Most commonly used in json https networking transfer is asymmetric cryptography.
You have a public key inside of your project which encrypts your data communication
You have a private key on your server decrypts the message from your project do all kinds of security checks.
in short therms Public_Key_Encryption(YOUR_MESSAGE) -> HTTPS_SERVER -> Private_Key_Decryption(YOUR_ENCRYPTED_MESSAGE)
It wouldn’t matter if they get there hands on the public key in this approach, you would need the private key to decrypt the message, but it also all depends on your server security checks to make it save.
Similar approach would be OAUTH2 or OAUTH1.0 wich is commonly used in (outside source communication) on social platforms for either apps, games, ect.
If your worried about people changing values or data, always compare your values, stats, level, exp, user data with the server, this prevents something like cheat engine.
Your never 100% safe but you can make it as difficult as possible.