http://msdn.microsoft.com/en-us/library/office/dn567558%28v=office.15%29.aspx
the OData formats support communication with anonymous web services as well as with those protected by various types of authentication. In short, you have full control over the request and response for each service call. This allows you to use a series of activities within a workflow to first authenticate using one service and obtain an OAuth token, and then include that token in future requests to services secured using the OAuth 2.0 protocol.
http://blogs.msdn.com/b/kaevans/archive/2009/03/10/calling-sharepoint-lists-web-service-using-wcf.aspx
<?xml version="1.0" encoding="utf-8" ?>
2: <configuration>
3: <system.serviceModel>
4: <bindings>
5: <basicHttpBinding>
6: <binding name="ListsSoap">
7: <security mode="TransportCredentialOnly">
8: <transport clientCredentialType="Ntlm" />
9: </security>
10: </binding>
11: </basicHttpBinding>
12: </bindings>
13: <client>
14: <endpoint
15: address="http://sharepoint/sites/HSC/_vti_bin/lists.asmx"
16: binding="basicHttpBinding"
17: bindingConfiguration="ListsSoap"
18: contract="ServiceReference1.ListsSoap"
19: name="ListsSoap" />
20: </client>
21: </system.serviceModel>
22: </configuration>
http://www.tonytestasworld.com/post/2009/06/04/How-To-Authenticate-and-Use-SharePoint-Web-Services-in-an-FBA-SharePoint-site.aspx
- Marked as answer by Wendy DZMicrosoft contingent staff, Moderator Monday, June 16, 2014 1:12 AM
But then if the goal is security, you're just passing around the token in plaintext. Anybody reading HTTP headers can grab this token and make requests on your behalf.
The security provided by OAuth2 is undermined without HTTPS.
It might help you to understand working of Call Http service
https://zareensoomro.wordpress.com/2015/07/02/get-items-from-sharepoint-list-using-call-http-web-service-action-sharepoint-designer-2013/