In your access token settings, you can choose to limit the IPs that have access to your access token. Only do this if your API is integrated server-side, for example in your CRM system which is only accessed on site.
1) go to Access Tokens & Statistics in the account menu
2) click on your access token. If you have more than one token, click on the one you want to edit.
3) on the configuration page, scroll down to Allowed IPs. When this box is empty, all IPs will have access to your access token. As soon as you begin adding IPs to this box, all others will be blocked.