provide API key auth for endpoints.
diff --git a/endpoint_auth_api_key/static/description/icon.png b/endpoint_auth_api_key/static/description/icon.png
new file mode 100644
index 00000000..3a0328b5
Binary files /dev/null and b/endpoint_auth_api_key/static/description/icon.png differ
diff --git a/endpoint_auth_api_key/static/description/index.html b/endpoint_auth_api_key/static/description/index.html
new file mode 100644
index 00000000..1f1cf255
--- /dev/null
+++ b/endpoint_auth_api_key/static/description/index.html
@@ -0,0 +1,445 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<meta name="generator" content="Docutils: https://docutils.sourceforge.io/" />
+<title>Endpoint Auth API key</title>
+<style type="text/css">
+
+/*
+:Author: David Goodger (goodger@python.org)
+:Id: $Id: html4css1.css 9511 2024-01-13 09:50:07Z milde $
+:Copyright: This stylesheet has been placed in the public domain.
+
+Default cascading style sheet for the HTML output of Docutils.
+Despite the name, some widely supported CSS2 features are used.
+
+See https://docutils.sourceforge.io/docs/howto/html-stylesheets.html for how to
+customize this style sheet.
+*/
+
+/* used to remove borders from tables and images */
+.borderless, table.borderless td, table.borderless th {
+  border: 0 }
+
+table.borderless td, table.borderless th {
+  /* Override padding for "table.docutils td" with "! important".
+     The right padding separates the table cells. */
+  padding: 0 0.5em 0 0 ! important }
+
+.first {
+  /* Override more specific margin styles with "! important". */
+  margin-top: 0 ! important }
+
+.last, .with-subtitle {
+  margin-bottom: 0 ! important }
+
+.hidden {
+  display: none }
+
+.subscript {
+  vertical-align: sub;
+  font-size: smaller }
+
+.superscript {
+  vertical-align: super;
+  font-size: smaller }
+
+a.toc-backref {
+  text-decoration: none ;
+  color: black }
+
+blockquote.epigraph {
+  margin: 2em 5em ; }
+
+dl.docutils dd {
+  margin-bottom: 0.5em }
+
+object[type="image/svg+xml"], object[type="application/x-shockwave-flash"] {
+  overflow: hidden;
+}
+
+/* Uncomment (and remove this text!) to get bold-faced definition list terms
+dl.docutils dt {
+  font-weight: bold }
+*/
+
+div.abstract {
+  margin: 2em 5em }
+
+div.abstract p.topic-title {
+  font-weight: bold ;
+  text-align: center }
+
+div.admonition, div.attention, div.caution, div.danger, div.error,
+div.hint, div.important, div.note, div.tip, div.warning {
+  margin: 2em ;
+  border: medium outset ;
+  padding: 1em }
+
+div.admonition p.admonition-title, div.hint p.admonition-title,
+div.important p.admonition-title, div.note p.admonition-title,
+div.tip p.admonition-title {
+  font-weight: bold ;
+  font-family: sans-serif }
+
+div.attention p.admonition-title, div.caution p.admonition-title,
+div.danger p.admonition-title, div.error p.admonition-title,
+div.warning p.admonition-title, .code .error {
+  color: red ;
+  font-weight: bold ;
+  font-family: sans-serif }
+
+/* Uncomment (and remove this text!) to get reduced vertical space in
+   compound paragraphs.
+div.compound .compound-first, div.compound .compound-middle {
+  margin-bottom: 0.5em }
+
+div.compound .compound-last, div.compound .compound-middle {
+  margin-top: 0.5em }
+*/
+
+div.dedication {
+  margin: 2em 5em ;
+  text-align: center ;
+  font-style: italic }
+
+div.dedication p.topic-title {
+  font-weight: bold ;
+  font-style: normal }
+
+div.figure {
+  margin-left: 2em ;
+  margin-right: 2em }
+
+div.footer, div.header {
+  clear: both;
+  font-size: smaller }
+
+div.line-block {
+  display: block ;
+  margin-top: 1em ;
+  margin-bottom: 1em }
+
+div.line-block div.line-block {
+  margin-top: 0 ;
+  margin-bottom: 0 ;
+  margin-left: 1.5em }
+
+div.sidebar {
+  margin: 0 0 0.5em 1em ;
+  border: medium outset ;
+  padding: 1em ;
+  background-color: #ffffee ;
+  width: 40% ;
+  float: right ;
+  clear: right }
+
+div.sidebar p.rubric {
+  font-family: sans-serif ;
+  font-size: medium }
+
+div.system-messages {
+  margin: 5em }
+
+div.system-messages h1 {
+  color: red }
+
+div.system-message {
+  border: medium outset ;
+  padding: 1em }
+
+div.system-message p.system-message-title {
+  color: red ;
+  font-weight: bold }
+
+div.topic {
+  margin: 2em }
+
+h1.section-subtitle, h2.section-subtitle, h3.section-subtitle,
+h4.section-subtitle, h5.section-subtitle, h6.section-subtitle {
+  margin-top: 0.4em }
+
+h1.title {
+  text-align: center }
+
+h2.subtitle {
+  text-align: center }
+
+hr.docutils {
+  width: 75% }
+
+img.align-left, .figure.align-left, object.align-left, table.align-left {
+  clear: left ;
+  float: left ;
+  margin-right: 1em }
+
+img.align-right, .figure.align-right, object.align-right, table.align-right {
+  clear: right ;
+  float: right ;
+  margin-left: 1em }
+
+img.align-center, .figure.align-center, object.align-center {
+  display: block;
+  margin-left: auto;
+  margin-right: auto;
+}
+
+table.align-center {
+  margin-left: auto;
+  margin-right: auto;
+}
+
+.align-left {
+  text-align: left }
+
+.align-center {
+  clear: both ;
+  text-align: center }
+
+.align-right {
+  text-align: right }
+
+/* reset inner alignment in figures */
+div.align-right {
+  text-align: inherit }
+
+/* div.align-center * { */
+/*   text-align: left } */
+
+.align-top    {
+  vertical-align: top }
+
+.align-middle {
+  vertical-align: middle }
+
+.align-bottom {
+  vertical-align: bottom }
+
+ol.simple, ul.simple {
+  margin-bottom: 1em }
+
+ol.arabic {
+  list-style: decimal }
+
+ol.loweralpha {
+  list-style: lower-alpha }
+
+ol.upperalpha {
+  list-style: upper-alpha }
+
+ol.lowerroman {
+  list-style: lower-roman }
+
+ol.upperroman {
+  list-style: upper-roman }
+
+p.attribution {
+  text-align: right ;
+  margin-left: 50% }
+
+p.caption {
+  font-style: italic }
+
+p.credits {
+  font-style: italic ;
+  font-size: smaller }
+
+p.label {
+  white-space: nowrap }
+
+p.rubric {
+  font-weight: bold ;
+  font-size: larger ;
+  color: maroon ;
+  text-align: center }
+
+p.sidebar-title {
+  font-family: sans-serif ;
+  font-weight: bold ;
+  font-size: larger }
+
+p.sidebar-subtitle {
+  font-family: sans-serif ;
+  font-weight: bold }
+
+p.topic-title {
+  font-weight: bold }
+
+pre.address {
+  margin-bottom: 0 ;
+  margin-top: 0 ;
+  font: inherit }
+
+pre.literal-block, pre.doctest-block, pre.math, pre.code {
+  margin-left: 2em ;
+  margin-right: 2em }
+
+pre.code .ln { color: gray; } /* line numbers */
+pre.code, code { background-color: #eeeeee }
+pre.code .comment, code .comment { color: #5C6576 }
+pre.code .keyword, code .keyword { color: #3B0D06; font-weight: bold }
+pre.code .literal.string, code .literal.string { color: #0C5404 }
+pre.code .name.builtin, code .name.builtin { color: #352B84 }
+pre.code .deleted, code .deleted { background-color: #DEB0A1}
+pre.code .inserted, code .inserted { background-color: #A3D289}
+
+span.classifier {
+  font-family: sans-serif ;
+  font-style: oblique }
+
+span.classifier-delimiter {
+  font-family: sans-serif ;
+  font-weight: bold }
+
+span.interpreted {
+  font-family: sans-serif }
+
+span.option {
+  white-space: nowrap }
+
+span.pre {
+  white-space: pre }
+
+span.problematic, pre.problematic {
+  color: red }
+
+span.section-subtitle {
+  /* font-size relative to parent (h1..h6 element) */
+  font-size: 80% }
+
+table.citation {
+  border-left: solid 1px gray;
+  margin-left: 1px }
+
+table.docinfo {
+  margin: 2em 4em }
+
+table.docutils {
+  margin-top: 0.5em ;
+  margin-bottom: 0.5em }
+
+table.footnote {
+  border-left: solid 1px black;
+  margin-left: 1px }
+
+table.docutils td, table.docutils th,
+table.docinfo td, table.docinfo th {
+  padding-left: 0.5em ;
+  padding-right: 0.5em ;
+  vertical-align: top }
+
+table.docutils th.field-name, table.docinfo th.docinfo-name {
+  font-weight: bold ;
+  text-align: left ;
+  white-space: nowrap ;
+  padding-left: 0 }
+
+/* "booktabs" style (no vertical lines) */
+table.docutils.booktabs {
+  border: 0px;
+  border-top: 2px solid;
+  border-bottom: 2px solid;
+  border-collapse: collapse;
+}
+table.docutils.booktabs * {
+  border: 0px;
+}
+table.docutils.booktabs th {
+  border-bottom: thin solid;
+  text-align: left;
+}
+
+h1 tt.docutils, h2 tt.docutils, h3 tt.docutils,
+h4 tt.docutils, h5 tt.docutils, h6 tt.docutils {
+  font-size: 100% }
+
+ul.auto-toc {
+  list-style-type: none }
+
+</style>
+</head>
+<body>
+<div class="document" id="endpoint-auth-api-key">
+<h1 class="title">Endpoint Auth API key</h1>
+
+<!-- !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!! This file is generated by oca-gen-addon-readme !!
+!! changes will be overwritten.                   !!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!! source digest: sha256:b3eb2a2fa2f116c150a93e188a2ee31d785ec793407301ecb71c55dd791339f4
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->
+<p><a class="reference external image-reference" href="https://odoo-community.org/page/development-status"><img alt="Alpha" src="https://img.shields.io/badge/maturity-Alpha-red.png" /></a> <a class="reference external image-reference" href="http://www.gnu.org/licenses/lgpl-3.0-standalone.html"><img alt="License: LGPL-3" src="https://img.shields.io/badge/licence-LGPL--3-blue.png" /></a> <a class="reference external image-reference" href="https://github.com/OCA/web-api/tree/17.0/endpoint_auth_api_key"><img alt="OCA/web-api" src="https://img.shields.io/badge/github-OCA%2Fweb--api-lightgray.png?logo=github" /></a> <a class="reference external image-reference" href="https://translation.odoo-community.org/projects/web-api-17-0/web-api-17-0-endpoint_auth_api_key"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external image-reference" href="https://runboat.odoo-community.org/builds?repo=OCA/web-api&amp;target_branch=17.0"><img alt="Try me on Runboat" src="https://img.shields.io/badge/runboat-Try%20me-875A7B.png" /></a></p>
+<p>Provide API key auth for endpoints.</p>
+<div class="admonition important">
+<p class="first admonition-title">Important</p>
+<p class="last">This is an alpha version, the data model and design can change at any time without warning.
+Only for development or testing purpose, do not use in production.
+<a class="reference external" href="https://odoo-community.org/page/development-status">More details on development status</a></p>
+</div>
+<p><strong>Table of contents</strong></p>
+<div class="contents local topic" id="contents">
+<ul class="simple">
+<li><a class="reference internal" href="#bug-tracker" id="toc-entry-1">Bug Tracker</a></li>
+<li><a class="reference internal" href="#credits" id="toc-entry-2">Credits</a><ul>
+<li><a class="reference internal" href="#authors" id="toc-entry-3">Authors</a></li>
+<li><a class="reference internal" href="#contributors" id="toc-entry-4">Contributors</a></li>
+<li><a class="reference internal" href="#other-credits" id="toc-entry-5">Other credits</a></li>
+<li><a class="reference internal" href="#maintainers" id="toc-entry-6">Maintainers</a></li>
+</ul>
+</li>
+</ul>
+</div>
+<div class="section" id="bug-tracker">
+<h1><a class="toc-backref" href="#toc-entry-1">Bug Tracker</a></h1>
+<p>Bugs are tracked on <a class="reference external" href="https://github.com/OCA/web-api/issues">GitHub Issues</a>.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+<a class="reference external" href="https://github.com/OCA/web-api/issues/new?body=module:%20endpoint_auth_api_key%0Aversion:%2017.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**">feedback</a>.</p>
+<p>Do not contact contributors directly about support or help with technical issues.</p>
+</div>
+<div class="section" id="credits">
+<h1><a class="toc-backref" href="#toc-entry-2">Credits</a></h1>
+<div class="section" id="authors">
+<h2><a class="toc-backref" href="#toc-entry-3">Authors</a></h2>
+<ul class="simple">
+<li>Camptocamp</li>
+</ul>
+</div>
+<div class="section" id="contributors">
+<h2><a class="toc-backref" href="#toc-entry-4">Contributors</a></h2>
+<ul>
+<li><p class="first">Simone Orsi &lt;<a class="reference external" href="mailto:simone.orsi&#64;camptocamp.com">simone.orsi&#64;camptocamp.com</a>&gt;</p>
+</li>
+<li><p class="first"><a class="reference external" href="https://trobz.com">Trobz</a>:</p>
+<blockquote>
+<ul class="simple">
+<li>Son Ho &lt;<a class="reference external" href="mailto:sonhd&#64;trobz.com">sonhd&#64;trobz.com</a>&gt;</li>
+</ul>
+</blockquote>
+</li>
+</ul>
+</div>
+<div class="section" id="other-credits">
+<h2><a class="toc-backref" href="#toc-entry-5">Other credits</a></h2>
+<p>The migration of this module from 14.0 to 16.0 was financially supported
+by Camptocamp</p>
+</div>
+<div class="section" id="maintainers">
+<h2><a class="toc-backref" href="#toc-entry-6">Maintainers</a></h2>
+<p>This module is maintained by the OCA.</p>
+<a class="reference external image-reference" href="https://odoo-community.org">
+<img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" />
+</a>
+<p>OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.</p>
+<p>Current <a class="reference external" href="https://odoo-community.org/page/maintainer-role">maintainer</a>:</p>
+<p><a class="reference external image-reference" href="https://github.com/simahawk"><img alt="simahawk" src="https://github.com/simahawk.png?size=40px" /></a></p>
+<p>This module is part of the <a class="reference external" href="https://github.com/OCA/web-api/tree/17.0/endpoint_auth_api_key">OCA/web-api</a> project on GitHub.</p>
+<p>You are welcome to contribute. To learn how please visit <a class="reference external" href="https://odoo-community.org/page/Contribute">https://odoo-community.org/page/Contribute</a>.</p>
+</div>
+</div>
+</div>
+</body>
+</html>
diff --git a/endpoint_auth_api_key/tests/__init__.py b/endpoint_auth_api_key/tests/__init__.py
new file mode 100644
index 00000000..6885a0f9
--- /dev/null
+++ b/endpoint_auth_api_key/tests/__init__.py
@@ -0,0 +1,2 @@
+from . import test_endpoint
+from . import test_endpoint_controller
diff --git a/endpoint_auth_api_key/tests/test_endpoint.py b/endpoint_auth_api_key/tests/test_endpoint.py
new file mode 100644
index 00000000..a9c0009c
--- /dev/null
+++ b/endpoint_auth_api_key/tests/test_endpoint.py
@@ -0,0 +1,63 @@
+# Copyright 2021 Camptocamp SA
+# @author: Simone Orsi <simone.orsi@camptocamp.com>
+# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
+
+
+import werkzeug
+
+from odoo.tools.misc import mute_logger
+
+from odoo.addons.endpoint.tests.common import CommonEndpoint
+
+
+class TestEndpoint(CommonEndpoint):
+    @classmethod
+    def _setup_records(cls):
+        super()._setup_records()
+        cls.endpoint = cls.env.ref("endpoint_auth_api_key.endpoint_demo_1")
+        cls.key_group = cls.env.ref("endpoint_auth_api_key.auth_api_key_group_demo")
+        cls.api_key = cls.env.ref("endpoint_auth_api_key.auth_api_key_demo")
+        cls.api_key2 = cls.env.ref("endpoint_auth_api_key.auth_api_key_demo2")
+        return
+
+    @mute_logger("endpoint.endpoint")
+    def test_endpoint_validate_request_no_key(self):
+        endpoint = self.endpoint.copy(
+            {
+                "route": "/api-key-test",
+                "request_method": "GET",
+            }
+        )
+        with self.assertRaises(werkzeug.exceptions.Forbidden):
+            with self._get_mocked_request(
+                httprequest={"method": "GET"},
+            ) as req:
+                endpoint._validate_request(req)
+
+    @mute_logger("endpoint.endpoint")
+    def test_endpoint_validate_request_bad_key(self):
+        endpoint = self.endpoint.copy(
+            {
+                "route": "/api-key-test",
+                "request_method": "GET",
+            }
+        )
+        with self.assertRaises(werkzeug.exceptions.Forbidden):
+            with self._get_mocked_request(
+                httprequest={"method": "GET"},
+                request_attrs={"auth_api_key_id": self.api_key2.id},
+            ) as req:
+                endpoint._validate_request(req)
+
+    def test_endpoint_validate_request_good_key(self):
+        endpoint = self.endpoint.copy(
+            {
+                "route": "/api-key-test",
+                "request_method": "GET",
+            }
+        )
+        with self._get_mocked_request(
+            httprequest={"method": "GET"},
+            request_attrs={"auth_api_key_id": self.api_key.id},
+        ) as req:
+            endpoint._validate_request(req)
diff --git a/endpoint_auth_api_key/tests/test_endpoint_controller.py b/endpoint_auth_api_key/tests/test_endpoint_controller.py
new file mode 100644
index 00000000..fe6a2f65
--- /dev/null
+++ b/endpoint_auth_api_key/tests/test_endpoint_controller.py
@@ -0,0 +1,56 @@
+# Copyright 2021 Camptocamp SA
+# @author: Simone Orsi <simone.orsi@camptocamp.com>
+# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
+
+import os
+import unittest
+
+import requests
+
+from odoo import tools
+from odoo.tests.common import HttpCase
+from odoo.tools.misc import mute_logger
+
+
+@unittest.skipIf(os.getenv("SKIP_HTTP_CASE"), "EndpoinAuthApikeytHttpCase skipped")
+class EndpoinAuthApikeytHttpCase(HttpCase):
+    @classmethod
+    def setUpClass(cls):
+        super().setUpClass()
+        cls.api_key = cls.env.ref("endpoint_auth_api_key.auth_api_key_demo")
+        cls.api_key2 = cls.env.ref("endpoint_auth_api_key.auth_api_key_demo2")
+        # force sync for demo records
+        cls.env["endpoint.endpoint"].search([])._handle_registry_sync()
+
+    def tearDown(self):
+        # Clear cache for method ``ir.http.routing_map()``
+        self.env.registry.clear_cache("routing")
+        super().tearDown()
+
+    def _make_url(self, route):
+        return f"http://127.0.0.1:{tools.config['http_port']}{route}"
+
+    def _make_request(self, route, api_key=None, headers=None):
+        # use requests because you cannot easily manipulate the request w/ `url_open`
+        headers = headers or {}
+        if api_key:
+            headers.update({"API-KEY": api_key.key})
+        return requests.get(self._make_url(route), headers=headers, timeout=60)
+
+    @mute_logger("odoo.addons.auth_api_key.models.ir_http")
+    def test_call_no_key(self):
+        route = "/demo/api/key"
+        response = self._make_request(route)
+        self.assertEqual(response.status_code, 403)
+
+    def test_call_good_key(self):
+        route = "/demo/api/key"
+        response = self._make_request(route, api_key=self.api_key)
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.content, b"ok")
+
+    @mute_logger("endpoint.endpoint")
+    def test_call_bad_key(self):
+        route = "/demo/api/key"
+        response = self._make_request(route, api_key=self.api_key2)
+        self.assertEqual(response.status_code, 403)
diff --git a/endpoint_auth_api_key/views/endpoint_view.xml b/endpoint_auth_api_key/views/endpoint_view.xml
new file mode 100644
index 00000000..4023996a
--- /dev/null
+++ b/endpoint_auth_api_key/views/endpoint_view.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!-- Copyright 2021 Camptocamp SA
+     License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl). -->
+<odoo>
+
+    <record model="ir.ui.view" id="endpoint_mixin_form_view">
+        <field name="model">endpoint.mixin</field>
+        <field name="inherit_id" ref="endpoint.endpoint_mixin_form_view" />
+        <field name="arch" type="xml">
+            <group name="auth" position="inside">
+                <field
+                    name="auth_api_key_group_ids"
+                    widget="many2many_tags"
+                    invisible="auth_type != 'api_key'"
+                />
+                <button
+                    class="btn-sm"
+                    type="object"
+                    name="action_view_api_key_groups"
+                    string="Manage groups"
+                    invisible="auth_type != 'api_key'"
+                />
+            </group>
+        </field>
+    </record>
+
+</odoo>