I would like to know if you can restrict requests to a web api specifically for a machine.
My api web will be hosted on computer A.
My client (at first only one) will be hosted on the computer B .
Different servers, different machines.
How can I filter that the web api just "responds" to the client of the computer B ?
What you need to implement is authentication, mainly because you said that in the second moment you will have a mobile application.
With the mobile app you will no longer be in control of who the app is from. If you do not have a mobile application, you might be able to do the IIS restriction since the source domain is known and unique.
Use some of the oAuth authentication versions, version 1.0 is very simple and quick to implement.
SSL does not help you in this scenario.
1 - SSL is the minimum you should have if you want to expose an api to a client, but that does not have much to do with your problem.
2 - While you do not have a mobile app consuming your api, you have some ways to restrict your clients' access through IPs configuring IIS through a Firewall or even through a digital certificate to establish communication with your api.
3 - When you have a mobile application consuming an api the scenario changes, there is no possibility of IP restriction. One of the authentication patterns used in this case is OAuth2:
I would like to know if you can restrict requests to a web api specifically for a machine
Response: Token per user
My recommendation: jwtSecurityTokenHandler,
And to have full control you need to create a AuthorizeAttribute filter for a particular user.
[Authorize(Roles = "MaquinaA")]