diff --git a/app/controllers/repp/v1/base_controller.rb b/app/controllers/repp/v1/base_controller.rb
index f2e448b85..d2057599e 100644
--- a/app/controllers/repp/v1/base_controller.rb
+++ b/app/controllers/repp/v1/base_controller.rb
@@ -122,13 +122,9 @@ module Repp
       end
 
       def check_ip_restriction
-        if webclient_request?
-          ip = request.headers['X-Client-IP']
-          return if registrar_ip_white?(ip)
-        else
-          ip = request.ip
-          return if @current_user.registrar.api_ip_white?(ip)
-        end
+        ip = webclient_request? ? request.headers['X-Client-IP'] : request.ip
+        return if registrar_ip_white?(ip) && webclient_request?
+        return if api_ip_white?(ip) && !webclient_request?
 
         render_unauthorized_response(ip)
       end
@@ -139,6 +135,10 @@ module Repp
         @current_user.registrar.registrar_ip_white?(ip)
       end
 
+      def api_ip_white?(ip)
+        @current_user.registrar.api_ip_white?(ip)
+      end
+
       def render_unauthorized_response(ip)
         @response = { code: 2202, message: I18n.t('registrar.authorization.ip_not_allowed', ip: ip) }
         render json: @response, status: :unauthorized