So first, there are two ways to redirect: an internal redirect and an external redirect.

The internal redirect reuses the request and token to call a secondary endpoint.

The external redirect drops a thread, goes outside the DMZ, comes back in and has to be revalidated and recreate a new thread and then goes to the secondary endpoint.

The internal is MUCH faster and more secure.

https://www.linkedin.com/pulse/apis-why-use-internal-redirect-owen-rubel-api-expert-xsoec/