Looking for the best way to build centralized authentication for multiple websites

Long story short, i have a couple of clients who wanted to manage some stuff on their website, all websites are build with nodejs.

I'v built a small CMS for those websites.

Keep in mind that none of my websites https, here is what i want to happen:

a client goes to my website and submits a form with his password and username
i http POST his credentials to his website
his website returns a json with OK 200 if the credentials are ok

questions:

Is this the best way to do it ?
what encryption method should i use?

node.js
authentication

No this is not the best way to do it. You should never authenticate through http, and you should definitely not do you own encryption between the server and the clients. Please consider using SSL. You can get a wildcard SSL certificate which supports subdomains and thus multiple websites, like: x.example.com y.example.com z.example.com

This is a recurring question, and the answer will always be to use established technologies and algorithms, instead of reinventing the wheel and possibly introducing security holes of your own.

Please see this article on javascript cryptography and why not to do it.

But when you have the website wrapped in SSL you can use the approach you explained and it will then be secure.