Please allow me to restrict the IP addresses that API calls for particular keys are allowed to originate from.
Do you believe you or someone else has successfully been compromised by having their API accessed from an IP which was not theirs? If you only access from a given IP, why not keep the API key only on that box and not floating around in other places?
To be clear, I am not against this feature but do want to flush out the use case a bit more. Sometimes things that seem like security really just add more headache and little security.
It really is simply security in depth.
Now by stealing my API keys, an attacker has pretty much full access to my account and all funds in it.
If IP address is restricted, this way he needs to gain control of the IP address as well.