Pls dont award before discussing
I got your main concern that you want to create a secure authentication API and for this I will suggest to go with Outh2. So, first I want to give you some brief that why I am suggesting you for Outh, please find below:
OAuth is an open standard to authorization. OAuth provides client applications a 'secure delegated access' to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without sharing their credentials.
Designed specifically to work with Hypertext Transfer Protocol (HTTP), OAuth essentially allows access tokens to be issued to third-party clients by an authorization server, with the approval of the resource owner, or end-user. The client then uses the access token to access the protected resources hosted by the resource server.
The below link will give you some light that what I want to state to you. http://www.asp.net/web-api/overview/security/individual-accounts-in-web-api
Now, you want that we will develop only the endpoint for the service and we don't need to connect with the database but I am expecting some specification from you because all the details is necessary to make an application more secure.
1. Can you please specify what kind of message API will send in response to the device. Is this will consist a huge data?
2. I am assuming that there we will develop three methods for the API Registration, login and GetMessage (by