Javascript Developer
JWT's are definitely the way to go. I do recommend that developers work out how to implement them without a third-party service, though. Auth0 is great, but it's so expensive if you want to use it beyond a little hobby project. It's surprisingly easy to use the jsonwebtokens package to create your own implementations.
Olohundare kayode
To make sure your app doesnt get abused, You could also have a rate limiter that limit how many request a user can per hour. Here is a lib that solves that for you
npmjs.com/package/express-redis-limit-req