Http request flow function to firestore

Has anyone got this including authorization:

To work with the http request flow function?
Screenshot 2021-06-30 at 10.29.31
is it safe for me to assume the http request header from data configuration is the same as the header section for http flow function like so?
Screenshot 2021-06-30 at 10.30.24

to get http patch request to work for Firestore I have created a separate security setting for update configured to this…

not sure how totally secure it would be but hopefully the other security settings for create, delete and read would secure it a little bit to allow update requests to have none.

Not totally comfortable with this but if anyone has successfully done a PATCH request with security please let me know!