rest.csrftoken:
path: '/rest/session/token'
defaults:
_controller: '\Drupal\rest\RequestHandler::csrfToken'
requirements:
_access: 'TRUE'
route_callbacks:
- '\Drupal\rest\Routing\ResourceRoutes::routes'