For manual API tests that need more functionality than swagger offeres (e.g. using unallowed methods or omitting required fields), httpie is a nice tool.
To get the CSRF-Tokens right, you have to adjust the arguments:
First call any valid endpoint that does not need CSRF validation (e.g. any other than POST or the login POST):
http --json --session /tmp/sess.tmp GET localhost:8000/api/auth/status/ |
In the response, you will receive the csrftoken as cookie. Append this to all following requests, it is valid for all following requests.
http --json --session /tmp/sess.tmp POST localhost:8000/api/auth/logout/ X-CSRFToken:pL02uEoGGysnujLCThOtMcjnrj8WHeLO |