Using REST APIs and OAuth, how much is it insecure to send data without an HTTPS connection?

I would like to implement REST APIs with the OAuth protocol for my web service. However I noticed that you must send data开发者_运维知识库s over the internet that give the correct permissions to users.

The question that arose spontaneously is: how much is it insecure to send data without an HTTPS connection?

Any data not sent over https is ripe for being collected by some third party router between the web server and the end client.

Incidentally, you can use HTTPS with RESTful services.

Using OAuth 1.0 or 1.1 without HTTPS may well be insecure (although it was made to be used this way because of extra precautions taken when getting tokens and authorisation), but using OAuth 2.0 (the one used by facebook and most stuff now-adays) if totally insecure and actually goes against the specification for OAuth 2.0

It should be used and accessed over a HTTPS connection.