Hello Miniera,
The developer token or client ID doesn't restrict the accounts you can access, only the OAuth credentials do.
You need to create a login X and grant it the access to only account you want to grant access to (not the MCC). Then generate a refresh token for this login.
Any application using the API with refresh token of X will now only be able to access this account.
-Danial, AdWords API Team.