As the popularity of cloud computing increases, cloud services can provide rich functionality by means of standardized APIs based on open technology. More and more web services offer APIs for application developers to use. APIs act as the intermediate between application developers and web services. The security of cloud computing depends largely on the management of APIs. Hence a strong API access control model is required. In this paper, we design and implement an API access control mechanism based on OAuth which simplifies its process flow under different application scenarios. We also show how access control mechanism can be realized as REST-style web services.