Is using magic (me/self) resource identifiers going against REST principles?

Question

I\'ve seen URIs that support magic ids for the authenticated user like below:

GET /user/me - list my profile
GET /user/me/photos - list my photos
         


        

Answer 1

That is perfectly fine.

Whether it is the same entity in the database is irrelevant, the more correct description would be that every concept needs to have a URI. The concept of "current user" is different from "user 742924", so it is ok.

It can be even worse than that, "current user", "last logged in user", "user with name starting with A", "oldest user", etc. All of those can be different resources, even though they may point to the same "user".