This topic has been discussed several times – how do you go about using Web API from within a single page SharePoint Provider-Hosted add-in? Bas Lijten had a great approach, which I emulated with some additions.
Provider-Hosted add-ins rely on OAUTH under the hood, and the technicalities are normally abstracted by SharePointContext and TokenHelper classes. In short, the issue with these classes is that they assume access to both HttpContext.Current and session state, neither which Web API guarantees.
You can see my code and read a more technical description over at GitHub.