exempt publishing api from csrf