serverside user validation

When the user  performs some api call (rest / socket.io) from the page to my server i need to check the user is properly logged in. This check must be done on the server side before taking any action, otherwise a malicious user could try to use the apis directly. What is the best way to do this ? Thx