I have a few REST APIs for an iPhone app. It has a login and session management functionality. Currently the session has been tracked by a token set during login.
Are REST services affected by CSRF attacks? Is it necessary to implement CSRF token along with my application? We believe in enhanced security. I just wanted to know whether adding a CSRF token has anything to do with the API security.
