Server to server API authentication

We have an ASP.NET WEB API 2.0 that will be accessed by an MVC Core site. We want to restrict access to the API only to the MVC Core site (both sites will run on our VMs in Azure). Is it sufficient from an authentication and security perspective to pass a simple username and password in plaintext inside each HTTP request from the MVC Core site to the API as long as we are requiring HTTPS for all calls?