I'm trying to insert a new record in a Firebase Cloud Firestore database via its REST API and curl.
Reading from the database is working as expected since the operation is public. Create operation is not listed in the database rules and it is performed only server side, but I'm unable to do it using only the project API KEY.
Take for example the following curl request:
curl --header "Content-Type: application/json" \
--request POST \
--data '{"fields":{"myField": {"stringValue": "test"}}}' \
https://firestore.googleapis.com/v1/projects/**MY_PROJECT**/databases/\(default\)/documents/**MY_COLLECTION**?key=**MY_KEY**
The above request returns "403: Missing or insufficient permissions.". The provided api key is fetched from the Firebase project's settings -> Web API key.
Am I missing something or authentication via only API keys is not possible?
p.s. I forgot to mention that the API KEY is unrestricted in the GCP dashboard.