diff --git a/app/protected/config/common.php b/app/protected/config/common.php
index 5937e0a56..a81b77a3f 100644
--- a/app/protected/config/common.php
+++ b/app/protected/config/common.php
@@ -163,7 +163,7 @@
                 'timeZone'             => 'America/Chicago',
             ),
             'request' => array(
-                'enableCsrfValidation' => false,
+                'enableCsrfValidation' => true,
                 'enableCookieValidation' => false, //keep off until we can fix it on linux/windows servers.
             ),
             'urlManager' => array (
diff --git a/app/protected/modules/zurmo/components/BeginRequestBehavior.php b/app/protected/modules/zurmo/components/BeginRequestBehavior.php
index 9d8210386..0baa6042d 100644
--- a/app/protected/modules/zurmo/components/BeginRequestBehavior.php
+++ b/app/protected/modules/zurmo/components/BeginRequestBehavior.php
@@ -28,6 +28,11 @@ class BeginRequestBehavior extends CBehavior
     {
         public function attach($owner)
         {
+            if(Yii::app()->apiRequest->isApiRequest())
+            {
+                Yii::app()->detachEventHandler('onBeginRequest',array(Yii::app()->request,'validateCsrfToken'));
+            }
+
             $owner->attachEventHandler('onBeginRequest', array($this, 'handleImports'));
             if (Yii::app()->apiRequest->isApiRequest())
             {