Deploy django restframeworkapi on server

i want to set post req to my api application. in postman when I send the post in the object program, it returns the following text as a response and the data is not saved in the database.

i got in browser:

Employee List

POST /employees/

HTTP 403 Forbidden
Content-Type: application/json
Vary: Accept

    "detail": "CSRF Failed: CSRF token missing or incorrect."

but i got different error in postman:

Server Error (500)

is set:

DEBUG = False

in But the problem is still not solved and the error remains.

What should I do to fix this error?

from django.shortcuts import render

# Create your views here.

from django.http import HttpResponse
from django.shortcuts import get_object_or_404
from rest_framework.views import APIView
from rest_framework.response import Response
from rest_framework import status
from . models import employees
from . serializers import employeeSerializer

class employeeList(APIView):
    def get(self, request):
        employees1 = employees.objects.all()
        serializer = employeeSerializer(employees1, many=True)
        return Response(
    def post(self):

from django.db import models

# Create your models here.

class employees(models.Model):

    def __str__(self) -> str:
        return self.firstName

Definition of urls for UpmenuDjango.

from datetime import datetime
from django.urls import path
from django.contrib import admin
from django.contrib.auth.views import LoginView, LogoutView

# from app import forms, views
from rest_framework.urlpatterns import format_suffix_patterns
from webapp import views

urlpatterns = [
    # path('', views.home, name='home'),
    # path('contact/',, name='contact'),
    # path('about/', views.about, name='about'),
    # path('login/',
    #     LoginView.as_view
    #     (
    #         template_name='app/login.html',
    #         authentication_form=forms.BootstrapAuthenticationForm,
    #         extra_context=
    #         {
    #             'title': 'Log in',
    #             'year' :,
    #         }
    #     ),
    #     name='login'),
    # path('logout/', LogoutView.as_view(next_page='/'), name='logout'),
    path("employees/", views.employeeList.as_view()),

Add @csrf_exempt to your request while testing.

Note: this is not good to do in production, but it helps while using Postman.

To not enforce csrf protection, wrap your route with csrf_exempt().

from django.views.decorators.csrf import csrf_exempt
path("employees/", csrf_exempt(views.employeeList.as_view())),

More information can be found here.

Your 500 error can be due to the fact that you only pass in your post request, try returning return Response(status=200).

class employeeList(APIView):
    def post(self):
        return Response(status=200)

That one is tricky.

I hope I do not mess up here, but you are probably using some SessionAuthenticaion in your AUTHENTICATION_BACKENDS. This backend uses CSRF protextion. I ran into this failure at least once :)

To offer a quickfix you can simply add authentication_classes = () to your APIView like this

class employeeList(APIView):
    authentication_classes = ()

    def get(self, request):
        employees1 = employees.objects.all()
        serializer = employeeSerializer(employees1, many=True)
        return Response(
    def post(self):

If the problem still persists please check DEFAULT_AUTHENTICATION_CLASSES and if SessionAuthentication is part of it, remove it. To check it you can quickly use:

from rest_framework.settings import api_settings


I finally found the answer to this problem! i changed these lines and solved my problem.


path("employees/", csrf_exempt(views.employeeList.as_view()))

DEBUG = True


def post(self, request):
Back to Top