You need a token from the /api/v1/security/login endpoint first.

token = login_resp.json().get("access_token")

csrf_resp = session.get(f"{config.base_url}/api/v1/security/csrf_token/", headers={"Authorization": f"Bearer {token}"})