When you are using SessionAuthentication, you are using Django’s authentication which usually requires CSRF to be checked. Django REST Framework enforces this, only for
SessionAuthentication, so you must pass the CSRF token in the
The Django documentation provides more information on retrieving the CSRF token using jQuery and sending it in requests. The CSRF token is saved as a cookie called
csrftoken that you can retrieve from a HTTP response, which varies depending on the language that is being used.