Ali,
Every HTTP response that comes back from the server should have an X-AUSERNAME header attached which provides the username for the authenticated user (if a user is authenticated). Have you checked that? You should be able to execute any REST request you’d like and “see” the user on the header. (Even a request that returns a 404 response will have the header present, so you could actually try to use /rest/api/1.0/myself, for example, and even though it will 404 it should return the information you need.)
Edit: Since we don’t have a myself endpoint, the one I’d suggest would be /rest/api/1.0/application-properties. It doesn’t fail, so it won’t leave 404s in the access logs that might confuse an administrator, and it also doesn’t do any real work, so it won’t be putting load on the server. You can ignore the response body (which will contain details about the version of Bitbucket Server in use) and just look at the X-AUSERNAME header.
Best regards,
Bryan Turner
Atlassian Bitbucket