Thanks for outlining how you solved it.
@yakpak_rahulm and @ssagli can you confirm if you're seeing the redirect to /auth while using an HTTP client like Postman or Insomia? If so this is likely related to cookies being sent with the request. Deleting the cookies from your client and resending the request should fix it. If that doesn't explain it, please record the X-Request-ID value from the response header of your call, and I'll check the logs for more details.
I'm seeing the redirect to /auth directly in the Shopify app. I'm also using tokens to authorize (not cookies), so I don't think that's the cause. However, I solved this issue by requesting and online AND offline token, and using the online token for API calls from my Shopify app.