this is the perfect scenario for OAuth2.
Coinbase + Firebase - Build a Bitcoin App
You need to be able to generate a token and then to secure the API endpoints so only calls with this token in the authorization header will be fulfilled.
I suggest looking into using something like Owin which will give you everything you need.
This is application level authorization so you will have two keys, a ClientID and a ClientSecret which will be used to generate the token. This way you can even build multiple applications using the same API each identified through their own set of keys.
Here is a detailed article, albeit a bit older showing how to do it from scratch:
answered Nov 16 '16 at 8:34
4,80233 gold badges1414 silver badges2626 bronze badges