* refactor(api): csrf token on the new REST API * improve OpenAPI spec description * fix test * remove public role like has default for all tests * fix test