diff --git a/htdocs/api/class/api_access.class.php b/htdocs/api/class/api_access.class.php
index aa62a813500..92a13c26c62 100644
--- a/htdocs/api/class/api_access.class.php
+++ b/htdocs/api/class/api_access.class.php
@@ -69,7 +69,7 @@ class DolibarrApiAccess implements iAuthenticate
 	 */
 	public function __isAllowed()
 	{
-		global $db;
+		global $conf, $db;
 
 		$login = '';
 		$stored_key = '';
@@ -100,11 +100,14 @@ class DolibarrApiAccess implements iAuthenticate
 
 		if ($api_key)
 		{
+			$userentity = 0;
+
 			$sql = "SELECT u.login, u.datec, u.api_key, ";
 			$sql.= " u.tms as date_modification, u.entity";
 			$sql.= " FROM ".MAIN_DB_PREFIX."user as u";
 			$sql.= " WHERE u.api_key = '".$db->escape($api_key)."'";
-
+			// TODO Check if 2 users has same API key.
+			
 			$result = $db->query($sql);
 			if ($result)
 			{
@@ -113,24 +116,31 @@ class DolibarrApiAccess implements iAuthenticate
 					$obj = $db->fetch_object($result);
 					$login = $obj->login;
 					$stored_key = $obj->api_key;
+					$userentity = $obj->entity;
+
+					if (! defined("DOLENTITY"))		// If API was not forced with HTTP_DOLENTITY, we set entity to entity of user
+					{
+						$conf->entity = ($obj->entity?$obj->entity:1);
+					}
 				}
 			}
 			else {
 				throw new RestException(503, 'Error when fetching user api_key :'.$db->error_msg);
 			}
 
-			if ($stored_key != $api_key) {
+			if ($stored_key != $api_key) {		// This should not happen since we did a search on api_key
 				$userClass::setCacheIdentifier($api_key);
 				return false;
 			}
 
 			if (! $login)
 			{
-			    throw new RestException(503, 'Error when searching logn user fro mapi key');
+			    throw new RestException(503, 'Error when searching login user from api key');
 			}
 			$fuser = new User($db);
-			if(! $fuser->fetch('',$login)) {
-				throw new RestException(503, 'Error when fetching user :'.$fuser->error);
+			$result = $fuser->fetch('', $login, '', 0, (empty($userentity) ? -1 : $conf->entity));	// If user is not entity 0, we search in working entity $conf->entity  (that may have been forced to a different value than user entity)
+			if ($result <= 0) {
+				throw new RestException(503, 'Error when fetching user :'.$fuser->error.' (conf->entity='.$conf->entity.')');
 			}
 			$fuser->getrights();
 			static::$user = $fuser;
@@ -146,11 +156,11 @@ class DolibarrApiAccess implements iAuthenticate
 		    throw new RestException(401, "Failed to login to API. No parameter 'HTTP_DOLAPIKEY' on HTTP header (and no parameter DOLAPIKEY in URL).");
 		}
 
-    $userClass::setCacheIdentifier(static::$role);
-    Resources::$accessControlFunction = 'DolibarrApiAccess::verifyAccess';
-    $requirefortest = static::$requires;
-    if (! is_array($requirefortest)) $requirefortest=explode(',',$requirefortest);
-    return in_array(static::$role, (array) $requirefortest) || static::$role == 'admin';
+	    $userClass::setCacheIdentifier(static::$role);
+	    Resources::$accessControlFunction = 'DolibarrApiAccess::verifyAccess';
+	    $requirefortest = static::$requires;
+	    if (! is_array($requirefortest)) $requirefortest=explode(',',$requirefortest);
+	    return in_array(static::$role, (array) $requirefortest) || static::$role == 'admin';
 	}
 
 	/**