ASP.NET

Three questions about building a multi-platform service?

Good time,
I think that many will be interested to know the answers.
initial data : some functionality is provided to the user on different platforms, i.e. there is a website, there is a desktop application, there is a mobile application. Well, for example, trite: TODO list. Somewhere the functionality is duplicated, i.e. you can add a task to your schedule from your phone, or go to the site, or from the desktop version. Some features are only on one platform. It is clear that since the data must be merged into one place, synchronized, there is a server with the rest API behind all this.
What I do : I take ASP.net 5 (well, i.e. Core 1), I make a site on MVC 6 there, I put it all in Azure. I'll probably write a mobile phone on Cordova, desktop - on WPF.
Question #1: Should WebAPI (which will be pulled by all platforms, including the site) be made a separate project? Why can't you just make a couple of separate controllers for rest calls in the same MVC site that will give json?
Question #2: how to make a single authorization? I understand how rest works, and that tokens are usually used, I don’t want to pile up the wheel, for sure in ASP.net all this somehow works out of the box, i.e. a person registers on the site,
a request to WebAPI (if this is a separate project) - apparently, we take a token from the current authorized user.
request from Desktop - once we ask for a login and password, send it to WebAPI, get a token and store it on a computer? (Is this all cycling?)
Well, apparently also a mobile phone. How to do it all out of the box, beautifully?
Question #3: according to the schedule it is necessary to send mail. Do I understand correctly that a schedule is configured in Azure, which pulls some rest in my WebAPI (by the way, which one? post?), And he sends mail? There is also an issue with authorization, Azure allows you to choose either a client certificate or set a login / password.
thank!