You should use OAuth 2.0 client credentials flow to secure REST APIs used in your web application.
There’s been some discussion in web development circles recently about whether RESTful (a.k.a Client MVC, a.k.a. Single page) web applications are a good idea. Or, more accurately, whether they’re a better idea than just serving up HTML from the server.
Brothers and Sisters, I’ve come here today to preach the word of the mighty RESTa as revealed to us by the Great Profit Fielding, blessed be his dissertation.