Web API is built on top of HTTP. HTTP verbs are mapped to action methods on controllers.

CRUD operations are supported by using HttpPost, HttpGet, HttpPut, and HttpDelete.

Routing is used to map URLs to controllers.

Web API supports content negotiation, so a user of your service can specify both the format of the request and the desired response format. By default, JSON and XML are supported.

You can secure Web APIs by using Basic authentication and Windows Authentication.

When using Basic authentication, you should use SSL to secure user credentials.

XSFR is an important thread to protect yourself from by using specialized tokens.

Services can be hosted in several different ways, including self-hosting, IIS, and Windows Azure.

Self-hosting ...