diff --git a/swh/deposit/api/common.py b/swh/deposit/api/common.py
--- a/swh/deposit/api/common.py
+++ b/swh/deposit/api/common.py
@@ -836,6 +836,7 @@
                 .order_by("-id")[0:1]
                 .get()
             )
+            deposit.origin_url = origin_url
 
         if "atom:external_identifier" in metadata:
             # Deprecated tag.
@@ -846,12 +847,7 @@
                 raise DepositError(
                     BAD_REQUEST,
                     "<external_identifier> is deprecated, you should only use "
-                    "<swh:create_origin> from now on.",
-                )
-
-            if deposit.parent:
-                raise DepositError(
-                    BAD_REQUEST, "<external_identifier> is deprecated.",
+                    "<swh:create_origin> and <swh:add_to_origin> from now on.",
                 )
 
             if headers.slug and metadata["atom:external_identifier"] != headers.slug:
diff --git a/swh/deposit/tests/api/test_collection_add_to_origin.py b/swh/deposit/tests/api/test_collection_add_to_origin.py
--- a/swh/deposit/tests/api/test_collection_add_to_origin.py
+++ b/swh/deposit/tests/api/test_collection_add_to_origin.py
@@ -51,6 +51,7 @@
 
     assert new_deposit != deposit
     assert new_deposit.parent == deposit
+    assert new_deposit.origin_url == origin_url
 
 
 def test_add_deposit_add_to_origin_conflict(
@@ -133,7 +134,7 @@
     )
 
     assert response.status_code == status.HTTP_400_BAD_REQUEST
-    assert b"&lt;external_identifier&gt; is deprecated." in response.content
+    assert b"&lt;external_identifier&gt; is deprecated" in response.content
 
 
 def test_post_deposit_atom_403_add_to_wrong_origin_url_prefix(
diff --git a/swh/deposit/tests/api/test_collection_post_atom.py b/swh/deposit/tests/api/test_collection_post_atom.py
--- a/swh/deposit/tests/api/test_collection_post_atom.py
+++ b/swh/deposit/tests/api/test_collection_post_atom.py
@@ -212,6 +212,36 @@
     assert deposit.status == DEPOSIT_STATUS_DEPOSITED
 
 
+def test_post_deposit_atom_with_slug_and_external_identifier(
+    authenticated_client, deposit_collection, deposit_user, atom_dataset, mocker
+):
+    """Even though <external_identifier> is deprecated, it should still be
+    allowed when it matches the slug, so that we don't break existing clients
+
+    """
+    url = reverse(COL_IRI, args=[deposit_collection.name])
+
+    slug = str(uuid.uuid4())
+
+    # when
+    response = post_atom(
+        authenticated_client,
+        url,
+        data=atom_dataset["error-with-external-identifier"] % slug,
+        HTTP_IN_PROGRESS="false",
+        HTTP_SLUG=slug,
+    )
+
+    assert response.status_code == status.HTTP_201_CREATED
+    response_content = parse_xml(BytesIO(response.content))
+    deposit_id = response_content["swh:deposit_id"]
+
+    deposit = Deposit.objects.get(pk=deposit_id)
+    assert deposit.collection == deposit_collection
+    assert deposit.origin_url == deposit_user.provider_url + slug
+    assert deposit.status == DEPOSIT_STATUS_DEPOSITED
+
+
 def test_post_deposit_atom_with_mismatched_slug_and_external_identifier(
     authenticated_client, deposit_collection, atom_dataset
 ):
diff --git a/swh/deposit/tests/api/test_collection_reuse_slug.py b/swh/deposit/tests/api/test_collection_reuse_slug.py
--- a/swh/deposit/tests/api/test_collection_reuse_slug.py
+++ b/swh/deposit/tests/api/test_collection_reuse_slug.py
@@ -147,6 +147,46 @@
     assert new_deposit.origin_url == origin_url
 
 
+def test_add_deposit_with_external_identifier(
+    authenticated_client,
+    deposit_collection,
+    completed_deposit,
+    atom_dataset,
+    deposit_user,
+):
+    """Even though <external_identifier> is deprecated, it should still be
+    allowed when it matches the slug, so that we don't break existing clients
+
+    """
+    # given multiple deposit already loaded
+    deposit = completed_deposit
+    assert deposit.status == DEPOSIT_STATUS_LOAD_SUCCESS
+    origin_url = deposit_user.provider_url + deposit.external_id
+
+    # adding a new deposit with the same external id as a completed deposit
+    # creates the parenting chain
+    response = post_atom(
+        authenticated_client,
+        reverse(COL_IRI, args=[deposit_collection.name]),
+        data=atom_dataset["error-with-external-identifier"] % deposit.external_id,
+        HTTP_SLUG=deposit.external_id,
+    )
+
+    assert response.status_code == status.HTTP_201_CREATED
+    response_content = parse_xml(BytesIO(response.content))
+    deposit_id = response_content["swh:deposit_id"]
+
+    assert deposit_id != deposit.id
+
+    new_deposit = Deposit.objects.get(pk=deposit_id)
+    assert deposit.collection == new_deposit.collection
+    assert deposit.origin_url == origin_url
+
+    assert new_deposit != deposit
+    assert new_deposit.parent == deposit
+    assert new_deposit.origin_url == origin_url
+
+
 def test_add_deposit_external_id_conflict_no_parent(
     authenticated_client,
     another_authenticated_client,