In the API Keys page, add an additional field for defining a set of allowed IPs and IP ranges. If the field is empty then all IPs are allowed. Enforce the IP restriction in all API calls. For more information, see Controlling API Key Permissions.