Is it possible to disable Rest API access?

We would like to disable Rest API access for any requests made using Rest API keys.

However we can't find a global setting for this. It looks possible to disable certain API endpoints via the control panel plugin management but not all can be disabled (I assume as they are needed out of the box).

If this setting doesn't exist is there an event we can monitor to reject the request if the Rest-User-Token is present?

Ideally requests made using OAuth would still be allowed.

Thanks