I've seen URIs that support magic ids for the authenticated user like below:
GET /user/me - list my profile GET /user/me/photos - list my photos where the ones below use the actual user id
GET /user/742924 GET /user/742924/photos The problem I see is that the same resource id points to a different resource depending on the authenticated user.
Is this going against any REST principles?
Using /me to name a resource that corresponds to the authenticated user is perfectly fine from a REST perspective. According to Roy Thomas Fielding's dissertation, any information that can be named can be a resource:
5.2.1.1 Resources and Resource Identifiers
The key abstraction of information in REST is a resource. Any information that can be named can be a resource: a document or image, a temporal service (e.g. "today's weather in Los Angeles"), a collection of other resources, a non-virtual object (e.g. a person), and so on. In other words, any concept that might be the target of an author's hypertext reference must fit within the definition of a resource. A resource is a conceptual mapping to a set of entities, not the entity that corresponds to the mapping at any particular point in time. [...]
When using /me, you have a locator for the authenticated user and it will always identify the concept of an authenticated user, regardless of which user is authenticated.
/me/photos, or /users/me/photos? Asking because /me implies user anyway, so users in users/me might be excessive? Afaiu you suggest another resource for auth user. And OP didn't mention /me variation in the first place.
/users/me/photos :)
/users/me is different for every user bothers me a bit. As stated in the pager: a resource R is a temporally varying membership function MR(t). Shouldn't this imply that any other parameter other than time have no effect on the output?While I agree with Cassio, I think he didn't select the best quote from the dissertation, since this is a part that's a lot more identifier specific:
The definition of resource in REST is based on a simple premise: identifiers should change as infrequently as possible. Because the Web uses embedded identifiers rather than link servers, authors need an identifier that closely matches the semantics they intend by a hypermedia reference, allowing the reference to remain static even though the result of accessing that reference may change over time. REST accomplishes this by defining a resource to be the semantics of what the author intends to identify, rather than the value corresponding to those semantics at the time the reference is created. It is then left to the author to ensure that the identifier chosen for a reference does indeed identify the intended semantics.
And if you connect the dots, a logged in user is the case in point - same reference to a different resulting content.
That is perfectly fine.
Whether it is the same entity in the database is irrelevant, the more correct description would be that every concept needs to have a URI. The concept of "current user" is different from "user 742924", so it is ok.
It can be even worse than that, "current user", "last logged in user", "user with name starting with A", "oldest user", etc. All of those can be different resources, even though they may point to the same "user".
