I would like to restrict client access to my restful node.js APIs. I'm about to create two different interfaces, an android app and a angular.js web app. All other third-party applications should not be authorize to use the APIs. I was thinking about something like Google Developers Code, registering a code for each authorized app, and storing/hiding somewhere/somehow in the app.
Ps. the restful server is under HTTPS and i'm not dealing with user authentication.
I'd look at using a framework such as Passport to implement an OAuth2 solution.