Dec 21, 2018 11:37 AM|yogyogi|LINK
You API is public which means anyone can access it. You can make it private by forcing users to send their API key and secret only then they will be able to access API. Users can send the key and secret in the header of HTTP request to the API calls.
Check this complete tutorial which makes the Header key sending and authentication in Web API - Consuming ASP NET Web API from Start