OAuth is intended to manage access to your REST API by third party applications. E.g. some other company develops an app that will consume your API. And you do not want your customers to provide password to these services to third-party. In this case OAuth is the solution. If there is no third party applications then no OAuth is required.
If you have single service and just your apps consuming it then you do not need to implement any OAuth. You need to create usual user/password login (and probably right check) mechanism.
Using HTTPS is enough to secure end-points interaction. If you want to secure store content on mobile app or some other REST consumers then you will have to encrypt it before saving.
UPDATE: If you want to protect "end-point", then 3-legged OAuth is the solution. 2-legged solution will require to install third-party app + your OAuth app (or lib) to the user device. Otherwise user might be fakened by similar UI and just give some third-party user and password.
- 2- and 3- legged OAuth comparison
- If your REST API service is java-based the best solution is to twitter OAuth library.
- The best java OAuth consumer lib (I found and use) is Scribe