You asked a similar question recently. Typically, remote Web API services are secured by a token. It's the same concept as authorization in Razor Pages. The client gets a token from an authentication service by passing a username and password. The client sends this token to gain access to secured resources.
I recommend going through the IdentityServer4 quick start docs. IdentityServer4 is a feature rich and configurable OAuth/OIDC token server. The quick start illustrates how to secure Web API and configure different types of clients including JavaScript. Read the big picture doc first. It explains the security problem OAuth/OIDC IdentityServer4 solves.
ASP.NET Core comes with JWT support if you want to roll your own API authorization logic. There are a lot of easily found blogs, tutorials, and forum posts. on this subject.
The community has no idea what is not clear to you and what you consider outdated. You need to be a bit more specific if there is something you do not understand. Explain your design goals. Provide code samples that illustrate what you are trying to do.