Debug Retrofit 2’s API Call with OkHttp Logging Interceptor

Retrofit 1 has a built-in log feature for debugging requests and responses. However, this feature was removed in Retrofit 2. Based on the community’s request, the developers of OkHttp made a logging interceptor.

OkHttp Logging Interceptor is an OkHttp interceptor that logs HTTP requests and response data.

You need to install OkHttp and its logging interceptor

implementation 'com.squareup.okhttp3:okhttp:4.0.1'
implementation 'com.squareup.okhttp3:logging-interceptor:4.0.1'

Here is my Retrofit code in Kotlin:

val interceptor = HttpLoggingInterceptor()
interceptor.level = HttpLoggingInterceptor.Level.BODY
val client = OkHttpClient.Builder().addInterceptor(interceptor).build()
val retrofit = Retrofit.Builder()

How the log looks like:

019-08-12 11:33:21.387 2744-2862/ D/OkHttp: <-- 200 OK http://website/api/logout (140ms)
2019-08-12 11:33:21.387 2744-2862/ D/OkHttp: Date: Mon, 12 Aug 2019 04:33:24 GMT
2019-08-12 11:33:21.388 2744-2862/ D/OkHttp: Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.6.30 mod_python/3.5.0- Python/2.7.5
2019-08-12 11:33:21.388 2744-2862/ D/OkHttp: X-Powered-By: PHP/7.3.5
2019-08-12 11:33:21.388 2744-2862/ D/OkHttp: Cache-Control: no-cache, private
2019-08-12 11:33:21.388 2744-2862/ D/OkHttp: X-RateLimit-Limit: 60
2019-08-12 11:33:21.389 2744-2862/ D/OkHttp: X-RateLimit-Remaining: 59
2019-08-12 11:33:21.389 2744-2862/ D/OkHttp: Vary: Authorization
2019-08-12 11:33:21.389 2744-2862/ D/OkHttp: Keep-Alive: timeout=5, max=100
2019-08-12 11:33:21.390 2744-2862/ D/OkHttp: Connection: Keep-Alive
2019-08-12 11:33:21.390 2744-2862/ D/OkHttp: Transfer-Encoding: chunked
2019-08-12 11:33:21.391 2744-2862/ D/OkHttp: Content-Type: text/html; charset=UTF-8
2019-08-12 11:33:21.393 2744-2862/ D/OkHttp: You have been succesfully logged out!
2019-08-12 11:33:21.393 2744-2862/ D/OkHttp: <-- END HTTP (37-byte body)

The interceptor has 4 log levels: NONE, BASIC, HEADERS, BODY. The 2 log levels, HEADERS and BODY , have the potential to leak sensitive information such as “Authorization” or “Cookie” headers and the contents of the request and response bodies so don’t use them in a production release.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.