The problem is that your project is probably a private project. In order to guarantee that only authorized people have access to your running the Cloud9 proxy will intercept calls to your application and check the permissions. If it doesn't find a valid session cookie you will be redirected to the login page. When you use Cloud9 to develop an API server the client will obviously not have that session cookie and fail in the way you described above.
I see two options to work around this:
- Use a public workspace instead of a private one
- Run curl from inside Cloud9. You can simply open a second terminal and instead of the hostname just use $IP:$PORT to talk to the server