Such secure leaderboards are possible only under very limited circumstances:
- you have complete control over the client hardware and can use Trusted Computing techniques to attest that the score was earned correctly; or
- the authoritative game state is stored on your servers and not on the client; or
- the score is structured using such (mathematical) techniques that the score can be verified independently
These are infeasible for most games.
Note that some DRM approaches use Trusted Computing techniques, that internet-connected gaming makes it easier to detect cheating, and that blockchains are an example of independently verifiable data structures.
Instead of creating the perfect system, most leaderboards will just try to make cheating sufficiently difficult. For example, embedding API keys into the application is not a secure access control mechanism – but it is a small hurdle that might discourage some cheaters. Other DRM techniques try to ensure the integrity of the running software. But even if your game ran on your own servers and was therefore immune to manipulation, there's the issue as to whether the user input is generated by a human or e.g. an aimbot. Here, statistical techniques for anomaly detection might help. Recording a replayable event stream of the game doesn't prevent cheating, but makes it possible to investigate possible fraud.
The question for you is: how important is this leaderboard? Do you need to support offline play? What platforms are you targeting? There's a lot you can do to make cheating difficult, it just may not be worth the effort.