If you authenticate your clients with Oauth2 I think you will need underscore for at least two of your parameter names:
I have used camelCase in my (not yet published) REST API. While writing the API documentation I have been thinking of changing everything to snake_case so I don't have to explain why the Oauth params are snake_case while other params are not.
See: https://tools.ietf.org/html/rfc6749
