In case your API key is compromised, or for any other reason, you can block the access to the API by regenerating the API token, or by locking the API.
You can do these actions in Account Settings > API Access or in Organization Settings > API Access, if you are using an organization.
If the API is used with a token generated in the account of a project administrator, the actions above should be done in the admin's account, to block API access.
In order to block webhooks access, you can simply delete them from the Integrations section.