Hi iaditya,
Thank you for sharing additional details.
So, IP whitelisting is already done, because you are able to login using the campaign console.
For logging into the application your public IP has to be whitelisted under VPN securityZone at the server side but for making API calls they need to be under Webservices securityZone.
Hence, I'd request you to open a support ticket as they can verify if the IP is correctly whitelisted or not.
Regards,
Vipul Raghav