Take a look at Hands On Mobile API Security: Get Rid of Client Secrets. It focuses on API keys usage and adds in a proxy server which is a good practice when multiple APIs are called form the same app. The full example is at github — https://github.com/approov/hands-on-api-proxy.
OAuth2 is not used in that example, but it could be added without interfering with the existing app authentication code. Look at Mobile API Security Techniques, Part 2 for some additional background.

View at Medium.com