Thanks for quick response.
But I need deny access only through api, not through normal web interface
Is it possible?