OAuth is fast becoming the most widely recognized standard for access control with REST and Web APIs.
And OAuth 2.0 -- the latest version of the protocol -- is impressively rich, with many grant types addressing many use cases (two-legged, three-legged, with or without redirection etc).
These Tutorials provide practical instructions on using OAuth with Layer 7's SecureSpan and CloudSpan Gateways.
Layer 7's OAuth 2.0 template implementation provides a standard-compliant OAuth solution to which you integrate your API, identity providers, API keys and so forth.
The Layer 7 OAuth Toolkit also includes client applications for testing each grant type defined by the specification.
This is very similar to what Google provides with the Google OAuth Playground. You can test the OAuth handshake and test calling an API using the access token provided by the handshake. You can also test token revocation and token refresh.