Retrofit
Type-safe HTTP client for Android and Java/Kotlin. Retrofit turns REST API interfaces into callable Java/Kotlin objects using annotations (@GET, @POST, @Body, @Path) and converters (Gson, Moshi, Jackson). Eliminates manual HTTP parsing boilerplate — define an interface, Retrofit generates the implementation. The de facto standard for Android networking, used in virtually every Android app.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
TLS via OkHttp (configurable). Auth via Interceptors — tokens kept in memory/keystore. Square is security-conscious. Certificate pinning supported. No built-in secret storage.
⚡ Reliability
Best When
You're building an Android or JVM application that calls REST APIs and want type-safe interface definitions with automatic serialization/deserialization.
Avoid When
You need multiplatform (Android + iOS + JS) networking — use Ktor Client instead. Retrofit is JVM-only.
Use Cases
- • Define Android REST API clients as annotated Kotlin/Java interfaces — Retrofit generates the implementation with OkHttp and Gson/Moshi converters
- • Build type-safe API call wrappers for agent tools that target Android or JVM backends, with automatic request/response serialization
- • Integrate Retrofit with Kotlin coroutines (suspend functions) for non-blocking Android HTTP calls in agent workflows
- • Use Retrofit's RxJava adapter for reactive Android networking pipelines with Observable/Single return types
- • Generate mock API clients for testing Android agent implementations using Retrofit's MockRetrofit adapter
Not For
- • Non-Android/non-JVM environments — Retrofit is JVM-only; use Ktor, OkHttp directly, or kotlinx-ktor-client for multiplatform
- • WebSocket or streaming connections — Retrofit is HTTP request-response only; use OkHttp WebSocket API directly
- • GraphQL clients — use Apollo Android instead of Retrofit for GraphQL
Interface
Authentication
Retrofit itself has no auth — authentication is handled via OkHttp Interceptors (add Authorization headers, token refresh, etc.). Standard pattern: add an Authenticator or Interceptor to the OkHttpClient builder.
Pricing
Square open source library. Apache 2.0 license. No commercial restrictions.
Agent Metadata
Known Gotchas
- ⚠ Retrofit interfaces must be created via Retrofit.create(ApiService::class.java) — calling interface methods directly throws IllegalStateException
- ⚠ Converter order matters: if multiple converters are added (Gson + Moshi), Retrofit uses the first one that can handle the type — order is significant
- ⚠ Null body in responses: Response.body() can return null on empty responses (204, 205, or 304) — agents must null-check before accessing
- ⚠ Kotlin coroutine suspend functions require the retrofit2-kotlin-coroutines-adapter OR Retrofit 2.6+ which supports suspend natively
- ⚠ Error responses need manual parsing: errorBody() returns ResponseBody, not your error DTO — call errorBody?.string() then parse manually or use a custom CallAdapter
- ⚠ Retrofit requires all interface method parameters to be non-null by default — nullable parameters require @Nullable annotation or Kotlin ? types with appropriate handling
Alternatives
Full Evaluation Report
Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for Retrofit.
Scores are editorial opinions as of 2026-03-06.