How can I can edit public Feature-Layer BUT with authorised request ONLY?

Hello,

I have a public Feature-Layer. My intention is to:

1. Update my layer automatically using with Firebase Cloud-Functions (written in node.js)
2. Keep sharing my layer publicly
3. But keep my layer non-editable for unauthorised users
4. I wish to use my API-Key for authentication (but alternatively can use OAuth 2.0 Credentials)
5. I don't care which method specifically: Append/Upsert, applyEdits, Update Feature etc...
6. I don't care if I use Arc-GIS REST API or JS etc...

My problem: If I edit my feature definition to "capabilities" : "Create, Update, Delete"as mentioned here, then any unauthorised user can edit my layer, while if I don't, I get:

[ 'This operation is not supported.', 'Unable to add the features.', 'This operation is not supported.' ]

Authentication is declered in the documentation.

My example code:

require("cross-fetch/polyfill");
require("isomorphic-form-data");
const featureLayer = require('@esri/arcgis-rest-feature-layer');
const auth = require('@esri/arcgis-rest-auth');

const session = new auth.ApplicationSession({
  clientId: "Some clientId",
  clientSecret: "Some clientSecret"
})
const apiKey = new auth.ApiKey({key: 'Some API Key'});

featureLayer.applyEdits({
    url: "https://services3.arcgis.com/someID/arcgis/rest/services/someNAME/FeatureServer/0",
    adds: [{
      geometry: { x: 120, y: 45 },
      attributes: { indexCity: "alive" }
    }],
    authentication: session // or alternativly: "apiKey"
  })
    .then(response => {
      console.log(response)
    })
    .catch(err => console.log(err.response.error.details));

How can I keep my Feature-Layer public viewed but editable by me only?