Is it legal to have REST resource such as /currentUser in terms of RESTful and stateless?

Question

In terms of RESTful and stateless it\'s pretty legal to have resource like

/users/123

But, the question is: is it legal to have resource that omits user id and

Answer 1

It is perfectly legal as long as you keep it stateless. That is, you infer the current user from a security context provided with the HTTP request, usually a token of some kind.

For example, you perform a GET /current-user with an Authentication header containing a JWT token. The server can get most of the user info of the current user from the JWT token and complete with data from the database and retrieve it back to the caller.

I'd also recommend not to use camel case in URIs. It can be a nightmare for devs and some servers are case insensitive.

Beware, if you are holding a server user session, as you imply in your question, your API is already stateful.