In Monero, a recipient has two Ed25519 key pairs: a (private, public) view key pair $(a,A)$ and a (private, public) spend key pair $(b,B)$. The private view key $a$ is commonly known as the "view key".
Transactions contain "outputs", which describe amounts of cryptocurrency destined for recipients of a transaction. A transaction may have more than one output, with each output destined for a different recipient.
Recipients need to scan all transactions in the blockchain to see if any transactions have outputs destined for them. Each output in a transaction has its own public key, which is calculated by the sender as $P=H(rA)G+B$, where $H$ is a function that hashes an input to produce a scalar value, $G$ is a well-known base point on the Ed25519 curve, and $r$ is a "transaction private key" unique to that transaction. A corresponding transaction public key $R$ is published as part of the transaction. The transaction private key $r$ is only known to the sender.
A recipient scanning for transactions will look at the transaction public key $R$ and calculate for themselves what an output would look like if it was destined for them, using the calculation $P'=H(aR)G+B$. If there is a match and $P\overset{?}{=} P'$, the recipient knows that this output must have been created for their public view and spend keys, and not for someone else's. Note that $P$ was calculated using $rA$, and $P'$ was calculated using $aR$. This is called an elliptic curve Diffie-Hellman exchange (ECDH). It means that $aR==rA$, and this will be a shared secret that will only be known to the sender and the recipient. Even though the values $A$ and $R$ may be publicly known, this transaction shared secret will only be known to the sender and recipient.
At this stage, a recipient knows an output is destined for them. This transaction shared secret is used by the sender to encrypt the amount of the output (using simple XOR symmetric encryption with a hash of the transaction shared secret), so that only the recipient (or holder of the private view key $a$) can decrypt it.
Prior outputs must have been spent in order for new outputs to be created for the recipient of this transaction. Ring signatures are used so that the recipient cannot know which outputs on the blockchain were authorized to be spent.
Note that scanning for transactions and decrypting the amounts of outputs required knowledge of the view key $a$, but required no knowledge of the private spend key $b$.
Only when it is time to spend an output is the private spend key required. This is because, according to EC math, the private key for an output $H(aR)G+B$ is $H(aR)+b$, where $b$ is the private spend key. Outputs can only be spent by providing a signature for the output, which requires knowledge of $b$.
Therefore, the recipient can share their private key view $a$ with others, to allow others to monitor transactions. However, the recipient does not need to fear that their funds can be stolen, because only the recipient knows their private spend key $b$.
If you would like to know more about the specifics of Monero transactions, see Zero to Monero.
