Q16 of 40 · REST Assured
How does REST Assured handle redirects, and where do you configure that?
Short answer
Short answer: REST Assured follows redirects automatically by default (inherited from Apache HttpClient). Disable with .redirects().follow(false) to assert the 301/302 and Location header directly. Set the max redirect depth with .redirects().max(n). Configure per-request in given() or globally via RestAssured.config.
Detail
By default REST Assured follows 301, 302, 303, and 307 responses transparently — the test sees the final 200 response. This matches browser behaviour but hides the redirect itself from your assertions.
Disabling redirect following — useful for testing URL migration, SEO redirects, or OAuth redirect URIs:
given()
.redirects().follow(false)
.when()
.get("/old-path")
.then()
.statusCode(301)
.header("Location", equalTo("https://api.example.com/new-path"));
Global config:
RestAssured.config = RestAssuredConfig.config()
.redirect(RedirectConfig.redirectConfig()
.followRedirects(false)
.maxRedirects(0));
Infinite redirect loops: the default max is 100. If an API has a redirect bug, REST Assured will follow until the limit and then throw a RedirectionException. Set a low max (.max(3)) to catch loops early in tests.
// EXAMPLE
@Test
void legacyEndpoint_redirectsToNewPath() {
given(reqSpec)
.redirects().follow(false)
.when()
.get("/api/v1/users")
.then()
.statusCode(301)
.header("Location", containsString("/api/v2/users"));
}
@Test
void newEndpoint_isReachable() {
// With redirects enabled (default), assert the final destination works
given(reqSpec)
.when()
.get("/api/v1/users") // follows 301 to v2
.then()
.statusCode(200)
.body("content", not(empty()));
}