I need secure Restfull services in the provider. I want that the user must have the authorization for use the REST service and I can generate use stadistic or simply dont allow call the REST services if isn´t a register developer.

I have been thinking about that the user send the email and password in the URL (http://autor.derf.com/api/search/email?=dsdfd@gmail.com&passwd=dasffsdf;) but isnt very safe.

Also I have read about oauth 2.0 but the documentation is very very bad for Java.

Are there any other way to have an RESTful api with authorization?

I want a Restfull API access by Iphone, Android, Windows Phone and web

Thanks in advance ;)

If you plan to write all the clients for the service yourself (iPhone, android etc) then sending email and password is a decent alternative, as long as the provider communicates over a secure transport layer (e.g SSL/HTTPS).

You can always add support for OAuth 1 or 2 later if you feel that you want to make your APIs public. (The whole idea with OAUth is to protect user's passwords, and also to get a more fine grained control over which APIs a client can use, and for how long).

But, in your case I would at least consider using basic authentication, in which a typical HTTP request looks somewhat like this:

GET /path/to/api HTTP/1.1
Host: www.example.com
Authorization: Basic aHR0cHdhdGNoOmY=

The hash after "Basic" is simply base64 encoded "username:password", or in your case "email:password". If anyone intercepts it, it is easy to simply un-encode to get the plain text user credentials. So HTTPS is a must.

» More information on basic authentication at wikipedia.