authentication in own mobile app

Question

About to open up a public api with OAuth access, no problem with that. Main site uses the api but with basic authentication instead (restricted for our internal ip range)

Answer 1

I think you will find your answer in this document, and particular paragraph: http://tools.ietf.org/html/draft-ietf-oauth-v2-threatmodel-07#section-5.2.3.4