For each API function that only returns some data (as opposed to SAVE or DELETE) you should add a GET based API.
public class OrderController: BaseApiController
{
[HttpGet, Route("orders/history/{param1}/{param2}")]
public IHttpActionResult OrderHistory(string param1, int param2, string param3 /* from querystring */)
{
// Security checks:
if (! (User is Customer)) return Unauthorized("User is not a customer!");
if (!myCustomValidationCheck()) return BadRequest("Some error message");
var orders = User.Orders.Where(o => o.Date > args.Since);
var result = orders.Select( o =>
{
MobileProperty1 = o.Something,
MobileProperty2 = o.SomethingElse,
...
});
return Ok(result);
}
}