I'm looking for the best practice to pass secure data from client side to server side.
For example, I have a client side authentication and sometimes I need to call private apis on the server side from the client side, but I need to make sure that user is authenticated/authorized to perform those calls on the server side, and right now only the browser knows if user is authenticated.
Thank you!
Are you using SSL? If you are then you can pass some kind of secret user identifier (or password) to the server. The server can perform a check to see that everything is ok and allow you to execute your calls to the private server apis.
SSL is secure sockets layer that performs end-to-end encryption using RSA. The end-to-end encryption ensures that any data sent is encrypted so you don't have to worry about sending a password over SSL like you would do if you weren't using it.