Providing the right headers and cookies to avoid triggering Rails CSRF protection

Question

I am a beginner so I don't know if I'll be able to describe the problem correctly. I am trying to solve an API challenge which requires me to bypass Rails CSRF protection? I need to provide correct cookies and headers but I'm unsure which approach to go for. I have tried using curl -h and --cookies, I also have tried editing the cookies and header with burp (idk if I was supposed to do that in the first place). If you can understand what I mean, could you help me out please?