Would like to have the current API keys whitelistable by IP address (IE only certain IPs are permitted to use certain keys) as well as a manager for the keys to distribute multiple keys for multiple addresses. Would help in maintaining the security of the keys in case of a leakage/breach.
Also, each individual API keys should have permissions. In a manager of some sort, the company should be able to choose what API keys are permitted to do what (IE user-to-user transactions, company-to-user transactions, user creation). This would allow for more flexible/micro-service based backend software architecture.