the crsf in @crsf_exempt stands for Cross site Request Forgery, this basically means that if you put this decorator, this is basically a cookie created so that clients that don't have a CSRF token can use the POST HTTP method, this also makes the view excluded from the Middleware protection

@csrf_exempt(your_view)

While @api_view on the other hand takes a list of supported methods in your view and if an unsupported one is called it handles the response instead of throwing an error

@api_view(http_method_names=['GET', 'POST', 'WHATEVER METHOD YOU WANT']