...
The Shared API Team's evolving views on API Authentication and Authorization issues can be found on this page.
The Framework document contains the following statement: "All REST API calls MUST take place over HTTPS. Defined mechanisms MUST be in place to establish trust in the underlying keys."
Proposal From Discussion on 16 Apr 2014 Call
...