Added two new fields to the keys table: 1) is_private_key and 2) ip_addresses. These two fields work together. If the key is private a list of IP addresses can be associated with the API key, If the API key is private and no valid address if found, the request is rejected. IP addresses need to be separated by a line break n. This is an alternative to the ip-whitelist, but it is tight to the API key.

Author: juanatgmo

application/config/rest.php

@@ -156,6 +156,8 @@
 	  `key` varchar(40) NOT NULL,
 	  `level` int(2) NOT NULL,
 	  `ignore_limits` tinyint(1) NOT NULL DEFAULT '0',
+	  `is_private_key` tinyint(1)  NOT NULL DEFAULT '0',
+	  `ip_addresses` TEXT NULL DEFAULT NULL,
 	  `date_created` int(11) NOT NULL,
 	  PRIMARY KEY (`id`)
 	) ENGINE=InnoDB DEFAULT CHARSET=utf8;

application/libraries/REST_Controller.php

@@ -579,6 +579,33 @@ protected function _detect_api_key()
 			isset($row->user_id) AND $this->rest->user_id = $row->user_id;
 			isset($row->level) AND $this->rest->level = $row->level;
 			isset($row->ignore_limits) AND $this->rest->ignore_limits = $row->ignore_limits;
+			
+			if(!empty($row->is_private_key))
+			{
+				
+				// Check for a list of valid ip addresses
+				if(isset($row->ip_addresses))
+				{
+					$list_ip_addresses = explode("\n", $row->ip_addresses);
+					$found_address = FALSE;
+					
+					foreach($list_ip_addresses as $ip_address)
+					{
+						if($this->input->ip_address() == $ip_address)
+						{
+							$found_address = TRUE;
+							break;
+						}
+					}
+					
+					return $found_address;
+				}
+				else
+				{
+					// There should be at least one IP address for this private key.
+					return FALSE;
+				}
+			}
 
 			return TRUE;
 		}