Skip to content

Redirects, rewrites & headers

Every project carries a set of URL and header rules — redirects, rewrites, and response headers — that PandaStack applies at the gateway before your project serves the request. These are free to configure (a MEMBER+ role is required to set them) on both static and container projects.

Every project has a RoutingManifest (built by the manifest builder and stored on the project’s routes row as manifest, plus a functions map). The gateway walks the manifest in a fixed order for each request:

  1. Static filesystem — the static.target pointer is tried first (for static projects this is the CDN origin).
  2. Redirects / rewrites — redirect and rewrite rules, in order.
  3. Headers — response header rules (set-and-continue: they add headers and continue processing).
  4. Function dispatch — for containers, a single catch-all function route to the pod.
  5. SPA fallback — for static SPAs, serve index.html for unmatched paths.
  6. Implicit 404 — if nothing matched.
  • A container manifest has a single catch-all function route targeting kong://org-{orgId}.custom-{name}.80.
  • A static manifest has zero function routes; its static.target is the CDN origin (https://cdn.pandastack.io).

A rule is distinguished by its type:

FieldTypeNotes
typeredirect | rewriteredirect sends the browser elsewhere; rewrite serves a different path transparently
sourcestringthe incoming path to match
destinationstringwhere to send / serve

You can define up to 100 redirect/rewrite rules.

The redirect status mirrors the plane that serves the project:

Project typeRedirect statusIssued by
Static302the static-plane Fastify proxy (reply.redirect)
Container301a Kong pre-function Lua handler

Header rules are applied as one global set-and-continue rule across all paths (/(.*)) — they add response headers and let processing continue. Each rule is:

FieldTypeNotes
namestringheader name
valuestringheader value
requestPathstring (optional)limit the rule to a path

You can define up to 100 header rules.

Redirects and headers are stored as JSON on the Project row (redirects / headers jsonb), not on the route row, and are set via satellite use-cases that rebuild the routing manifest. For static projects the rules are pure config applied by the static-plane proxy; for container projects the rules also sync to Kong on the data plane.

Redirects, rewrites, and headers are not paid-gated — the PUT handlers require only a MEMBER+ role, not a paid plan.

Set redirects and rewrites:

Terminal window
curl -X PUT "https://api.pandastack.io/v1/projects/my-app/redirects" \
-H "Authorization: Bearer $PANDASTACK_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"redirects": [
{ "type": "redirect", "source": "/old", "destination": "/new" },
{ "type": "rewrite", "source": "/api/(.*)", "destination": "/proxy/$1" }
]
}'

Set response headers:

Terminal window
curl -X PUT "https://api.pandastack.io/v1/projects/my-app/headers" \
-H "Authorization: Bearer $PANDASTACK_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"headers": [
{ "name": "X-Frame-Options", "value": "DENY" },
{ "name": "Cache-Control", "value": "public, max-age=3600", "requestPath": "/assets/(.*)" }
]
}'
EndpointMethodPaid?Purpose
GET /v1/projects/:name/redirectsGETFreeRead redirect + rewrite rules
PUT /v1/projects/:name/redirectsPUTFree (MEMBER+)Set redirect + rewrite rules
GET /v1/projects/:name/headersGETFreeRead response header rules
PUT /v1/projects/:name/headersPUTFree (MEMBER+)Set response header rules