As a developer, API Keys are typically issued to you to identify the project you are working on and to enforce rate and access limits on proper API usage. These API keys are typically just static secrets baked into your app or web page, and they are pretty easy to steal but painful to replace. You can do better.
By nature, API keys are not a complete solution. While your suggestions are really helpful, I believe they are fine for read-only purposes. but too weak a to match the complexity of a high-use API system.