Our company requires every external applications service to add an additional authentication method other than the apikey authentication. For example:
token based 2 factor authentication,
client certificate authentication or
source IP address filtering.
Of above 3 methods, source IP address filtering, which allows specific IP address ranges and only that IP address ranges to access Watson service instances, is the most ideal from the user perspective because it does not require a end users to authenticate every time they want to use a chatbot nor it does not require user administrator to set up client certifications.
Again, this is mandate feature for our company. I have also met a lot of our customers who have the similar requirement.
Lastly, please do not make this feature to premium plan exclusive because that would kill virtually all of our/customers use cases.
NOTICE TO EU RESIDENTS: per EU Data Protection Policy, if you wish to remove your personal information from the IBM ideas portal, please login to the ideas portal using your previously registered information then change your email to "email@example.com" and first name to "anonymous" and last name to "anonymous". This will ensure that IBM will not send any emails to you about all idea submissions