Is there a secure way to perform an API request from clientside script?

have a scenario where my apigateway is going to be made secure, which is the entry to access all micro services. Right now we use these APIs for web based apps by making server side calls(using C#). we are going to make the APIs public, where mobile apps, other web apps or other services can request them to consume the data. Is there a secure way to perform API request from client side script like javascript? As far as i have come across, it is quite impossible. Expecting some good suggestions. Any further discussion is warmly welcomed. What I have come across: 1.I have read across few articles mentioning use of proxy servers in between client and API server. 2.Hashing combination of informations and passing in headers. 3.Storing information in cookies.

thanks for your response.

We know Sitefinity supports WIF (claims based authN).All those links provide information that Sitefinity supports WIF. I wanna know whether it supports SAML 2.0.Can someone provide more information so that it will helpful for us to decide.

We know Sitefinity supports WIF (claims based authN).All those links provide information that Sitefinity supports WIF. I wanna know whether it supports SAML 2.0.

We have developed a SSO(an Identity Provider) with SAML 2.0. I just wanna know whether Sitefinity gives support for SAML protocols ?Can we have or build a SAML SP from sitefinity? Suggestion on this will be very helpful for us.