Alamofire
Elegant HTTP networking library for Swift. Alamofire wraps URLSession with a chainable request/response API, JSON serialization, multipart upload, certificate pinning, and retry handlers. The de facto standard for iOS/macOS networking before async/await — still widely used, now with async/await support. Handles authentication challenges, request adapters, and retriers for complex auth flows.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
TLS via URLSession (Apple's ATS). Certificate pinning built-in. iOS Keychain for credential storage. Widely used and security-reviewed.
⚡ Reliability
Best When
You need complex iOS HTTP networking with interceptors, retry logic, certificate pinning, and chainable request/response handling beyond raw URLSession.
Avoid When
Your iOS agent app only makes simple HTTP calls — async/await URLSession is idiomatic Swift and avoids the Alamofire dependency for simple cases.
Use Cases
- • Make HTTP requests from iOS agent apps with Alamofire's async API — AF.request().serializingDecodable(MyResponse.self) with Codable type safety
- • Implement agent auth token refresh with Alamofire's RequestInterceptor — automatically retry failed requests after token refresh
- • Upload agent-generated files and images to cloud storage via multipart form requests
- • Add certificate pinning to agent iOS apps for protection against MITM attacks in enterprise environments
- • Use Alamofire's EventMonitor for request logging and debugging agent HTTP calls in development
Not For
- • New Swift projects without URLSession complexity — Swift's URLSession with async/await is sufficient for many use cases without Alamofire overhead
- • Server-side Swift — Alamofire is client-side iOS/macOS; use AsyncHTTPClient or Vapor's client for server-side Swift HTTP
- • Non-Swift code — Alamofire is Swift-only; Objective-C projects should use AFNetworking
Interface
Authentication
Auth via RequestInterceptor — adapt requests to add headers and retry on 401. AuthenticationInterceptor for token-based auth with automatic refresh. Credential storage in iOS Keychain.
Pricing
Community-maintained open source. MIT license.
Agent Metadata
Known Gotchas
- ⚠ Alamofire 5 is async/await native but the closure-based API still works — mixing closure and async styles in the same request causes confusion; choose one style per agent code module
- ⚠ Request serialization errors (Decodable mismatch) are returned as AFError.responseSerializationFailed — the original DecodingError is nested inside and must be unwrapped for debugging
- ⚠ Session must be kept alive — creating Alamofire Session in a local variable and letting it deallocate cancels all in-flight requests; store Session as a property at appropriate scope
- ⚠ Certificate pinning via ServerTrustManager requires certificate files bundled in the app — missing certificates or wrong DER format causes connection failures that look like network errors
- ⚠ RequestInterceptor's retry method is called before adapt for retries — the interceptor must check if the error is retryable and return .retry or .doNotRetry; infinite retry loops are possible without attempt count check
- ⚠ Multipart form data encoding is async for large files — uploadMultipart completion is called after encoding is complete; file handles must remain open during encoding or upload fails
Alternatives
Full Evaluation Report
Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for Alamofire.
Scores are editorial opinions as of 2026-03-06.