diff --git a/Admin/Routes/Web/Api.php b/Admin/Routes/Web/Api.php
index d846576..6d6c042 100755
--- a/Admin/Routes/Web/Api.php
+++ b/Admin/Routes/Web/Api.php
@@ -22,6 +22,7 @@ return [
         [
             'dest'       => '\Modules\Organization\Controller\ApiController:apiPositionCreate',
             'verb'       => RouteVerb::PUT,
+            'csrf'       => true,
             'permission' => [
                 'module' => ApiController::NAME,
                 'type'   => PermissionType::CREATE,
@@ -31,6 +32,7 @@ return [
         [
             'dest'       => '\Modules\Organization\Controller\ApiController:apiPositionGet',
             'verb'       => RouteVerb::GET,
+            'csrf'       => true,
             'permission' => [
                 'module' => ApiController::NAME,
                 'type'   => PermissionType::READ,
@@ -40,6 +42,7 @@ return [
         [
             'dest'       => '\Modules\Organization\Controller\ApiController:apiPositionSet',
             'verb'       => RouteVerb::SET,
+            'csrf'       => true,
             'permission' => [
                 'module' => ApiController::NAME,
                 'type'   => PermissionType::MODIFY,
@@ -49,6 +52,7 @@ return [
         [
             'dest'       => '\Modules\Organization\Controller\ApiController:apiPositionDelete',
             'verb'       => RouteVerb::DELETE,
+            'csrf'       => true,
             'permission' => [
                 'module' => ApiController::NAME,
                 'type'   => PermissionType::DELETE,
@@ -60,6 +64,7 @@ return [
         [
             'dest'       => '\Modules\Organization\Controller\ApiController:apiDepartmentCreate',
             'verb'       => RouteVerb::PUT,
+            'csrf'       => true,
             'permission' => [
                 'module' => ApiController::NAME,
                 'type'   => PermissionType::CREATE,
@@ -69,6 +74,7 @@ return [
         [
             'dest'       => '\Modules\Organization\Controller\ApiController:apiDepartmentGet',
             'verb'       => RouteVerb::GET,
+            'csrf'       => true,
             'permission' => [
                 'module' => ApiController::NAME,
                 'type'   => PermissionType::READ,
@@ -78,6 +84,7 @@ return [
         [
             'dest'       => '\Modules\Organization\Controller\ApiController:apiDepartmentSet',
             'verb'       => RouteVerb::SET,
+            'csrf'       => true,
             'permission' => [
                 'module' => ApiController::NAME,
                 'type'   => PermissionType::MODIFY,
@@ -87,6 +94,7 @@ return [
         [
             'dest'       => '\Modules\Organization\Controller\ApiController:apiDepartmentDelete',
             'verb'       => RouteVerb::DELETE,
+            'csrf'       => true,
             'permission' => [
                 'module' => ApiController::NAME,
                 'type'   => PermissionType::DELETE,
@@ -98,6 +106,7 @@ return [
         [
             'dest'       => '\Modules\Organization\Controller\ApiController:apiUnitCreate',
             'verb'       => RouteVerb::PUT,
+            'csrf'       => true,
             'permission' => [
                 'module' => ApiController::NAME,
                 'type'   => PermissionType::CREATE,
@@ -107,6 +116,7 @@ return [
         [
             'dest'       => '\Modules\Organization\Controller\ApiController:apiUnitGet',
             'verb'       => RouteVerb::GET,
+            'csrf'       => true,
             'permission' => [
                 'module' => ApiController::NAME,
                 'type'   => PermissionType::READ,
@@ -116,6 +126,7 @@ return [
         [
             'dest'       => '\Modules\Organization\Controller\ApiController:apiUnitSet',
             'verb'       => RouteVerb::SET,
+            'csrf'       => true,
             'permission' => [
                 'module' => ApiController::NAME,
                 'type'   => PermissionType::MODIFY,
@@ -125,6 +136,7 @@ return [
         [
             'dest'       => '\Modules\Organization\Controller\ApiController:apiUnitDelete',
             'verb'       => RouteVerb::DELETE,
+            'csrf'       => true,
             'permission' => [
                 'module' => ApiController::NAME,
                 'type'   => PermissionType::CREATE,
@@ -137,6 +149,7 @@ return [
         [
             'dest'       => '\Modules\Organization\Controller\ApiController:apiUnitMainAddressSet',
             'verb'       => RouteVerb::SET,
+            'csrf'       => true,
             'permission' => [
                 'module' => ApiController::NAME,
                 'type'   => PermissionType::MODIFY,
@@ -149,6 +162,7 @@ return [
         [
             'dest'       => '\Modules\Organization\Controller\ApiController:apiUnitImageSet',
             'verb'       => RouteVerb::SET,
+            'csrf'       => true,
             'permission' => [
                 'module' => ApiController::NAME,
                 'type'   => PermissionType::MODIFY,
@@ -161,6 +175,7 @@ return [
         [
             'dest'       => '\Modules\Organization\Controller\ApiController:apiUnitFind',
             'verb'       => RouteVerb::GET,
+            'csrf'       => true,
             'permission' => [
                 'module' => ApiController::NAME,
                 'type'   => PermissionType::READ,
@@ -172,6 +187,7 @@ return [
         [
             'dest'       => '\Modules\Organization\Controller\ApiController:apiDepartmentFind',
             'verb'       => RouteVerb::GET,
+            'csrf'       => true,
             'permission' => [
                 'module' => ApiController::NAME,
                 'type'   => PermissionType::READ,
@@ -183,6 +199,7 @@ return [
         [
             'dest'       => '\Modules\Organization\Controller\ApiController:apiPositionFind',
             'verb'       => RouteVerb::GET,
+            'csrf'       => true,
             'permission' => [
                 'module' => ApiController::NAME,
                 'type'   => PermissionType::READ,
diff --git a/Theme/Backend/department-create.tpl.php b/Theme/Backend/department-create.tpl.php
index fc64ffd..78cde78 100755
--- a/Theme/Backend/department-create.tpl.php
+++ b/Theme/Backend/department-create.tpl.php
@@ -22,7 +22,7 @@ echo $this->data['nav']->render(); ?>
         <div class="portlet">
             <form id="fDepartmentCreate"
                 method="PUT"
-                action="<?= UriFactory::build('{/api}{/rootPath}{/lang}/api/organization/department'); ?>"
+                action="<?= UriFactory::build('{/api}{/rootPath}{/lang}/api/organization/department?csrf={$CSRF}'); ?>"
                 autocomplete="off">
                 <div class="portlet-head"><?= $this->getHtml('Department'); ?></div>
                 <div class="portlet-body">
diff --git a/Theme/Backend/department-list.tpl.php b/Theme/Backend/department-list.tpl.php
index 2ded0f3..4a83731 100755
--- a/Theme/Backend/department-list.tpl.php
+++ b/Theme/Backend/department-list.tpl.php
@@ -103,10 +103,12 @@ echo $this->data['nav']->render(); ?>
                 <?php endif; ?>
             </table>
             </div>
+            <!--
             <div class="portlet-foot">
                 <a tabindex="0" class="button" href="<?= UriFactory::build($previous); ?>"><?= $this->getHtml('Previous', '0', '0'); ?></a>
                 <a tabindex="0" class="button" href="<?= UriFactory::build($next); ?>"><?= $this->getHtml('Next', '0', '0'); ?></a>
             </div>
+            -->
         </div>
     </div>
 </div>
\ No newline at end of file
diff --git a/Theme/Backend/department-view.tpl.php b/Theme/Backend/department-view.tpl.php
index a9f40e2..e2f3968 100644
--- a/Theme/Backend/department-view.tpl.php
+++ b/Theme/Backend/department-view.tpl.php
@@ -25,7 +25,7 @@ echo $this->data['nav']->render(); ?>
 <div class="row">
     <div class="col-xs-12 col-md-6">
         <div class="portlet">
-            <form id="iDepartment" action="<?= UriFactory::build('{/api}organization/department?{?}'); ?>" method="POST">
+            <form id="iDepartment" action="<?= UriFactory::build('{/api}organization/department?{?}&csrf={$CSRF}'); ?>" method="POST">
                 <div class="portlet-head"><?= $this->getHtml('Department'); ?></div>
                 <div class="portlet-body">
                     <div class="form-group">
diff --git a/Theme/Backend/position-create.tpl.php b/Theme/Backend/position-create.tpl.php
index 06d8659..ba0c627 100755
--- a/Theme/Backend/position-create.tpl.php
+++ b/Theme/Backend/position-create.tpl.php
@@ -23,7 +23,7 @@ echo $this->data['nav']->render(); ?>
         <div class="portlet">
             <form id="fPositionCreate"
                 method="PUT"
-                action="<?= UriFactory::build('{/api}{/rootPath}{/lang}/api/organization/position'); ?>"
+                action="<?= UriFactory::build('{/api}{/rootPath}{/lang}/api/organization/position?csrf={$CSRF}'); ?>"
                 autocomplete="off">
                 <div class="portlet-head"><?= $this->getHtml('Position'); ?></div>
                 <div class="portlet-body">
diff --git a/Theme/Backend/position-list.tpl.php b/Theme/Backend/position-list.tpl.php
index 95c497b..2e2435b 100755
--- a/Theme/Backend/position-list.tpl.php
+++ b/Theme/Backend/position-list.tpl.php
@@ -95,10 +95,12 @@ echo $this->data['nav']->render(); ?>
                         <?php endif; ?>
             </table>
             </div>
+            <!--
             <div class="portlet-foot">
                 <a tabindex="0" class="button" href="<?= UriFactory::build($previous); ?>"><?= $this->getHtml('Previous', '0', '0'); ?></a>
                 <a tabindex="0" class="button" href="<?= UriFactory::build($next); ?>"><?= $this->getHtml('Next', '0', '0'); ?></a>
             </div>
+            -->
         </div>
     </div>
 </div>
diff --git a/Theme/Backend/position-view.tpl.php b/Theme/Backend/position-view.tpl.php
index 5635158..38a6ccf 100644
--- a/Theme/Backend/position-view.tpl.php
+++ b/Theme/Backend/position-view.tpl.php
@@ -25,7 +25,7 @@ echo $this->data['nav']->render(); ?>
 <div class="row">
     <div class="col-xs-12 col-md-6">
         <div class="portlet">
-            <form id="iPosition" action="<?= UriFactory::build('{/api}organization/position?{?}'); ?>" method="POST">
+            <form id="iPosition" action="<?= UriFactory::build('{/api}organization/position?{?}&csrf={$CSRF}'); ?>" method="POST">
                 <div class="portlet-head"><?= $this->getHtml('Position'); ?></div>
                 <div class="portlet-body">
                     <div class="form-group">
diff --git a/Theme/Backend/unit-create.tpl.php b/Theme/Backend/unit-create.tpl.php
index 66b93fd..1d04b84 100755
--- a/Theme/Backend/unit-create.tpl.php
+++ b/Theme/Backend/unit-create.tpl.php
@@ -23,7 +23,7 @@ $countries    = ISO3166NameEnum::getConstants();
 /** @var \phpOMS\Views\View $this */
 echo $this->data['nav']->render(); ?>
 
-<form id="fUnitCreate" method="put" action="<?= UriFactory::build('{/api}organization/unit'); ?>">
+<form id="fUnitCreate" method="put" action="<?= UriFactory::build('{/api}organization/unit?csrf={$CSRF}'); ?>">
 <div class="row">
     <div class="col-xs-12 col-md-6">
         <div class="portlet">
diff --git a/Theme/Backend/unit-list.tpl.php b/Theme/Backend/unit-list.tpl.php
index 9d113f5..b540503 100755
--- a/Theme/Backend/unit-list.tpl.php
+++ b/Theme/Backend/unit-list.tpl.php
@@ -94,10 +94,12 @@ echo $this->data['nav']->render(); ?>
                         <?php endforeach; ?>
             </table>
             </div>
+            <!--
             <div class="portlet-foot">
                 <a tabindex="0" class="button" href="<?= UriFactory::build($previous); ?>"><?= $this->getHtml('Previous', '0', '0'); ?></a>
                 <a tabindex="0" class="button" href="<?= UriFactory::build($next); ?>"><?= $this->getHtml('Next', '0', '0'); ?></a>
             </div>
+            -->
         </div>
     </div>
 </div>
diff --git a/Theme/Backend/unit-view.tpl.php b/Theme/Backend/unit-view.tpl.php
index bf00534..ecff064 100644
--- a/Theme/Backend/unit-view.tpl.php
+++ b/Theme/Backend/unit-view.tpl.php
@@ -28,12 +28,12 @@ $countries    = ISO3166NameEnum::getConstants();
 
 echo $this->data['nav']->render(); ?>
 
-<form id="iUnitUploadForm" action="<?= UriFactory::build('{/api}organization/unit/image?id={?id}'); ?>" method="post"><input class="preview" data-action='[{"listener": "change", "key": 1, "action": [{"key": 1, "type": "form.submit", "selector": "#iUnitUploadForm"}]}]' id="iUnitUpload" name="unitImage" type="file" accept="image/png,image/gif,image/jpeg" style="display: none;"></form>
+<form id="iUnitUploadForm" action="<?= UriFactory::build('{/api}organization/unit/image?id={?id}&csrf={$CSRF}'); ?>" method="post"><input class="preview" data-action='[{"listener": "change", "key": 1, "action": [{"key": 1, "type": "form.submit", "selector": "#iUnitUploadForm"}]}]' id="iUnitUpload" name="unitImage" type="file" accept="image/png,image/gif,image/jpeg" style="display: none;"></form>
 
 <div class="row">
     <div class="col-xs-12 col-md-6">
         <div class="portlet">
-            <form id="iUnit" action="<?= UriFactory::build('{/api}organization/unit'); ?>" method="post">
+            <form id="iUnit" action="<?= UriFactory::build('{/api}organization/unit?csrf={$CSRF}'); ?>" method="post">
                 <div class="portlet-head row middle-xs">
                     <div class="col-xs-0">
                         <a id="iUnitUploadButton" href="#upload" data-action='[{"listener": "click", "key": 1, "action": [{"key": 1, "type": "event.prevent"}, {"key": 2, "type": "dom.click", "selector": "#iUnitUpload"}]}]'>
@@ -91,7 +91,7 @@ echo $this->data['nav']->render(); ?>
     <div class="col-xs-12 col-md-6">
         <div class="portlet">
             <div class="portlet-head"><?= $this->getHtml('MainAddress'); ?></div>
-            <form id="iUnitMainAdress" action="<?= UriFactory::build('{/api}organization/unit/address/main'); ?>" method="post">
+            <form id="iUnitMainAdress" action="<?= UriFactory::build('{/api}organization/unit/address/main?csrf={$CSRF}'); ?>" method="post">
                 <div class="portlet-body">
                     <div class="form-group">
                         <label for="iLegalName"><?= $this->getHtml('LegalName'); ?></label>