I'm looking for the best practice to pass secure data from client side to server side.
For example, I have a client side authentication and sometimes I need to call private apis on the server side from the client side, but I need to make sure that user is authenticated/authorized to perform those calls on the server side, and right now only the browser knows if user is authenticated.
Thank you!
Are you using SSL? If you are then you can pass some kind of secret user identifier (or password) to the server. The server can perform a check to see that everything is ok and allow you to execute your calls to the private server apis.
SSL is secure sockets layer that performs end-to-end encryption using RSA. The end-to-end encryption ensures that any data sent is encrypted so you don't have to worry about sending a password over SSL like you would do if you weren't using it.
If your authentication is done by javascript without going to the server you are doing it wrong. Any browser code can be tampered with easily. You cannot trust code run in the browser. The best practice would be to send authentication down to the server and authenticate there. Based on that, you can do things like use a token to verify against the server, or even just send the credentials each time.
If you're worried about security when sending to the server, use SSL.