Restricting routes

What would be the best way to restrict a specific route to a specific client?
For example:
/api/products -> accessible to all
/api/products/{id} -> restricted to a specific client
/api/products/{id}/details -> accessible to all

See docs for Custom Route Rules where you can define a Custom Request Rule that inspects the incoming IRequest and apply it to specific routes.