Web API is a pretty sexy REST stack (though others are cool too). As I’ve been talking about it a lot lately, the biggest question by far is authentication and authorization. There are many options including OAuth, Token-based authentication, basic authentication, and even custom solutions. One option that should be included is to use your existing ASP.NET Forms-Based Authentication.
While this is useful in some use-cases, you’ll probably need to also support other mechanisms like OAuth, Token Auth and others. I cover many of these in my “Securing Web API” module of the Pluralsight course. The course covers building an API from scratch including coverage of security, versioning, using REST constraints and working with models. If you have a subscription, you might be interested in the whole course:
Let me know what you think!