Best way to secure ASP.NET Web API 2 where multiple client use it

You are on the right track by using Token based authentication. Here is a link which shows the implementation details-

Token based authentication in Web API without any user interface

Additionally, I think you can secure the channel using SSL-

http://www.c-sharpcorner.com/UploadFile/55d2ea/creating-and-using-C-Sharp-web-application-over-https-ssl/