In your access token settings, you can choose to limit the domains that have access to your access token. Only do this if your API is integrated client-side, for example in the checkout of your eCommerce store.
1) go to Access Tokens & Statistics in the account menu
2) click on your access token. If you have more than one token, click on the one you want to edit.
3) on the configuration page, scroll down to Allowed Domains. When this box is empty, all domains will have access to your access token. As soon as you begin adding domains to this box, all others will be blocked.