diff --git a/src/api/cosiaApi.tsx b/src/api/cosiaApi.tsx
index e5cb991c..cfeec696 100644
--- a/src/api/cosiaApi.tsx
+++ b/src/api/cosiaApi.tsx
@@ -1,5 +1,6 @@
 import axios from "axios";
 import applyCaseMiddleware from "axios-case-converter";
+import { getCookie } from "../utils";
 
 const cosiaApiAxiosInstance = applyCaseMiddleware(
   axios.create({
@@ -58,5 +59,13 @@ type DepartmentDataDownload = DepartementDataDownloadPayload;
 export const createDepartementDataDownload = (
   payload: DepartementDataDownloadPayload,
 ): Promise<{ data: DepartmentDataDownload }> => {
-  return cosiaApiAxiosInstance.post("department-data-downloads/", payload);
+  const csrftoken = getCookie("csrftoken");
+  const config = {
+    headers: {
+      "content-type": "application/json",
+      "X-CSRFToken": csrftoken,
+    },
+  };
+
+  return cosiaApiAxiosInstance.post("department-data-downloads/", payload, config);
 };
diff --git a/src/utils.tsx b/src/utils.tsx
index 1e3a3ba4..d5332fb3 100644
--- a/src/utils.tsx
+++ b/src/utils.tsx
@@ -1,3 +1,16 @@
 //TODO to test
 
 export const isCorrectEmail = (email: string) => /^[\w\-.]+@[\w-]+\.[\w-]{2,}$/.test(email);
+
+export const getCookie = (name: string) => {
+  if (!document.cookie || document.cookie === "") return;
+
+  const cookies = document.cookie.split(";");
+  for (let i = 0; i < cookies.length; i++) {
+    const cookie = cookies[i].trim();
+    // Does this cookie string begin with the name we want?
+    if (cookie.substring(0, name.length + 1) === name + "=") {
+      return decodeURIComponent(cookie.substring(name.length + 1));
+    }
+  }
+};