diff --git a/auth_api_key_hash/README.rst b/auth_api_key_hash/README.rst
new file mode 100644
index 0000000000..327286b4ed
--- /dev/null
+++ b/auth_api_key_hash/README.rst
@@ -0,0 +1,106 @@
+===================
+Auth Api Key (Hash)
+===================
+
+.. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/licence-LGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/lgpl-3.0-standalone.html
+    :alt: License: LGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github
+    :target: https://github.com/OCA/server-auth/tree/13.0/auth_api_key_hash
+    :alt: OCA/server-auth
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/server-auth-13-0/server-auth-13-0-auth_api_key_hash
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runbot-Try%20me-875A7B.png
+    :target: https://runbot.odoo-community.org/runbot/251/13.0
+    :alt: Try me on Runbot
+
+|badge1| |badge2| |badge3| |badge4| |badge5| 
+
+Authenticate http requests from an API key.
+
+API keys are codes passed in (in the http header API-KEY) by programs calling an API in order to identify -in this case- the calling program's user.
+
+Take care while using this kind of mechanism since information into http headers are visible in clear. Thus, use it only to authenticate requests from known sources. For unknown sources, it is a good practice to filter out this header at proxy level.
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Configuration
+=============
+
+The api key menu is available into Settings > Technical in debug mode.
+By default, when you create an API key, the key is saved into the database.
+It is also possible to provide the value of this key via the configuration
+file. This can be very useful to avoid mixing your keys between your various
+environments when restoring databases. All you have to do is to add a new
+section to your configuration file according to the following convention:
+
+.. code-block:: ini
+
+    [api_key_<Record Name>]
+    key=my_api_key
+
+Usage
+=====
+
+To apply this authentication system to your http request you must set 'api_key'
+as value for the 'auth' parameter of your route definition into your controller.
+
+.. code-block:: python
+
+    class MyController(Controller):
+
+        @route('/my_service', auth='api_key', ...)
+        def my_service(self, *args, **kwargs):
+            pass
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-auth/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us smashing it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20auth_api_key_hash%0Aversion:%2013.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+~~~~~~~
+
+* Solvti Sp. z o.o.
+
+Contributors
+~~~~~~~~~~~~
+
+* Stefan Wiselka <stefan.wiselka@solvti.pl>
+
+Maintainers
+~~~~~~~~~~~
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+This module is part of the `OCA/server-auth <https://github.com/OCA/server-auth/tree/13.0/auth_api_key_hash>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.
diff --git a/auth_api_key_hash/__init__.py b/auth_api_key_hash/__init__.py
new file mode 100644
index 0000000000..0650744f6b
--- /dev/null
+++ b/auth_api_key_hash/__init__.py
@@ -0,0 +1 @@
+from . import models
diff --git a/auth_api_key_hash/__manifest__.py b/auth_api_key_hash/__manifest__.py
new file mode 100644
index 0000000000..ebc8385a0d
--- /dev/null
+++ b/auth_api_key_hash/__manifest__.py
@@ -0,0 +1,15 @@
+# Copyright 2023 Solvti Sp. z o.o.
+# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
+
+{
+    "name": "Auth Api Key (Hash)",
+    "summary": """
+        Authenticate http requests from an API key (hash)""",
+    "version": "13.0.1.0.0",
+    "license": "LGPL-3",
+    "author": "Solvti Sp. z o.o.,Odoo Community Association (OCA)",
+    "website": "https://github.com/OCA/server-auth",
+    "depends": ["base", "base_sparse_field"],
+    "data": ["security/ir.model.access.csv", "views/auth_api_key_hash.xml"],
+    "demo": [],
+}
diff --git a/auth_api_key_hash/i18n/auth_api_key.pot b/auth_api_key_hash/i18n/auth_api_key.pot
new file mode 100644
index 0000000000..4405eb7606
--- /dev/null
+++ b/auth_api_key_hash/i18n/auth_api_key.pot
@@ -0,0 +1,110 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+# 	* auth_api_key_hash
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 13.0\n"
+"Report-Msgid-Bugs-To: \n"
+"Last-Translator: \n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: \n"
+
+#. module: auth_api_key_hash
+#: model:ir.model,name:auth_api_key_hash.model_auth_api_key_hash
+msgid "API Key (Hash)"
+msgstr ""
+
+#. module: auth_api_key_hash
+#: model:ir.model.constraint,message:auth_api_key_hash.constraint_auth_api_key_hash_name_uniq
+msgid "Api Key name must be unique."
+msgstr ""
+
+#. module: auth_api_key_hash
+#: model:ir.actions.act_window,name:auth_api_key_hash.auth_api_key_hash_act_window
+#: model:ir.ui.menu,name:auth_api_key_hash.auth_api_key_hash_menu
+msgid "Auth Api Key (Hash)"
+msgstr ""
+
+#. module: auth_api_key_hash
+#: model:ir.model.fields,field_description:auth_api_key_hash.field_auth_api_key_hash__create_uid
+msgid "Created by"
+msgstr ""
+
+#. module: auth_api_key_hash
+#: model:ir.model.fields,field_description:auth_api_key_hash.field_auth_api_key_hash__create_date
+msgid "Created on"
+msgstr ""
+
+#. module: auth_api_key_hash
+#: model:ir.model.fields,field_description:auth_api_key_hash.field_auth_api_key_hash__display_name
+msgid "Display Name"
+msgstr ""
+
+#. module: auth_api_key_hash
+#: model:ir.model,name:auth_api_key_hash.model_ir_http
+msgid "HTTP Routing"
+msgstr ""
+
+#. module: auth_api_key_hash
+#: model:ir.model.fields,field_description:auth_api_key_hash.field_auth_api_key_hash__id
+msgid "ID"
+msgstr ""
+
+#. module: auth_api_key_hash
+#: model:ir.model.fields,field_description:auth_api_key_hash.field_auth_api_key_hash__key
+msgid "Key"
+msgstr ""
+
+#. module: auth_api_key_hash
+#: model:ir.model.fields,field_description:auth_api_key_hash.field_auth_api_key_hash____last_update
+msgid "Last Modified on"
+msgstr ""
+
+#. module: auth_api_key_hash
+#: model:ir.model.fields,field_description:auth_api_key_hash.field_auth_api_key_hash__write_uid
+msgid "Last Updated by"
+msgstr ""
+
+#. module: auth_api_key_hash
+#: model:ir.model.fields,field_description:auth_api_key_hash.field_auth_api_key_hash__write_date
+msgid "Last Updated on"
+msgstr ""
+
+#. module: auth_api_key_hash
+#: model:ir.model.fields,field_description:auth_api_key_hash.field_auth_api_key_hash__name
+msgid "Name"
+msgstr ""
+
+#. module: auth_api_key_hash
+#: model:ir.model.fields,help:auth_api_key_hash.field_auth_api_key_hash__key
+msgid ""
+"The API key"
+msgstr ""
+
+#. module: auth_api_key_hash
+#: code:addons/auth_api_key_hash/models/auth_api_key_hash.py:0
+#, python-format
+msgid "The key %s is not allowed"
+msgstr ""
+
+#. module: auth_api_key_hash
+#: model:ir.model.fields,help:auth_api_key_hash.field_auth_api_key_hash__user_id
+msgid ""
+"The user used to process the requests authenticated by\n"
+"        the api key"
+msgstr ""
+
+#. module: auth_api_key_hash
+#: model:ir.model.fields,field_description:auth_api_key_hash.field_auth_api_key_hash__user_id
+msgid "User"
+msgstr ""
+
+#. module: auth_api_key_hash
+#: code:addons/auth_api_key_hash/models/auth_api_key_hash.py:0
+#, python-format
+msgid "User is not allowed"
+msgstr ""
diff --git a/auth_api_key_hash/models/__init__.py b/auth_api_key_hash/models/__init__.py
new file mode 100644
index 0000000000..6c948a7db3
--- /dev/null
+++ b/auth_api_key_hash/models/__init__.py
@@ -0,0 +1,2 @@
+from . import ir_http
+from . import auth_api_key_hash
diff --git a/auth_api_key_hash/models/auth_api_key_hash.py b/auth_api_key_hash/models/auth_api_key_hash.py
new file mode 100644
index 0000000000..6efdb2ef5f
--- /dev/null
+++ b/auth_api_key_hash/models/auth_api_key_hash.py
@@ -0,0 +1,69 @@
+# Copyright 2023 Solvti Sp. z o.o.
+# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
+
+from hashlib import md5
+
+from odoo import _, api, fields, models, tools
+from odoo.exceptions import AccessError, ValidationError
+from odoo.tools import consteq
+
+
+class AuthApiKeyHash(models.Model):
+    _name = "auth.api.key.hash"
+    _description = "API Key (Hash)"
+
+    name = fields.Char(required=True)
+    key = fields.Char(required=True, copy=False, help="""The API key.""",)
+    user_id = fields.Many2one(
+        comodel_name="res.users",
+        string="User",
+        required=True,
+        help="""The user used to process the requests authenticated by
+        the api key""",
+    )
+
+    _sql_constraints = [
+        ("name_uniq", "unique(name)", "Api Key name must be unique."),
+        ("key_uniq", "unique(key)", "Api Key must be unique."),
+    ]
+
+    @api.model
+    def _retrieve_api_key(self, key):
+        return self.browse(self._retrieve_api_key_id(key))
+
+    @api.model
+    @tools.ormcache("key")
+    def _retrieve_api_key_id(self, key):
+        if not self.env.user.has_group("base.group_system"):
+            raise AccessError(_("User is not allowed"))
+        hash_key = md5(key.encode("utf-8")).hexdigest()
+        for api_key in self.search([]):
+            if consteq(hash_key, api_key.key):
+                return api_key.id
+        raise ValidationError(_("The key %s is not allowed") % key)
+
+    @api.model
+    @tools.ormcache("key")
+    def _retrieve_uid_from_api_key(self, key):
+        return self._retrieve_api_key(key).user_id.id
+
+    def _clear_key_cache(self):
+        self._retrieve_api_key_id.clear_cache(self.env[self._name])
+        self._retrieve_uid_from_api_key.clear_cache(self.env[self._name])
+
+    @api.model
+    def create(self, vals):
+        if new_key := vals.get("key", ""):
+            vals["key"] = md5(new_key.encode("utf-8")).hexdigest()
+        record = super(AuthApiKeyHash, self).create(vals)
+        if "key" in vals or "user_id" in vals:
+            self._clear_key_cache()
+        return record
+
+    def write(self, vals):
+        if vals.get("key", False):
+            raise ValidationError(_("You can't change api-key! Please add new one."))
+        super(AuthApiKeyHash, self).write(vals)
+        if "key" in vals or "user_id" in vals:
+            self._clear_key_cache()
+        return True
diff --git a/auth_api_key_hash/models/ir_http.py b/auth_api_key_hash/models/ir_http.py
new file mode 100644
index 0000000000..d4d7e9d011
--- /dev/null
+++ b/auth_api_key_hash/models/ir_http.py
@@ -0,0 +1,38 @@
+# Copyright 2023 Solvti Sp. z o.o.
+# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
+
+import logging
+
+from odoo import models
+from odoo.exceptions import AccessDenied
+from odoo.http import request
+
+_logger = logging.getLogger(__name__)
+
+
+class IrHttp(models.AbstractModel):
+    _inherit = "ir.http"
+
+    @classmethod
+    def _auth_method_api_key_hash(cls):
+        headers = request.httprequest.environ
+        api_key = headers.get("HTTP_API_KEY")
+        if api_key:
+            request.uid = 1
+            auth_api_key_hash = request.env["auth.api.key.hash"]._retrieve_api_key(
+                api_key
+            )
+            if auth_api_key_hash:
+                metadata = f"IP: {headers.get('REMOTE_ADDR')} USER_AGENT: {headers.get('HTTP_USER_AGENT')}, REFERER: {headers.get('HTTP_REFERER')}, ORIGIN: {headers.get('HTTP_ORIGIN')}"
+                _logger.info("api_key_hash called: Metadata -> {}".format(metadata))
+                # reset _env on the request since we change the uid...
+                # the next call to env will instantiate an new
+                # odoo.api.Environment with the user defined on the
+                # auth.api_key
+                request._env = None
+                request.uid = auth_api_key_hash.user_id.id
+                request.auth_api_key_hash = api_key
+                request.auth_api_key_hash_id = auth_api_key_hash.id
+                return True
+        _logger.error("Wrong HTTP_API_KEY, access denied")
+        raise AccessDenied()
diff --git a/auth_api_key_hash/readme/CONFIGURE.rst b/auth_api_key_hash/readme/CONFIGURE.rst
new file mode 100644
index 0000000000..e4772fa25e
--- /dev/null
+++ b/auth_api_key_hash/readme/CONFIGURE.rst
@@ -0,0 +1,2 @@
+The api key hash menu is available into Settings > Technical in debug mode.
+By default, when you create an API key, the key is saved into the database as hash.
diff --git a/auth_api_key_hash/readme/CONTRIBUTORS.rst b/auth_api_key_hash/readme/CONTRIBUTORS.rst
new file mode 100644
index 0000000000..0b041a0c59
--- /dev/null
+++ b/auth_api_key_hash/readme/CONTRIBUTORS.rst
@@ -0,0 +1 @@
+* Stefan Wiselka <stefan.wiselka@solvti.pl>
diff --git a/auth_api_key_hash/readme/DESCRIPTION.rst b/auth_api_key_hash/readme/DESCRIPTION.rst
new file mode 100644
index 0000000000..32b1e9c324
--- /dev/null
+++ b/auth_api_key_hash/readme/DESCRIPTION.rst
@@ -0,0 +1,5 @@
+Authenticate http requests from an API key.
+
+API keys are codes passed in (in the http header API-KEY) by programs calling an API in order to identify -in this case- the calling program's user.
+
+Take care while using this kind of mechanism since information into http headers are visible in clear. Thus, use it only to authenticate requests from known sources. For unknown sources, it is a good practice to filter out this header at proxy level.
diff --git a/auth_api_key_hash/readme/USAGE.rst b/auth_api_key_hash/readme/USAGE.rst
new file mode 100644
index 0000000000..7238b73396
--- /dev/null
+++ b/auth_api_key_hash/readme/USAGE.rst
@@ -0,0 +1,10 @@
+To apply this authentication system to your http request you must set 'api_key_hash'
+as value for the 'auth' parameter of your route definition into your controller.
+
+.. code-block:: python
+
+    class MyController(Controller):
+
+        @route('/my_service', auth='api_key_hash', ...)
+        def my_service(self, *args, **kwargs):
+            pass
diff --git a/auth_api_key_hash/security/ir.model.access.csv b/auth_api_key_hash/security/ir.model.access.csv
new file mode 100644
index 0000000000..4ac9a635a6
--- /dev/null
+++ b/auth_api_key_hash/security/ir.model.access.csv
@@ -0,0 +1,2 @@
+id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
+access_auth_api_key_hash,access_auth_api_key_hash,model_auth_api_key_hash,base.group_system,1,1,1,1
diff --git a/auth_api_key_hash/static/description/icon.png b/auth_api_key_hash/static/description/icon.png
new file mode 100644
index 0000000000..3a0328b516
Binary files /dev/null and b/auth_api_key_hash/static/description/icon.png differ
diff --git a/auth_api_key_hash/static/description/index.html b/auth_api_key_hash/static/description/index.html
new file mode 100644
index 0000000000..0c8752dc4c
--- /dev/null
+++ b/auth_api_key_hash/static/description/index.html
@@ -0,0 +1,451 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<meta name="generator" content="Docutils 0.15.1: http://docutils.sourceforge.net/" />
+<title>Auth Api Key (Hash)</title>
+<style type="text/css">
+
+/*
+:Author: David Goodger (goodger@python.org)
+:Id: $Id: html4css1.css 7952 2016-07-26 18:15:59Z milde $
+:Copyright: This stylesheet has been placed in the public domain.
+
+Default cascading style sheet for the HTML output of Docutils.
+
+See http://docutils.sf.net/docs/howto/html-stylesheets.html for how to
+customize this style sheet.
+*/
+
+/* used to remove borders from tables and images */
+.borderless, table.borderless td, table.borderless th {
+  border: 0 }
+
+table.borderless td, table.borderless th {
+  /* Override padding for "table.docutils td" with "! important".
+     The right padding separates the table cells. */
+  padding: 0 0.5em 0 0 ! important }
+
+.first {
+  /* Override more specific margin styles with "! important". */
+  margin-top: 0 ! important }
+
+.last, .with-subtitle {
+  margin-bottom: 0 ! important }
+
+.hidden {
+  display: none }
+
+.subscript {
+  vertical-align: sub;
+  font-size: smaller }
+
+.superscript {
+  vertical-align: super;
+  font-size: smaller }
+
+a.toc-backref {
+  text-decoration: none ;
+  color: black }
+
+blockquote.epigraph {
+  margin: 2em 5em ; }
+
+dl.docutils dd {
+  margin-bottom: 0.5em }
+
+object[type="image/svg+xml"], object[type="application/x-shockwave-flash"] {
+  overflow: hidden;
+}
+
+/* Uncomment (and remove this text!) to get bold-faced definition list terms
+dl.docutils dt {
+  font-weight: bold }
+*/
+
+div.abstract {
+  margin: 2em 5em }
+
+div.abstract p.topic-title {
+  font-weight: bold ;
+  text-align: center }
+
+div.admonition, div.attention, div.caution, div.danger, div.error,
+div.hint, div.important, div.note, div.tip, div.warning {
+  margin: 2em ;
+  border: medium outset ;
+  padding: 1em }
+
+div.admonition p.admonition-title, div.hint p.admonition-title,
+div.important p.admonition-title, div.note p.admonition-title,
+div.tip p.admonition-title {
+  font-weight: bold ;
+  font-family: sans-serif }
+
+div.attention p.admonition-title, div.caution p.admonition-title,
+div.danger p.admonition-title, div.error p.admonition-title,
+div.warning p.admonition-title, .code .error {
+  color: red ;
+  font-weight: bold ;
+  font-family: sans-serif }
+
+/* Uncomment (and remove this text!) to get reduced vertical space in
+   compound paragraphs.
+div.compound .compound-first, div.compound .compound-middle {
+  margin-bottom: 0.5em }
+
+div.compound .compound-last, div.compound .compound-middle {
+  margin-top: 0.5em }
+*/
+
+div.dedication {
+  margin: 2em 5em ;
+  text-align: center ;
+  font-style: italic }
+
+div.dedication p.topic-title {
+  font-weight: bold ;
+  font-style: normal }
+
+div.figure {
+  margin-left: 2em ;
+  margin-right: 2em }
+
+div.footer, div.header {
+  clear: both;
+  font-size: smaller }
+
+div.line-block {
+  display: block ;
+  margin-top: 1em ;
+  margin-bottom: 1em }
+
+div.line-block div.line-block {
+  margin-top: 0 ;
+  margin-bottom: 0 ;
+  margin-left: 1.5em }
+
+div.sidebar {
+  margin: 0 0 0.5em 1em ;
+  border: medium outset ;
+  padding: 1em ;
+  background-color: #ffffee ;
+  width: 40% ;
+  float: right ;
+  clear: right }
+
+div.sidebar p.rubric {
+  font-family: sans-serif ;
+  font-size: medium }
+
+div.system-messages {
+  margin: 5em }
+
+div.system-messages h1 {
+  color: red }
+
+div.system-message {
+  border: medium outset ;
+  padding: 1em }
+
+div.system-message p.system-message-title {
+  color: red ;
+  font-weight: bold }
+
+div.topic {
+  margin: 2em }
+
+h1.section-subtitle, h2.section-subtitle, h3.section-subtitle,
+h4.section-subtitle, h5.section-subtitle, h6.section-subtitle {
+  margin-top: 0.4em }
+
+h1.title {
+  text-align: center }
+
+h2.subtitle {
+  text-align: center }
+
+hr.docutils {
+  width: 75% }
+
+img.align-left, .figure.align-left, object.align-left, table.align-left {
+  clear: left ;
+  float: left ;
+  margin-right: 1em }
+
+img.align-right, .figure.align-right, object.align-right, table.align-right {
+  clear: right ;
+  float: right ;
+  margin-left: 1em }
+
+img.align-center, .figure.align-center, object.align-center {
+  display: block;
+  margin-left: auto;
+  margin-right: auto;
+}
+
+table.align-center {
+  margin-left: auto;
+  margin-right: auto;
+}
+
+.align-left {
+  text-align: left }
+
+.align-center {
+  clear: both ;
+  text-align: center }
+
+.align-right {
+  text-align: right }
+
+/* reset inner alignment in figures */
+div.align-right {
+  text-align: inherit }
+
+/* div.align-center * { */
+/*   text-align: left } */
+
+.align-top    {
+  vertical-align: top }
+
+.align-middle {
+  vertical-align: middle }
+
+.align-bottom {
+  vertical-align: bottom }
+
+ol.simple, ul.simple {
+  margin-bottom: 1em }
+
+ol.arabic {
+  list-style: decimal }
+
+ol.loweralpha {
+  list-style: lower-alpha }
+
+ol.upperalpha {
+  list-style: upper-alpha }
+
+ol.lowerroman {
+  list-style: lower-roman }
+
+ol.upperroman {
+  list-style: upper-roman }
+
+p.attribution {
+  text-align: right ;
+  margin-left: 50% }
+
+p.caption {
+  font-style: italic }
+
+p.credits {
+  font-style: italic ;
+  font-size: smaller }
+
+p.label {
+  white-space: nowrap }
+
+p.rubric {
+  font-weight: bold ;
+  font-size: larger ;
+  color: maroon ;
+  text-align: center }
+
+p.sidebar-title {
+  font-family: sans-serif ;
+  font-weight: bold ;
+  font-size: larger }
+
+p.sidebar-subtitle {
+  font-family: sans-serif ;
+  font-weight: bold }
+
+p.topic-title {
+  font-weight: bold }
+
+pre.address {
+  margin-bottom: 0 ;
+  margin-top: 0 ;
+  font: inherit }
+
+pre.literal-block, pre.doctest-block, pre.math, pre.code {
+  margin-left: 2em ;
+  margin-right: 2em }
+
+pre.code .ln { color: grey; } /* line numbers */
+pre.code, code { background-color: #eeeeee }
+pre.code .comment, code .comment { color: #5C6576 }
+pre.code .keyword, code .keyword { color: #3B0D06; font-weight: bold }
+pre.code .literal.string, code .literal.string { color: #0C5404 }
+pre.code .name.builtin, code .name.builtin { color: #352B84 }
+pre.code .deleted, code .deleted { background-color: #DEB0A1}
+pre.code .inserted, code .inserted { background-color: #A3D289}
+
+span.classifier {
+  font-family: sans-serif ;
+  font-style: oblique }
+
+span.classifier-delimiter {
+  font-family: sans-serif ;
+  font-weight: bold }
+
+span.interpreted {
+  font-family: sans-serif }
+
+span.option {
+  white-space: nowrap }
+
+span.pre {
+  white-space: pre }
+
+span.problematic {
+  color: red }
+
+span.section-subtitle {
+  /* font-size relative to parent (h1..h6 element) */
+  font-size: 80% }
+
+table.citation {
+  border-left: solid 1px gray;
+  margin-left: 1px }
+
+table.docinfo {
+  margin: 2em 4em }
+
+table.docutils {
+  margin-top: 0.5em ;
+  margin-bottom: 0.5em }
+
+table.footnote {
+  border-left: solid 1px black;
+  margin-left: 1px }
+
+table.docutils td, table.docutils th,
+table.docinfo td, table.docinfo th {
+  padding-left: 0.5em ;
+  padding-right: 0.5em ;
+  vertical-align: top }
+
+table.docutils th.field-name, table.docinfo th.docinfo-name {
+  font-weight: bold ;
+  text-align: left ;
+  white-space: nowrap ;
+  padding-left: 0 }
+
+/* "booktabs" style (no vertical lines) */
+table.docutils.booktabs {
+  border: 0px;
+  border-top: 2px solid;
+  border-bottom: 2px solid;
+  border-collapse: collapse;
+}
+table.docutils.booktabs * {
+  border: 0px;
+}
+table.docutils.booktabs th {
+  border-bottom: thin solid;
+  text-align: left;
+}
+
+h1 tt.docutils, h2 tt.docutils, h3 tt.docutils,
+h4 tt.docutils, h5 tt.docutils, h6 tt.docutils {
+  font-size: 100% }
+
+ul.auto-toc {
+  list-style-type: none }
+
+</style>
+</head>
+<body>
+<div class="document" id="auth-api-key">
+<h1 class="title">Auth Api Key (Hash)</h1>
+
+<!-- !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!! This file is generated by oca-gen-addon-readme !!
+!! changes will be overwritten.                   !!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->
+<p><a class="reference external" href="https://odoo-community.org/page/development-status"><img alt="Beta" src="https://img.shields.io/badge/maturity-Beta-yellow.png" /></a> <a class="reference external" href="http://www.gnu.org/licenses/lgpl-3.0-standalone.html"><img alt="License: LGPL-3" src="https://img.shields.io/badge/licence-LGPL--3-blue.png" /></a> <a class="reference external" href="https://github.com/OCA/server-auth/tree/13.0/auth_api_key_hash"><img alt="OCA/server-auth" src="https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github" /></a> <a class="reference external" href="https://translation.odoo-community.org/projects/server-auth-13-0/server-auth-13-0-auth_api_key_hash"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external" href="https://runbot.odoo-community.org/runbot/251/13.0"><img alt="Try me on Runbot" src="https://img.shields.io/badge/runbot-Try%20me-875A7B.png" /></a></p>
+<p>Authenticate http requests from an API key.</p>
+<p>API keys are codes passed in (in the http header API-KEY) by programs calling an API in order to identify -in this case- the calling program’s user.</p>
+<p>Take care while using this kind of mechanism since information into http headers are visible in clear. Thus, use it only to authenticate requests from known sources. For unknown sources, it is a good practice to filter out this header at proxy level.</p>
+<p><strong>Table of contents</strong></p>
+<div class="contents local topic" id="contents">
+<ul class="simple">
+<li><a class="reference internal" href="#configuration" id="id1">Configuration</a></li>
+<li><a class="reference internal" href="#usage" id="id2">Usage</a></li>
+<li><a class="reference internal" href="#bug-tracker" id="id3">Bug Tracker</a></li>
+<li><a class="reference internal" href="#credits" id="id4">Credits</a><ul>
+<li><a class="reference internal" href="#authors" id="id5">Authors</a></li>
+<li><a class="reference internal" href="#contributors" id="id6">Contributors</a></li>
+<li><a class="reference internal" href="#maintainers" id="id7">Maintainers</a></li>
+</ul>
+</li>
+</ul>
+</div>
+<div class="section" id="configuration">
+<h1><a class="toc-backref" href="#id1">Configuration</a></h1>
+<p>The api key menu is available into Settings &gt; Technical in debug mode.
+By default, when you create an API key, the key is saved into the database.
+It is also possible to provide the value of this key via the configuration
+file. This can be very useful to avoid mixing your keys between your various
+environments when restoring databases. All you have to do is to add a new
+section to your configuration file according to the following convention:</p>
+<pre class="code ini literal-block">
+<span class="k">[api_key_&lt;Record Name&gt;]</span>
+<span class="na">key</span><span class="o">=</span><span class="s">my_api_key</span>
+</pre>
+</div>
+<div class="section" id="usage">
+<h1><a class="toc-backref" href="#id2">Usage</a></h1>
+<p>To apply this authentication system to your http request you must set ‘api_key’
+as value for the ‘auth’ parameter of your route definition into your controller.</p>
+<pre class="code python literal-block">
+<span class="k">class</span> <span class="nc">MyController</span><span class="p">(</span><span class="n">Controller</span><span class="p">):</span>
+
+    <span class="nd">&#64;route</span><span class="p">(</span><span class="s1">'/my_service'</span><span class="p">,</span> <span class="n">auth</span><span class="o">=</span><span class="s1">'api_key'</span><span class="p">,</span> <span class="o">...</span><span class="p">)</span>
+    <span class="k">def</span> <span class="nf">my_service</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span>
+        <span class="k">pass</span>
+</pre>
+</div>
+<div class="section" id="bug-tracker">
+<h1><a class="toc-backref" href="#id3">Bug Tracker</a></h1>
+<p>Bugs are tracked on <a class="reference external" href="https://github.com/OCA/server-auth/issues">GitHub Issues</a>.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us smashing it by providing a detailed and welcomed
+<a class="reference external" href="https://github.com/OCA/server-auth/issues/new?body=module:%20auth_api_key_hash%0Aversion:%2013.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**">feedback</a>.</p>
+<p>Do not contact contributors directly about support or help with technical issues.</p>
+</div>
+<div class="section" id="credits">
+<h1><a class="toc-backref" href="#id4">Credits</a></h1>
+<div class="section" id="authors">
+<h2><a class="toc-backref" href="#id5">Authors</a></h2>
+<ul class="simple">
+<li>ACSONE SA/NV</li>
+</ul>
+</div>
+<div class="section" id="contributors">
+<h2><a class="toc-backref" href="#id6">Contributors</a></h2>
+<ul class="simple">
+<li>Denis Robinet &lt;<a class="reference external" href="mailto:denis.robinet&#64;acsone.eu">denis.robinet&#64;acsone.eu</a>&gt;</li>
+<li>Laurent Mignon &lt;<a class="reference external" href="mailto:laurent.mignon&#64;acsone.eu">laurent.mignon&#64;acsone.eu</a>&gt;</li>
+<li>Quentin Groulard &lt;<a class="reference external" href="mailto:quentin.groulard&#64;acsone.eu">quentin.groulard&#64;acsone.eu</a>&gt;</li>
+<li>Sébastien Beau &lt;<a class="reference external" href="mailto:sebastien.beau&#64;akretion.com">sebastien.beau&#64;akretion.com</a>&gt;</li>
+</ul>
+</div>
+<div class="section" id="maintainers">
+<h2><a class="toc-backref" href="#id7">Maintainers</a></h2>
+<p>This module is maintained by the OCA.</p>
+<a class="reference external image-reference" href="https://odoo-community.org"><img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" /></a>
+<p>OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.</p>
+<p>This module is part of the <a class="reference external" href="https://github.com/OCA/server-auth/tree/13.0/auth_api_key_hash">OCA/server-auth</a> project on GitHub.</p>
+<p>You are welcome to contribute. To learn how please visit <a class="reference external" href="https://odoo-community.org/page/Contribute">https://odoo-community.org/page/Contribute</a>.</p>
+</div>
+</div>
+</div>
+</body>
+</html>
diff --git a/auth_api_key_hash/tests/__init__.py b/auth_api_key_hash/tests/__init__.py
new file mode 100644
index 0000000000..eeaffeeef4
--- /dev/null
+++ b/auth_api_key_hash/tests/__init__.py
@@ -0,0 +1 @@
+from . import test_auth_api_key_hash
diff --git a/auth_api_key_hash/tests/test_auth_api_key_hash.py b/auth_api_key_hash/tests/test_auth_api_key_hash.py
new file mode 100644
index 0000000000..23f6bda80d
--- /dev/null
+++ b/auth_api_key_hash/tests/test_auth_api_key_hash.py
@@ -0,0 +1,42 @@
+# Copyright 2023 Solvti Sp. z o.o.
+# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
+
+from odoo.exceptions import AccessError, ValidationError
+from odoo.tests.common import SavepointCase
+
+
+class TestAuthApiKeyHash(SavepointCase):
+    @classmethod
+    def setUpClass(cls, *args, **kwargs):
+        super().setUpClass(*args, **kwargs)
+        cls.AuthApiKeyHash = cls.env["auth.api.key.hash"]
+        cls.demo_user = cls.env.ref("base.user_demo")
+        cls.api_key_good = cls.AuthApiKeyHash.create(
+            {"name": "good", "user_id": cls.demo_user.id, "key": "api_key"}
+        )
+
+    def test_lookup_key_from_db(self):
+        demo_user = self.env.ref("base.user_demo")
+        self.assertEqual(
+            self.env["auth.api.key.hash"]._retrieve_uid_from_api_key("api_key"),
+            demo_user.id,
+        )
+
+    def test_wrong_key(self):
+        with self.assertRaises(ValidationError), self.env.cr.savepoint():
+            self.env["auth.api.key.hash"]._retrieve_uid_from_api_key("api_wrong_key")
+
+    def test_user_not_allowed(self):
+        # only system users can check for key
+        with self.assertRaises(AccessError), self.env.cr.savepoint():
+            self.env["auth.api.key.hash"].with_user(
+                user=self.demo_user
+            )._retrieve_uid_from_api_key("api_wrong_key")
+
+    def test_no_edit_key(self):
+        self.assertEqual(
+            self.env["auth.api.key.hash"]._retrieve_uid_from_api_key("api_key"),
+            self.demo_user.id,
+        )
+        with self.assertRaises(ValidationError):
+            self.api_key_good.write({"key": "updated_key"})
diff --git a/auth_api_key_hash/views/auth_api_key_hash.xml b/auth_api_key_hash/views/auth_api_key_hash.xml
new file mode 100644
index 0000000000..39688397b7
--- /dev/null
+++ b/auth_api_key_hash/views/auth_api_key_hash.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!-- Copyright 2023 Solvti Sp. z o.o.
+     License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl). -->
+<odoo>
+    <record model="ir.ui.view" id="auth_api_key_hash_form_view">
+        <field name="name">auth.api.key.hash.form (in auth_api_key_hash)</field>
+        <field name="model">auth.api.key.hash</field>
+        <field name="arch" type="xml">
+            <form create="false" edit="false">
+                <sheet>
+                    <label for="name" class="oe_edit_only" />
+                    <h1>
+                        <field name="name" class="oe_inline" />
+                    </h1>
+                    <group name="config" colspan="4" col="4">
+                        <field name="user_id" colspan="4" />
+                        <field
+                            name="key"
+                            colspan="4"
+                            attrs="{'invisible': [('key', '!=', False),('id', '!=', False)]}"
+                        />
+                        <field name="create_date" string="Valid from" colspan="4" />
+                    </group>
+                </sheet>
+            </form>
+        </field>
+    </record>
+    <record model="ir.ui.view" id="auth_api_key_hash_tree_view">
+        <field name="name">auth.api.key.hash.tree (in auth_api_key_hash)</field>
+        <field name="model">auth.api.key.hash</field>
+        <field name="arch" type="xml">
+            <tree>
+                <field name="name" />
+                <field name="user_id" />
+            </tree>
+        </field>
+    </record>
+    <record model="ir.actions.act_window" id="auth_api_key_hash_act_window">
+        <field name="name">Auth Api Key (Hash)</field>
+        <field name="res_model">auth.api.key.hash</field>
+        <field name="view_mode">tree,form</field>
+        <field name="domain">[]</field>
+        <field name="context">{}</field>
+    </record>
+    <record model="ir.ui.menu" id="auth_api_key_hash_menu">
+        <field name="name">Auth Api Key (Hash)</field>
+        <field name="parent_id" ref="base.menu_users" />
+        <field name="action" ref="auth_api_key_hash_act_window" />
+        <field name="sequence" eval="31" />
+    </record>
+</odoo>
diff --git a/setup/auth_api_key_hash/odoo/addons/auth_api_key_hash b/setup/auth_api_key_hash/odoo/addons/auth_api_key_hash
new file mode 120000
index 0000000000..6b318d4104
--- /dev/null
+++ b/setup/auth_api_key_hash/odoo/addons/auth_api_key_hash
@@ -0,0 +1 @@
+../../../../auth_api_key_hash
\ No newline at end of file
diff --git a/setup/auth_api_key_hash/setup.py b/setup/auth_api_key_hash/setup.py
new file mode 100644
index 0000000000..28c57bb640
--- /dev/null
+++ b/setup/auth_api_key_hash/setup.py
@@ -0,0 +1,6 @@
+import setuptools
+
+setuptools.setup(
+    setup_requires=['setuptools-odoo'],
+    odoo_addon=True,
+)