如何为移动应用程序创建API密钥系统

I'm programming an online database based app, but at least the authentification is missing! A friend of mine says I should use oauth, but I don't understand, why this is secure! If there is a hacker, he would see this key at all and could get in with his own request, wouldn't he?I'm programming an online database based app, b