Currently the Call REST function always sends the HTTP headers with any request, also when redirected.
This causes serious problems, when trying to access an API that itself requires e.g. Basic Auth, but then redirects to e.g. an AmazonS3 Server. That is because in order to validate the redirected request, the API will usually add its own security-token and/or signature to the redirect-URL. This then results in the AmazonS3 Server throwing an Error, since it doesn´t know which Authentication mechanism is relevant.
Considering that today most APIs work like this, it is odd how Mendix doesn´t yet support an option to not send headers on redirect. This often makes efficient API calls virtually impossible.
(Yes one could write a custom Java function, but having to code yourself for a common use case is not what people spend money on Mendix for, is it?)
Which HTTP status code does your server use for the redirect?