OkHttp Interceptors with Retrofit
Retrofit is a popular, simple and flexible library to handle network requests in android development. The ability for it to be adapted to different use cases is quite amazing as you can inject custom OkHttpClient Interceptors to intercept, change or modify requests and responses, call adapter factory for supporting service method return types other than the usual Call as well as converter factory for serialization and deserialization of object using Gson, Moshi, Jackson etc.
In this post I’m going to show with an example how we can adapt OkHttpClient interceptors to encrypt and decrypt requests and responses to and from a server.
Use Case
Let’s assume that as part of the security routine or standards in your organization, requests and responses to and from the server must be encrypted over the network. How then do you handle such using the Retrofit library?
Interceptors to the Rescue
OkHttp library exposes an Interceptor interface which observes, modifies, and potentially short-circuits requests going out and the corresponding
responses coming back in. Typically interceptors add, remove, or transform headers on the request or response.
In this example, we would create an Encryption and Decryption class that implements the Interceptor interface and override the intercept method. It is in the overridden method that we’ll handle our encryption and decryption before passing the class as part of the OkHttpClient builder. Easy innit?
Let’s see this in code…
We’ll use a utility class that handles the encryption and decryption and also use Postman mock server to mock our request and response.
Note
The encryption/decryption mechanism used here is just to depict the whole process and should not be used for a production app. The necessary security documents of your firm should be consulted.
As stated, our mock Api would only accept an encrypted string as request as well as return an encrypted string as a response to the client.
Encryption Interceptor
Lets add our Encryption interceptor that implements the Interceptor interface as follows:
Decryption Interceptor
Likewise, the response from the server needs to be decrypted and parsed to the necessary object. Let’s create a Decryption interceptor as follows:
Retrofit Api Service
The Retrofit saveBook service saves a Book object to the server. But the Encryption class is meant to intercept and convert the Book object to an encrypted string.
OkHttp and Retrofit Client
With the interceptors created, we need to build the OkHttpClient and add the Encryption and Decryption interceptors. We need to be mindful of the order in which we add the interceptors. Ideally, a request is first made to the server which in turn responds with a response. So we need to add the Encryption interceptor before the Decryption interceptor since it works on response data.
Once the interceptors has been added to the OkHttpClient, we can now add the OkHttpClient to the Retrofit builder as can be seen below.
With the client in place, we can call the saveBook service in the MainActivity.java file as follows:
When you run the app, you’d find the something similar to the logs below
Conclusion
From the use case explained, it can be seen that OkHttp Interceptors offer developers a great tool to manipulate requests and responses as well as transform content of request headers.
There are other use cases for OkHttp Interceptors, do well to check them out.
