How can I create a secure API using Node.js

[hkventrue]

To secure that API I have thought it's better to assign an API key to every user, but a question stuck to my mind that may be sometime a malicious user get API key of other user and he can use that API.

So how can I secure my API from hackers?