I have a digitalocean droplet running Ubuntu 18.04.2 and nginx, and an API built with the Django Rest Framework on it. The specs of the project I'm working on require a VPN to be set up, so I've set up OpenVPN on the droplet. I've also generated a config file to send to the client that will be connecting to my API.
My API is currently still accessible by anyone who has the IP address and the username/password combination I've created. My question is: how can I configure my server/OpenVPN to allow access only to the client that I am going to give the configuration file to?