Is using csrf_token in one of the forms along with the javascript code (mentioned above) sufficient to ensure csrf forgery? Should I be using csrf_token in the second form?

I hope not ;) Enabling the CsrfViewMiddleware in Django is sufficient to ensure that your views are protected against cross-site request forgery. If you use two separate HTML forms (two <form></form> tags), both forms need to have a hidden CSRF token field. If you use two Django forms in a single form tag, you only need it once.

If that javascript snippet would send the token with any request, not just AJAX requests, you would only need the token once, but I don't believe it does, so you need it in each HTML form.

As suggested in this SO post Generating CSRF tokens for multiple forms on a single page it seems using same token should be fine. However, just to be clear, I am using {% csrf_token %} in my first form and not a hidden field as mentioned in the post. And I am not using any csrf_token in my second form.

The {% csrf_token %} tag creates a hidden field for you, so essentially you are using a hidden field.

Should I be doing anything extra for my ajax calls or are they fine?

The javascript you included sets a header to the value of the CSRF token on every AJAX request. This header replaces the post data that is usually sent by the hidden field in a form. Any AJAX calls you send through jQuery will have this header, you won't need to do anything else.

Is there a way to check in views.py function that the call is csrf safe?

Not really. As long as you have the CsrfViewMiddleware enabled and you're not using the csrf_exempt decorator, your view is protected. If the call is unsafe, the middleware will return a 403 Forbidden response before the request even reaches the view.