I am developing RESTful APIs with ASP.NET WebAPI for an Android application and there is an option to make a registration through our application. Suppose that our registration endpoint is something like '/api/register/' with some parameters like 'username', 'password' and 'email address'. So this endpoint is likely to be opened not only for Android device, but for everyone.
I mean it is easy to trace all the requests and responses to and from our server, so a bad person may calls this endpoint to start registering many users in our system.
I want to know how I can secure my API?
You can take a number of steps to ensure your API can't be called by a random client. These will be effective for 99.9% of the potential threats, but keep in mind that if someone is very committed and is able to decompile your Android app and man-in-the-middle your app's connection, they can still break your security. (I wouldn't worry about such special cases unless you are trying to protect a really high value target.)
For a basic level of protection:
For increased security, you will need to implement some kind of pre-authentication, similar to the flow I describe here:
This topic is more complex and unfortunately I haven't come across a simple example that I can point you to.