My ERPNext instance is accessible over internet and also communicates with another system of mine over a VPN. Only the communication with the another system is routed over the VPN, rest all goes over the internet.
Now, I have an whitelisted method made only for the use of the system connected over the VPN. How can I limit the exposure of that specific API endpoint so that nobody on the internet will be able to access it while the system connected through VPN gets to access it?