Microservice Communication - department-of-veterans-affairs/abd-vro GitHub Wiki
When should you use CSRF protection?
Our recommendation is to use CSRF protection for any request that could be processed by a browser by normal users. If you are only creating a service that is used by non-browser clients, you will likely want to disable CSRF protection.