OkHttp
Efficient HTTP and HTTP/2 client for Android and Java/JVM. Handles connection pooling, GZIP compression, response caching, retries, and WebSocket support. The underlying transport layer for Retrofit and many Android libraries. Supports interceptors for auth, logging, caching, and request modification. Industry standard for Android HTTP with transparent HTTP/2 multiplexing.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Strong TLS support with configurable cipher suites and TLS versions. Certificate pinning via CertificatePinner. HTTPS redirect enforcement. Square has good security track record. No built-in credential storage.
⚡ Reliability
Best When
You need direct HTTP control in Android/JVM — custom interceptors, WebSocket, streaming, or fine-grained connection management — or you're building a library that wraps HTTP behavior.
Avoid When
You're calling REST APIs with well-defined types — use Retrofit (which uses OkHttp underneath) for cleaner interface-based HTTP.
Use Cases
- • Make direct HTTP calls in Android/JVM agents when Retrofit's interface abstraction is too heavy — OkHttp gives raw request/response control
- • Add auth interceptors for token injection, refresh on 401, and header management in agent HTTP pipelines
- • Establish WebSocket connections for real-time agent communication with servers — OkHttp's WebSocket API handles frame-level protocol
- • Log all HTTP traffic for agent debugging using OkHttp's HttpLoggingInterceptor to inspect request/response bodies
- • Implement custom retry logic, circuit breakers, and connection pool configuration for resilient agent networking
Not For
- • Non-JVM environments — OkHttp is JVM-only; for multiplatform HTTP use Ktor Client
- • High-level REST API clients — use Retrofit on top of OkHttp for type-safe API interfaces
- • Simple one-off HTTP calls in Kotlin — ktor-client or the built-in URL.readText() may be simpler for scripts
Interface
Authentication
No built-in auth — use OkHttp Interceptors to add Authorization headers. Authenticator interface handles 401 challenge-response (token refresh). Supports certificate pinning via CertificatePinner for mutual TLS.
Pricing
Square open source library. Apache 2.0 license. No commercial restrictions.
Agent Metadata
Known Gotchas
- ⚠ Response body must be consumed exactly once — calling body.string() twice or after closing throws IllegalStateException; buffer if you need to read multiple times
- ⚠ OkHttpClient should be a singleton — each instance has its own thread pool and connection pool; creating per-request causes resource leak
- ⚠ Synchronous execute() blocks the calling thread — on Android main thread this throws NetworkOnMainThreadException; always use enqueue() or run on background thread
- ⚠ WebSocket messages are delivered on OkHttp's internal thread — don't do UI work in onMessage callbacks without dispatching to main thread
- ⚠ Interceptors added via addInterceptor() fire on every call including retries; addNetworkInterceptor() fires on actual network calls only — choose appropriately for auth refresh logic
- ⚠ Response caching requires a Cache instance configured on the client AND server-side Cache-Control headers — caching is opt-in and requires correct server configuration
Alternatives
Full Evaluation Report
Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for OkHttp.
Scores are editorial opinions as of 2026-03-06.