Why HTTP Redirects Matter in API Testing: Understanding Their Impact

Today we explore HTTP redirects, a key concept that influences how we perform interface testing.

What is a redirect?

An HTTP redirect occurs when the server cannot directly serve the requested resource and instead returns a response containing the URL of the alternative location. The client must then issue a second request to that URL, resulting in two complete request‑response cycles. This is analogous to being sent from one person to another to obtain a service.

Why use redirects?

Redirects are commonly employed for protocol upgrades, regional routing, or post‑login navigation. For example, accessing http://www.baidu.com yields a 307 response that redirects the request to the HTTPS version, while http://jumei.com returns a 302 response that routes the user to a Beijing sub‑site based on location.

Impact on everyday testing

1. JMeter

In JMeter’s HTTP sampler there is a checkbox for “Follow Redirects”. When enabled, JMeter records only the final request and response, ignoring the intermediate redirect request.

2. Automated API testing with Python

The requests library provides the allow_redirects parameter (default False) to control whether intermediate redirects are followed.

If you only need to verify the final response, you can leave the default setting. For login‑related endpoints, you may need to enable redirects to capture cookies or intermediate status codes.

Example 1: Login with redirect

Request: http://123.56.99.53:9001/login1/ (username: admin, password: liulaoshi123). Monitoring shows a 302 response indicating a redirect. The login endpoint validates credentials, sets a cookie, and redirects to the home page. If you test the endpoint directly, JMeter or a simple request will hide the intermediate step, showing only the home page and an empty cookie jar.

To capture the cookie, use a global requests.Session() or set allow_redirects=True and extract the cookie from the first response.

Example 2: Login without visible redirect

Request: http://123.56.99.53:9001/login2/. The login succeeds and the home page appears, but no 302 is observed because the client uses an AJAX request. The server returns a JSON payload; JavaScript on the page handles cookie placement and navigation. In this case, simply parsing the JSON response is sufficient.

These examples demonstrate that successful testing depends on understanding the specific implementation details of the application under test, not just the presence of a redirect.