CSRF validation needed or not when using RESTful API?

Question

The following is written on the of the page of FOSRestBundle:

\"CSRF validation

When building a single application that should handle forms both via HTML for

Answer 1

CSRF token validation is not actually used for implementing RESTful Web Services, because it violates the initial principles of REST (REST is stateless, there is no client context, being saved on the server side). Instead one can check the Referer Header (it does not require a per-user state) and maybe some combination of custom header field and GET parameter. If your API is not public, then you should use an API-key based authentication or OAuth.