Whitelisting vs Blacklisting IP addresses:
Whitelisting an IP address enables you to control who can (or cannot) access the API by setting allowed IP addresses in Access Control. Any IP addresses set to "Allow" in access control will be granted access to the API for users from that IP address. Blacklisting an IP address will work the opposite, where IP addresses set to "Deny" will be blocked from accessing the API, while all others will be allowed.
This setting only applies to the account API and data API. The lead receiver access control is handled through lead source settings. Lead Source Access Control
Whitelisting IP addresses for API access
To whitelist an IP Address, go to Settings and select API Access Control, click the Add button and enter the IP addresses. Next, select Allow in the dropdown, then click Add. This will only allow the set IPs to access the API, all others will be blocked.
Blacklisting IP addresses from API access
To blacklist an IP Address, go to Settings and select API Access Control, click Add and enter the IP addresses. Next, select Deny in the dropdown, then click Add. This will prevent the IPs set from accessing the API; all others will be allowed.