Skip to main content


The easiest way to maintain user state is to use the Session Authentication. This works out of the box with Django-Ninja and requires very little configuration from your end.


The csrf=True kwarg has to be passed in to allow Django Ninja to pass CSRF cookies for validation. You will have to provide your own endpoint to get a CSRF cookie from Ninja.
from import django_auth
from dj_ninja_auth.controller import NinjaAuthDefaultController

api = NinjaExtraAPI(auth=[django_auth], csrf=True)

CSRF Endpoint

The following is a barebones CSRF endpoint that you can provide to get the cookie. You can place it in a separate app called csrf as below.

from django.http import HttpResponse
from django.views.decorators.csrf import csrf_exempt, ensure_csrf_cookie
from ninja.router import Router

router = Router()

@router.get("/csrf", auth=None)
def csrf(request):
return HttpResponse()