How to authenticate a request coming to WEB API

I have a WEB API that receives requests from several applications. Based on the JSON received, the WEB API logic decides the steps to process and finally sends out notifications to individuals responsible.

I need to secure my WEB API so that unauthorized systems do not send requests to the WEB API, which might lead to unwanted processing and sending unwanted messages to recipients.

Basically I am trying to avoid the WEB API being attacked. I have an idea in order to do that the client systems must send a client-id in the request header in which the WEB API will have to authenticate. What is the best approach to achieve this requirement? and How to do this?

I would be grateful if I can get a detailed idea of how to achieve this and how to create client id's, and authenticate the clients requesting the WEB API.

If your web api only receives some applications you can apply IP filter with AuthorizationFilterAttribute.

public class IpFilter : AuthorizationFilterAttribute
    {
        string[] allowedIps;

        public IpFilter()
        {
            allowedIps = ReadFromConfig(); //You may read from config your allowed ips
        }

        public override void OnAuthorization(HttpActionContext actionContext)
        {
            CheckIps(actionContext);
        }

        public void CheckIps(HttpActionContext actionContext)
        {
            string requestIpAddress = context.Request.ServerVariables["HTTP_X_FORWARDED_FOR"];

            if (string.IsNullOrEmpty(requestIpAddress ))
            {
               requestIpAddress = HttpContext.Current.Request.UserHostAddress;
            }

            if(string.IsNullOrEmpty(requestIpAddress))
                throw new HttpResponseException(HttpStatusCode.Unauthorized);


            foreach (var ip in allowedIps)
            {
                if (requestIpAddress == ip.Trim())
                    return;
            }

            actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized,
                new { Message = "Unauthorized" });
        }
    }

Then all you need to do is adding this attribute to controller.

[IpFilter]
public class YouController : ApiController
{
}

First of all, let's make these concepts clear.

> Authentication => About Identification
>
> Authorization => About Permission

Authentication means confirming your own identity, whereas authorization means being allowed access to the system.

• You can use JWT for both of them to send client-id, number etc.(encoded) in header.

• In JWT, you have a secret key(encoded) in your token header, that prevents other users to access your API.

You can search for more info here and here

Anybody who down votes this question have to add the reason for down voting ! I am asking a question since its a valid question from my point of view. If not whats the point of asking questions in Stackoverflow. Can administrators look into this ?