Is it legal to have REST resource such as /currentUser in terms of RESTful and stateless?

Question

In terms of RESTful and stateless it\'s pretty legal to have resource like

/users/123

But, the question is: is it legal to have resource that omits user id and

Answer 1

Yes. It is very common for ReST services to make assumption about authorization context. Though making such a decision will limit usability of that route for users other than the logged on user. For example an admin might need to use that service for a specific user.

A ReST endpoint may even use Claims that exist in the Authorization context. for example return different data for a user that has logged in using certain mechanism.

of all HTTP headers, there are some that are probably not good to be used to tailor the ReST response. for example I will not use the 'referer'.

Make sure you check for any caching strategy you may have before making such design decisions.