ASP.NET Web API
I dont want this to go unanswered, in future for general security questions http://security.stackexchange.com is the place.
For my purpose I think just SSL/Https will do the job.
I'd also recommend you test your web services out with https://www.ssllabs.com/ssltest/ that grades how secure your web site/service is. SSLLabs mainly catches TLS 1.1 vulnerabilities so make sure you're on the latest TLS to get a Grade A. TLS is basically the same thing as SSL. SSL 3.0 was the last version of SSL. TLS – Transport Layer Security, a new name for SSL. TLS 1.0 is colloquially considered “SSL 3.1”. Created and maintained by Internet Engineering Task Force. The latest version is TLS 1.2 and TLS 1.3 is currently in draft format.
All my WebRequests in my App are now HttpsWebRequests. Does this mean all my traffic is secured?
Nothing is 100% secure, but it sounds like you're following the recommended practices: https://developer.xamarin.com/guides/cross-platform/macios/http-stack/
Do I need any Client Certificate which I have to install on the phones which use my app?
What you're thinking of is called Certificate Pinning and https://forums.xamarin.com/discussion/8743/self-signed-cert-using-httpclient
The 3 most common mistakes to securing a mobile app are:
Securing Mobile Apps is such a large subject - there are entire books on the topic. At the very least read up on:
OWASP Mobile Security Project:
Secure Coding Guidelines for iOS and Android: https://mgovlab.government.ae/uploads/SecureCodingGuidelines.pdf and make sure you've covered off the top 10 vulnerabilities:
When you package your application follow the offical Xamarin guide, pay attention to ProGuard.