I need to block access to my entire site via IP Address except the url /api which should be open to all.

I am currently using ...

<LocationMatch /admin>
    Order Deny,Allow
    Deny from all
    Allow from [MY IP]
</LocationMatch>

this blocks access urls starting with /admin. But I want to block all urls except the ones that start /api.

Chris

RewriteEngine On # (only needs to happen once in .htaccess files.

RewriteBase /
RewriteCond %{REMOTE_ADDR} !^10\.103\.18\.104     # <--YOUR IP HERE
RewriteCond %{REQUEST_URI} !^/api    # page or directory to ignore                   
RewriteRule ^(.*)$ http://example.com/no_access.html [R=401] # where to send blocked requests

Well you can first block the whole site, then simply allow /api.

<LocationMatch />
    Order Deny,Allow
    Deny from all
    Allow from [MY IP]
</LocationMatch>

<LocationMatch /api>
    Order Deny,Allow
    Allow from all
</LocationMatch>

Sorry I couldn't test it due to the way XAMPP is configured on my PC. Pray it works.