I am still a bachelors student and consider myself a junrior in some Spring related topics still.

I have developed several Spring Boot applications and have always useed a stateful approach using the JSESSIONID a user gets after authenticating.

My restricted endpoints like getting a single users details (for displaying them in the users profile in the frontend) normally always follow this approach:

`@GetMapping
ResponseEntity<UserDTO> getUser(Authentication authentication) {
Optional<UserDTO> userDTO = userService.findByEmail(authentication.getName().toLowerCase());

    // Verify that the user has been found successfully
    return userDTO.map(ResponseEntity::ok).orElseGet(() -> ResponseEntity.badRequest().build());
}

@PutMapping()
ResponseEntity<UserDTO> updateUser(Authentication authentication, @Valid @RequestBody UserDTO updateUserDTO) {
Optional<UserDTO> userDTO = userService.updateUser(authentication, updateUserDTO);

    // Verify that the user has been updated successfully
    return userDTO.map(ResponseEntity::ok).orElseGet(() -> ResponseEntity.badRequest().build());
}`

However after attending some hackathons and talking to some senior devs I have hear many best practices about building APIs.

Normally getting a user should have the endpoint: /api/v1/users/{userId} at least thats what I have been told.

Now that makes sense when you are using JWT – at least from my POV. Sticking to this best practice however would mean that I need to store the users ID somewhere in the frontend (localstorage) and always get that when sending a request to that endpoint, so everytime a user accesses their profile.

Therefore I am normally using the approach I posted above using Springs authentication Object. I was wondering is this is okay / if there are other best practices when having stateful applications like mine.

Btw feel free to point out other suggestions you may have regarding the implementation above.

PS: I also feel like this question does not provide so much value to this community, but I also did not find any answers to this question. As a student/learner/junior getting to know best practices can be quit difficult thats why I am posting this.

I have tried, asking two senior devs I happen to know, searched on the web, asked ChatGPT (which in my opinion is not helpfull at all in regards to best practices since it always more or less tells you what you want to hear), and generally watched a lot of Dan Vega and amigoscode.