I need to make restful calls to a specific area of my firebase database. The call needs to be made as an unauthenticated user, but I want to secure it using an API_KEY in the header to prevent bots from trawling the data. The database rules will make the data read-only to un-authenticated users. How can I only permit HTTP calls to read data using an API key in Firebase ?
I have found this section on Authentication requests but I need to make raw HTTP requests and cannot use the supported SDK methods in the examples provided.
What you're trying to do isn't possible. Realtime Database doesn't have dedicated API keys that can be controlled by security rules. Your database has one (legacy) private key that effectively gives the user full access to everything in the database. You're not supposed to use that any more.
The other form of authentication is the one you linked. You're going to need to perform OAuth2 authentication to get a token that belongs to a Google user account or a Firebase user account. You use that token in your raw HTTP requests.
There is no other way to specify any sort of special access to the database that can be controlled by security rules. Without using either of these above two methods, you are effectively bound to read only data that security rules have allowed as fully public.