Please understand I'm asking this question at a very high level. My client wants me to develop a secure web API for capture and reporting on business data. This is the core requirement, and secondary to that, he wants an application that consumes the API. I'm quite happy to deliver both in my chosen dev platform, i.e. ASP.NET MVC4, but I'd like some overview suggestions on what to look at 'horizontally' so to say. Should I cater for multiple formats, be REST? What are my options for securing the API? A good book covering this area would me an immense help if someone can recommend one.