Drupal7 REST webservices API KEY vs OAUTH two-legged authentication for clientside JS consumer library

Question

I'm working on an Drupal7 API, using REST services, and consumer JS library (no server code). I'm not trying to authenticate/authorize the end-users, only to identify and allow access to the 'application' using an API KEY.

The goal is to have the 'developers' create an account, request an API KEY, register domains for this api key, and use this key to 'identify' their application to the Drupal7 API. This is pretty much the same API-KEY model that Google Maps is using in v2.

I've looked into OAUTH 2legged approach, which would have been great if my client library was running on the server side, so the secret key wouldn't be exposed, but in our case, the library is JS only (client side), and it doesn't seem a good idea to expose the secret key.

Am i missing something about OAUTH that will allow this? Any pointers will be welcome.

Thanks!