Nuget package 'Mocq' has been used for this exercise.
In order to get an API secured, you can work with claims. Before granted access to a specific action, a user needs a token upon logging in (also called 'access token'). The user might get a refresh token after a specific period of time. Last two previous mentioned tokens may contain a specific claim which grants access to this API. These claims have to be configured in the target Controller.