Roel
Last year I built a sample OAuth2 secured API for the WebOrder sample, so this can be done.
I am not totally happy with it, but it does work.
The downside is that it is complicated if you want to go "the whole hog".
First you have to add in to your API authentication based on a "Bearer" token passed in the HTTP Authorization header.
Then you have to provide an authentication and authorization end-point which will validate the user and potentially allow them to restrict authorization to a limited sub-set of the API. That function should return a token to the calling application.
Finally, if you are going to open things up to 3rd party developers (and why else would you need OAuth2?), you need to provide a site where they can register as developers for your API, then register applications for it (each of which should be given an ClientID and SecretKey).
I could go on in detail, but you can see a sample client running at: http://test.unicorninterglobal.com/W...ent/Index.html. The API is nothing like as sophisticated as where I am currently at using the cJsonObjects and cWebHttpHandler (new in 19.1), but it will give you an idea.
See: https://support.dataaccess.com/Forum...ESTful-service for more detail.
Mike
PS - if you want more on this, don't hesitate to get in touch: here or mpeat at unicorninterglobal dot com.