If you enable the 'withdraw' function on the API keys that's it....you can't specifiy who has access to the actual withdraw function on any specific key. If there was a way to multisig a whitelisted ip with the withdraw function that would be a way i guess, but there isnt as far as i know.