In the past ten years Web Services have positioned themselves to be one of the leadingdistributed technologies. The technology, supported by major IT companies, offersspecifications to many challenges in a distributed environment like strong interface andmessage contacts, service discovery, reliable message exchange and advanced securitymechanisms. On the other hand, all these specifications have made Web Services verycomplex and the industry is struggling to implement those in a standardized manner.REST based services, also known as RESTful services, are based on pure HTTP andhave risen as competitors to Web Services, mainly because of their simplicity. Now they arebeing adopted by the majority of the big industry corporations including Microsoft, Yahooand Google, who have deprecated or passed on Web Services in favor of RESTful services.However, RESTful services have been criticized for lacking functionality offered by WebServices, especially message-level security. Since security is an important functionality whichmay tip the scale in a negative direction for REST based services, this thesis proposes aprototype solution for message-level security for RESTful services. The solution is for themost part technical and utilizes well-known, cross-platform mechanisms which are composedtogether while a smaller part of the solution discusses a non-technical approach regarding thetoken distribution. During the development of the prototype, much of the focus was to adaptthe solution according to the REST principals and guidelines, such are multi-format support(XML or JSON) and light-weight, human readable messages.