Multi-factor authentication for API keys through IP allowlisting, TOTP-based MFA, and certificate-based authentication
