I'd like to only expose the websocket interface publicly but the http one through a proxy with method-based rate limiting i've set up; but in having the same API key for both, I compromise the api key over the websocket access.