api - How can I disable Django's csrf protection only in certain cases? -

i'm trying write site in django api urls same user-facing urls. i'm having trouble pages use post requests , csrf protection. example, if have page /foo/add want able send post requests in 2 ways:

1. as end user (authenticated using session cookie) submitting form. requires csrf protection.
2. as api client (authenticated using http request header). fail if csrf protection enabled.

i have found various ways of disabling csrf, such @csrf_exempt, these disable entire view. there way of enabling/disabling @ more fine-grained level? or going have implement own csrf protection scratch?

there section of django's csrf protection documentation titled view needs protection 1 path describes solution. idea use @csrf_exempt on whole view, when api client header not present or invalid, call function annotated @csrf_protect.