For CSRF Protection in phoenix do we need to set protect_from_forgery as part of api pipeline also, along with browser pipeline?
By default APIs are most often stateless and therefore without session, which means CSRF is not needed at all. This is not to say that you might add the former, making the latter useful again.
