Hello, Hope someone can point me in the right direction. We've had our application set up to manage our users and user groups for quite awhile. At some point, we started to get 308 redirects when attempting to manage the workspace permissions (workspace assignments and UDFs). I am able to make the calls using the same token but through Postman. Any thoughts on what might have changed or what I should check? Thanks!

Hi Mitchell, Do you have a traceID related to the error?

Hi Joseph. We don't get an error, we get a 308 perm redirect to what appears to be the exact same URL. I could potentially set up the client to follow the redirect -- would just rather get the call correct. Here are the (edited) response headers. If you need any other identifiable info let me know and I'll DM

{
  "Date": [
    "Mon, 31 Mar 2025 20:41:39 GMT"
  ],
  "Content-Length": [
    "0"
  ],
  "Connection": [
    "keep-alive"
  ],
  "Vary": [
    "Origin",
    "Access-Control-Request-Method",
    "Access-Control-Request-Headers"
  ],
  "Location": [
    "https://{{domain}}/api/v1/actions/workspaces/{{workspaceId}}/managePermissions"
  ],
  "Cache-Control": [
    "no-cache, no-store, max-age=0, must-revalidate"
  ],
  "Pragma": [
    "no-cache"
  ],
  "Expires": [
    "0"
  ],
  "X-Content-Type-Options": [
    "nosniff"
  ],
  "Strict-Transport-Security": [
    "max-age=63072000; includeSubDomains"
  ],
  "X-XSS-Protection": [
    "0"
  ],
  "Referrer-Policy": [
    "no-referrer"
  ],
  "set-cookie": [
    "SPRING_REDIRECT_URI=; Max-Age=0; Expires=Mon, 31 Mar 2025 20:41:39 GMT; Path=/; Secure; HTTPOnly; SameSite=None"
  ]
}

Hi Mitchell, could you please confirm the details of the user that is trying to make the calls (its ID will suffice). Also, was the token in Postman generated by the same user that is making the call in your app? Please also provide your workspace ID so we can check our logs.

Details sent in a DM. Thanks.

Hi Mitchell. When you follow the redirect in your client or Postman, you get a successful response? That would mean that either the redirect leads to a (slightly) different endpoint or the system responds differently on the second attempt 🤔 Could you please share the full details of the call and the response in a DM? I can see parts of it in the logs, but not enough to compare your request with the Location sent back. Additionally, can you make the call and follow the redirect and let me know the time, so that I could find it in the logs? I could find the call you sent earlier, it is indeed a 308. But I'd like to see it with the subsequent redirected call to see what makes it different. Many thanks.

Hi Daniel. Thanks for looking into this. I'll send over a DM with the details

Hi Mitchell. Thanks for the details in DM and for noticing the trailing slash. Let me summarize for the community here: GoodData uses URLs without trailing slash. To avoid unnecessary rejections, when you try to use a URL with a trailing slash, you are re-directed to the correct URL using a 308 redirect. That is a common practice, as discussed, for example, here: • https://github.com/vercel/next.js/discussions/15432 • https://github.com/open-policy-agent/opa/issues/2137 As long as you either use URLs without the trailing slash or you correctly follow the 308 redirect, you will be OK. Good luck!

Thanks @Daniel Stourac and @Moises Morales. Appreciate the help looking into this