Best way to secure ASP.NET Web API 2 where multiple client use it
You are on the right track by using Token based authentication. Here is a link which shows the implementation details-
Token based authentication in Web API without any user interface
Additionally, I think you can secure the channel using SSL-
http://www.c-sharpcorner.com/UploadFile/55d2ea/creating-and-using-C-Sharp-web-application-over-https-ssl/