Cannot figure out the correct sequence of Firestore REST API calls to update documents using transactions

Question

I can't figure out the correct call sequence to update a document inside a transaction. I'm using the firebase v1beta1 REST APIs. I'm using the following sequence:

1. call 'beginTransaction', to create a ReadWrite transaction
2. call 'get' for the document of interest, passing the transaction from 1 in
3. call 'commit', writing document updates within the commit

It's failing when beginning a ReadWrite transaction. I'm getting a "Missing or insufficient permissions." error. Note that the db is in test mode, (with all reads and writes open, just for this test) so I don't believe it's a permission error.

• I've looked through the firebase docs and there are transaction examples for all other clients, except the REST one. So I've just come up with the sequence above from reading the REST API reference docs

• I've checked that database is in test mode, with all reads and writes open. It is. I can create, update or delete collections in the db, using the createDocument, delete and update REST APIs

• I've used the google api explorer to ensure I have the correct request structures https://developers.google.com. - then search for the API to use firestore.projects.databases.documents.{api you want}

• I've tried calling beginTransaction to successfully create a readonly transaction, which works fine.

(the security rules for the db)

service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write;
    }
  }
}

• I've tried calling beginTransaction to successfully create a readonly transaction, which works fine.

(This returns a transaction)

POST https://firestore.googleapis.com/v1beta1/projects/foo-bR-12345/databases/(default)/documents:beginTransaction
 {
 "options": {
  "readOnly": {
  }
 }
}

(this does not)

POST https://firestore.googleapis.com/v1beta1/projects/foo-bar-12345/databases/(default)/documents:beginTransaction
{
 "options": {
  "readWrite": {
  }
 }
}

This is the error I get when beginning a ReadWrite transaction. I know it looks like a security rules issue, but the db is completely open if you know the url.

{
    "error": {
        "code": 403,
        "message": "Missing or insufficient permissions.",
        "status": "PERMISSION_DENIED"
    }
}

The other thing I tried, to see if I had the call sequence correct was

1) begin a ReadOnly transaction (works)

2) call get on a document, passing the transaction in (works)

3) call commit, updating the document. This call fails - with the error

{
 "error": {
  "code": 400,
  "message": "Cannot modify entities in a read-only transaction.",
  "status": "INVALID_ARGUMENT"
 }
}

that's what I would expect, given it's a readonly transaction

Answer 1

(thanks to Juan Lara) The correct sequence is 1. beginTransaction (ensuring I'm authenticated)
2. getDocument (passing in readWrite transaction from 1) 3. commit (passing in the transaction and including any updates)

commit, can be also used without a txn, to perform a series of automic updates