For manual API tests that need more functionality than swagger offeres (e.g. using unallowed methods or omitting required fields), httpie is a nice tool.
To get the CSRF-Tokens right, you have to adjust the arguments:
First call any valid endpoint that does not need CSRF validation (e.g. any other than POST or the login POST):
In the response, you will receive the csrftoken as cookie. Append this to all following requests, it is valid for all following requests.