Sep 7, 2018 · 1 min read
If you use /me, how does your REST API know who is me without a session?
You mention that “users/:id/billing” should not be accessible, this can be done using an access control solution.
I am also deciding between using /me and /users/:id at the moment.
