how do you include a csrf token when testing a POST endpoint in django?

Actually, django doesn't enforce (by default) csrf checking with tests, as per https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#testing:

The CsrfViewMiddleware will usually be a big hindrance to testing view functions, due to the need for the CSRF token which must be sent with every POST request. For this reason, Django’s HTTP client for tests has been modified to set a flag on requests which relaxes the middleware and the csrf_protect decorator so that they no longer rejects requests. In every other respect (e.g. sending cookies etc.), they behave the same.

If, for some reason, you want the test client to perform CSRF checks, you can create an instance of the test client that enforces CSRF checks:

from django.test import Client

csrf_client = Client(enforce_csrf_checks=True)

However, this does require you to be using the Django Client vs requests; as far as I know, Django doesn't mock/instrument/etc. requests... so you're actually hitting the real server when you run that unit test.

Also note that you should name your test functions something that starts with test_

So something like this (when run through django manage.py test .ProjectEndpoint)

def test_post_endpoint(self):   data = {'hello':'23'}   c = Client() #above, from django.test import TestCase,Client   #optional, but may be necessary for your configuration: c.login("username","password")   response = c.post('/api/project',params=data)   self.assertEqual(response.status_code, 200)