My api has this routes defined:
GET test.com/api/v1/users
POST test.com/api/v1/users
PUT test.com/api/v1/users/{id}
GET test.com/api/v1/users/{id}
DELETE test.com/api/v1/users/{id}
Also, i'm using OAuth2 Password authentication so these resources are only available once authenticated.
My point is.. keeping RESTFULL API principles, how should I aproach limiting PUT AND DELETE methods to the actual resource owner?
Basically I don't want anybody except the owner to be able to edit his information.
You have implemented the authentication part of your system, meaning your application knows who the users are. Now you need to devise an authorization sub-system, meaning what your users have access to.
As your question is tagged PHP and Laravel, a quick Google search for laravel authorization brings results such as this:
https://github.com/machuga/authority-l4
or
http://laravel.io/forum/02-03-2014-authority-controller-authorization-library-cancan-port
This should be a good starting point.
This is usually solved by appending a custom header, with a secret message, identifying the request as valid. I do not have any source on this I'm afraid.
Usually headers beginning with an X - discarding them from being parsed by other parties. X-Your-Secret for example.