We have load balanced back end systems that we'd like to have open tickets via the API. The problem is that the same code can run on one of several hosts each with a different IP address.
I think it would be more flexible if the API key generation accepted either an IP address or FQDN. If an FQDN is entered, that FQDN is saved, and a reverse lookup is done at the time of API invocation. If the calling system's IP address is one of the PTR records returned for the FQDN, allow it.
Another (less elegant IMHO) option would be to allow multiple IP addresses to be assigned to one API key.
Yet another possibility would be to allow subnets to be entered instead of an IP address (something like 10.10.0.0/22). That's a pretty big hammer, but it would suffice for our needs.