I am going to make a custom login module for users who won't have anything to do CMS admin. Those users will have access to some certain parts of the website which the not logged in users won't have.
I have a user database somewhere else and I will get an api endpoint to authenticate the user. I would get an authentication token along with list of modules etc which will help me give access to certain parts of the website.
What is my best bet to use here? I googled a bit and found web api 2 solution. Is that the way to go or should I consider something else? Is there some tutorial I can refer to?
You can use standard asp.net to handle login and authentication. How you handle the access rights is another story. You will most likely need to mapp the user to access rights somehow inside episerver if you like to use that to control access to pages inside episerver.
Have a look at this section: https://world.episerver.com/documentation/developer-guides/CMS/security/Authentication-and-authorization/ and these links: https://world.episerver.com/blogs/Daniel-Ovaska/Dates/2016/6/creating-a-custom-login-page/