I have a Node JS server and a SPA Application build with JavaScript, CSS and HTML (Angular JS). It will be really easy to learn how everything is done on the client, because all the scripts are sent to the client, and everyone would be able to build his own client. Is there a way to make the server use only my client. Is there a way to authorize the clients?
At best you can ensure that once the client has your data, by generating a CSRF token and making sure client requests send that token back, so you can verify incoming "not the initial data" requests are properly signed.
You cannot reliably know whether a client is really running your app: using cURL it is way too easy to pretend to be any and all OS/browser/client/framework combinations.