secure communication with the server - rational solution

secure communication with the server - rational solution

I am currently facing problem with secure server communication. I am a
mobile developer and I try to design REST (JSON output). To understand the
problem let me show you a flow in my application:
First user login to the application
Then may download some personal information
When user moves in application i want to communicate with a server all the
time.
So i figure that login & password will be send throught SSL (right? wrong?
this is Question number one, maybe i should choose OAuth?), but then what?
I receive login & password, store it into my Keychain, and any other
services should be open for all users? I think this SSL in first request
gime only semblance of security, not a real security.
Let me show you my REST so far:
Login:
request:
https://mywebsiteforrest.com/getin
And there i put in header username=root&password=pass
response:
{
"status":100, /*This status tell me that everything is OK */
"userKey":"432fdsf732fds7fstsw87frd7s5fd",
"timestamp":1378651048,
"userId: 342
}
Later requests:
request:
https://mywebsiteforrest.com/getmydata
And there i put in header userId=342&key=432fdsf732fds7fstsw87frd7s5fd
Or maybe i should ask for it that way:
https://mywebsiteforrest.com/getmydata/342&key=432fdsf732fds7fstsw87frd7s5fd
?
I am looking for advice is that secure or it is (like i said before)
semblance of security. I know you hate that question, but - what is right
way for doing that?