1π
The token returned by your login view is not a csrf token, so I am not sure why you have csfrmiddletoken in your request.
Secondly, the rest framework docs say that the token should be sent as a header, not as data in the request.
Try the following:
curl -X POST http://127.0.0.1:8000/orders/ -H 'Authorization: Token 3dfdcd6b2abeb432131c734f82a737505ee3110d'
π€Alasdair
Source:stackexchange.com