Hi Oliver,
setting an anonymous user for the respective oData-Service in Transaction SICF should do the trick. First, try this test with a new user, who has all permissions (SAP_ALL). If this works, you can restrict the permissions to the actual requirements.
The CSRF token is not an issue in authentication.
Regards
Michael