When it comes to API development, there is often a need to protect certain endpoints or rate-limit the API in general. Because you are working with endpoints from clients possibly on a different domain, you can't authenticate users with sessions and cookies. It would also be a bad idea to pass around a username and password with each request. Typically endpoints are protected with tokens that are passed with each request and these tokens are often JSON Web Tokens (JWT) that work very well.
We're going to see how to create a very simple API using Node.js with protected endpoints that require a valid JWT in order for requests to succeed.