Since an API client is a boundary between your code and the outside world you should write as little code as possible to implement it. The client should strictly do its job by sending a request and returning a response. That is why we don’t really test the clients themselves but rather the code that processes the response from the client.
Sometimes you need to block access from certain IP addresses to your web site. It is easy to do in .htaccess file if you are running Apache. What if your server is behind a load balancer ? The code below lets you block IP addresses when your server is behind AWS load balancer.