API IP Whitelist

Hi, I have been using knack (integrated with other code I have written) for a few months now and I think its fantastic but there is a feature request that I have about something that I am puzzled about.

We currently have the ability to whitelist IP’s for the app use but the API is not included in this. The support says the following about it, “This feature does not affect access to the API in general. The API is secured by API keys so additional IP protection is not needed”.

Personally I feel that there is a MAJOR benefit in having an IP whitelist for the API (separate to the main app) as any code leaks (or any other issues) that result in the API key being leaked basically gives any hacker complete access to the entire database. While all efforts should taken to prevent this outcome, would it not make sense to have this as a safety net?

Thanks for hearing me out