In general, when you put something online, it is not secure anymore. Virtually anything can be hacked. What can you do in this case? Well, if you are not a billionaire who can afford huge investments in human resources and security software and hardware, all that you can do is try to make the attackers' life a bit rough and always monitor your stuff.
There are hundreds of books about security and securing an API. We will try to implement a few basic security methods that can help you avoid a disaster.
So what are these methods? Here is a list:
POST, for authenticated users