I have a Firestore DB and one user. I am able to retrieve an ID Token for the user after they sign-in via a request with REST.

I am to use the ID Token with requests to read/write from the DB.

I am able to read and write to the Firestore when the security rules are open (anyone can read/write) in this manner, with Python requests:

headers = {
    'Content-Type': 'application/json',
}

url = 'https://firestore.googleapis.com/v1beta1/projects/[PROJECT_NAME]/databases/(default)/documents/[COLLECTION]/[DOCUMENT]'

r = requests.get(url, headers=headers)

Writing is similar, and omitted.

Attempting to append the ID Token as indicated by these docs for Realtime Database gives the error message ""Invalid JSON payload received. Unknown name \"auth\""...

My question is how to authorise a user ID Token for Firestore via REST?

According to the Cloud Firestore REST API guide,

After you obtain either a Firebase ID token or a Google Identity OAuth 2.0 token, pass it to the Cloud Firestore endpoints as an Authorization header set to Bearer {YOUR_TOKEN}.

So your request should include the header

'Authorization': `Bearer ${YOUR_TOKEN}`