Once you distribute your application, it can be taken apart. In this way, the private key that will be distributed with your application can be retrieved and reused.
There is no completely secure way to do what you are trying to do. But there are ways to limit customers, even if they are not reliable.
The simplest (and least secure) is user agent-based access restriction. But any client can fake a user agent.
The certificate / cryptography solution is more reliable, but as mentioned above, the certificate can be extracted from your application.
OAuth is used by some applications in the same context as yours. But OAuth was not intended for desktop (or mobile) applications, and was also vulnerable to reverse-engineering an application.
You can authenticate the user (via user / password or other standard method). In this case, you are not limited to the base on the shape of the plate. Then you can close the account of users who abuse your service. This is a safe solution, but not quite the answer to your problem.