The argument that a Fixed IP Requirement (FIR) will protect you in the case that somebody acquires your API-key looses further validity if you think about the possible scenarios in which it would actually protect you.
Case 1: Somebody gains access to my computer and steals the API key. The FIR will only protect me if my computer is not currently (or sometime in the future, which is highly unlikely) connected via the fixed IP. Attackers could otherwise run a script on the already infiltrated computer and move the equity without being hindered by the FIR.
Case 2: Somebody acquires my API key from a different location than my computer (e.g. accidentally uploading it to GitHub). In this case the FIR would protect me, assuming that the attacker does not proceed to infiltrate my network from which she could again run a script and move the equity.
I don't know why, but I made a Flow Diagram for this. See attachment.
In general, I think that there are better ways of protecting access to the API than having a Fixed IP Requirement. The requirement itself is not really save and results in a rather unbalanced security vs. convenience analysis.