As an addition to the previous posts on API Managament, I wanna present an alternative, more desirable solution. Up to now we created the service and the client in ADFS. In the Startup.Auth.cs file (located in the App_Start folder) we used ActiveDirectoryFederationServicesBearerAuthentication. What we can also do, is create the service and client application in Azure Active Directory. You will have to log on to the ADFS server once with an admin account and convert your Azure Active Directory domain to a federated domain using a Powershell command:
Convert-MsolDomainToFederated -DomainName [AAD domain]
In ADFS a relaying party trust is automatically created. Now when you try to log in and authorize against Azure Active Directory, you automatically get redirected to ADFS 3.0. In your Web API you can simply use WindowsAzureActiveDirectoryBearerAuthentication, no Federation Services.
For a more elaborate discussion, see MyTwoCents on YouTube.