Need to restrict dashboard access, but allow API endpoint use

When ever I restrict all IPs but mine (.htaccess in root html):

   Require ip  # My dedicated IP VPN

The dashboard access works as expected - only from my dedicated IP, but this also restricts any GET/POST access to the mautic endpoint /api/contacts. How can I circumvent this?

From my understanding, the mautic API endpoint has a listener on its own like express, why is apache involved in this process?

TD;DR - I need my mautic dashboard to be restricted to 1 IP address, whilst having the api of mautic to be public and unrestricted.