Do you need to protect from CSRF in the API?

Hello, I'm making an API in nodeJs using restify plugin for authorization using JWT. And I have a question whether to defend against such an attack in an API?
June 10th 19 at 14:57
3 answers
June 10th 19 at 14:59
No issued the jwt token already performs this function
He for a long period of time is the same option that it will be stolen, and fills in the answer may be? - Izaiah32 commented on June 10th 19 at 15:02
maybe, but there really is no easy way out, but at least chase token over ssl, bind to the device (if it fits our project), tie the token to the address (again, if it suits us). - Wava_Berni commented on June 10th 19 at 15:05
June 10th 19 at 15:01
No.
CSRF, as the name implies Cross Site Request Forgery, we need only to check the access site (from the browser) and protection from bots.
API, as the name implies Application Programming Interface, on the contrary, is intended for bots.
June 10th 19 at 15:03
To control sources of access to use CORS

Find more questions by tags RESTful APICSRFAPINode.js