Before we go on creating an actual RESTful API, let's address the elephant in the room: how to make an HTTP endpoint sufficiently secure in Node.js ?
I say sufficiently because, the topic of security is broad and constantly evolves. This article is a response to other Node.js articles I've seen that contain security mistakes. It may not be perfect, either, but is hopefully a good evolution on the topic.
Check the full article.