rest.csrftoken:
  path: '/rest/session/token'
  defaults:
    _controller: '\Drupal\rest\RequestHandler::csrfToken'
  requirements:
    _access: 'TRUE'

route_callbacks:
  -  '\Drupal\rest\Routing\ResourceRoutes::routes'