MVC is a browser-oriented website. The WebAPI is designed to access the software by some client other than the browser web page (although it may be javascript running in the browser). Thus, OpenID or OAuth input streams that require browser redirection do not make sense for WebAPI. Not in any case.
What seems to apply is that you want your WebAPI to be authorized, and to know which user they represent. In general, the OAuth 2 resource server acts for WebAPI, which accepts access tokens issued by the authorization server, which really accepts Facebook, Twitter, and Google for users to log in before minting these access tokens.
These are some examples of WebAPI. Here is one .
Andrew Arnott
source share