At the moment I'm building a SPA where I (ofcourse) need authentication to my api.

The most common way to do this is through sessions with cookies, but this might get ugly on mobile platforms later on.

Another way to authenticate is by using tokens. The link below show a complete way to create a Node app with token authentication and an AngularJS front-end.

http://blog.auth0.com/2014/01/07/angularjs-authentication-with-cookies-vs-token/