I'm developing a RESTful API for my app on GAE python and right now I'm trying to figure out the best way to secure this API. I have my own member/authentication mechanism on this app.
what is the best way to do this?
First, discard HTTP Auth. It is not recommended in a true REST API since it resides on cookies.
I would go with OAuth. There's a library called appengine_oauth_provider, which could helps you to start implementing your own provider.