Is there any one who can help me with a standard on creating secured API's. is there any such standard in the industry which can be followed as a benchmark?
There appears to be a start to it on OWASP: https://www.owasp.org/index.php/OWASP_SaaS_Rest_API_Secure_Guide
Not a lot there yet, though, but you may want to reach out to the project lead.
OWASP is our friend here:
They are a non-profit with pedigree, don't push commercial agendas and an open resource.
Do you have a security model for access control? Or do you know how you will be performing access control enforcement or policy enforcement? Are you the identity provider or service provider? What API protocols will you support? Will you use a gateway?
I hate to ask so many questions but in order to really provide secure APIs you have to consider the full access control model (most of the time).
Ron Parker CISSP, CCSP