I am considering using the IDFV to create under-the-hood user accounts to access my REST API via Oauth2 in my iOS app. While I don't care much about users accessing the service through my app I want to prevent (dissuade) people from accessing the API on their own but I don't want to force users of the app to "sign up", hence the idea of using the IDFV.
The question is though, if the server starts receiving requests from a new IDFV is there a way I can do some hash check on it with my vendor name to at least know someone didn't just send me a randomly generated one?
No, the IDFV is an opaque value. There is no indication in the UUID as to the original source data that was used to generate it.
The purpose of the IDFV is to identify a unique instance of your app on some device, not to identify your app.
In my opinion, someone who was to use your API outside of your app would probably start with a traffic capture and end up simply replaying the captured IDFV value anyway.
An alternative approach is to have your app request a time-sensitive nonce from the server. The app then has to hash this value and return it to get a session key. The app then includes that session key with every request. After a period of time it has to request a new session key.
This approach isn't fool-proof as an attacker could decompile your app and determine your hashing technique but it certainly raises the bar.