A good discussion on how to handle login/signup through a web app in Eve https://github.com/nicolaiarocci/eve/issues/74
Accessing database items directly: http://stackoverflow.com/questions/22191816/submit-request-post-internally-in-python-eve
Securing a web service: http://stackoverflow.com/questions/6302341/web-services-api-keys-and-ajax-securing-the-key
The consensus seems to be that securing access to an API through pure Javascript is impossible. The only solution is to proxy requests through a server that will wrap the request with the proper authentication and then send it to the API. Anything outside of that scheme is open to attack.
Securing my REST API with OAuth: http://stackoverflow.com/questions/4574868/securing-my-rest-api-with-oauth-while-still-allowing-authentication-via-third-pa#4600736