I have to send value with request to check it from Firestore rules , like (Recaptcha to avoid spam) or origin (protect my own firebase api) ! is there any way to do that ?
There is no way to pass custom parameters into the Firestore rules. The most common workaround is to pass information as part of the path, although it's definitely kludgy at times.
The best approach for preventing spam is to require your users to log in, and then limit what they can do based on knowing who they are, and knowing what they've done in the past. For example, most apps limit the places users can write to based on their identity, and many apps have a sort-of leveling system where users gradually get more permission as they've been using (and not abusing) the app longer.