HTTPS does only two things: * Give you a warm, fuzzy feeling that you are communicating with the right server * Use encryption to prevent eavesdropping and tampering.
This does not restrict access to your API. Using HTTPS for sensitive data is mandatory, so use it. You can configure your external server (for example, nginx) to use SSL exclusively (for example, do not configure port 80 / HTTP). More details here: http://ariejan.net/2011/10/22/automatically-switch-between-ssl-and-non-ssl-with-nginx-unicorn-rails
Then you want the client to authenticate so that you can verify that they are the right party to receive data from you. You can use OAuth here, but since I am going to have only one client, this may be redundant.
The simplest form of authentication that you can use requires an authentication token. Each request should include this api token, which you can check on the server side. You can also use usage record metrics.
Thus, basically, you need an API key for each request and configure the server so that your API is open only through HTTPS.