Whitelisting vs Blacklisting IP addresses:
Whitelisting an IP address enables you to control who can (or cannot) access the API by setting up allowed IP addresses in Access Control. Any IP addresses set to "Allow" in access control will be granted access to the API for users from that IP address. Blacklisting an IP address will work the opposite, where IP addresses set to "Deny" will be blocked from accessing the API, while all others will be allowed.
This setting only applies to the account API and data API. The lead receiver access control is handled through lead source settings. Lead Source Access Control
Whitelisting IP addresses for API access
Gear (Top right)
Access Control (Bottom left sidebar)
Add IP Address (or select an IPAddress to edit
Type in an IP Address or IP Range
Allow in the dropdown
Save
This will only allow the set IPs to access the API, all others will be denied
Blacklisting IP addresses from API access
Similar to whitelisting, you will follow the same steps above, but in this case, instead of selecting Allow, you will select Deny. This will only allow the set IPs to access the API, all others will be allowed.