Robust HTTP Client Design in Go
Daniel Hayes
Full-Stack Engineer · Leapcell
Introduction
In modern distributed systems, services frequently interact with each other over HTTP. While Go's net/http package provides a robust and efficient http.Client for making these requests, raw usage often falls short of production demands. Network calls are inherently unreliable; they can fail due to transient network issues, server overloads, or unexpected latencies. Without proper safeguards, these failures can propagate throughout a system, leading to cascading outages and a poor user experience. This article delves into how we can wrap Go’s standard http.Client to incorporate essential fault-tolerance patterns: retries, timeouts, and circuit breakers. By adopting these strategies, we can significantly improve the resilience and stability of our applications, ensuring reliable communication even in the face of adversity.
Core Concepts Explained
Before diving into the implementation details, let's clarify the core distributed system patterns we'll be discussing:
Timeout: A timeout defines the maximum duration an operation is allowed to take before it is aborted. Its primary purpose is to prevent a client from waiting indefinitely for a response, thus freeing up resources and preventing a backlog of stalled requests. There are generally two types: connection timeouts (for establishing a connection) and request timeouts (for the entire request-response cycle).
Retry: A retry mechanism automatically re-attempts a failed operation, assuming the failure might be transient. It's crucial to implement retries with an exponential backoff strategy and a maximum number of attempts to avoid overwhelming the target service and to give it time to recover. Not all errors are retryable; for instance, a 400 Bad Request won't magically become a 200 on retry.
Circuit Breaker: Inspired by electrical circuit breakers, this pattern prevents an application from repeatedly trying to execute an operation that is bound to fail. When a circuit breaker detects a high rate of failures, it "trips" (opens), immediately failing subsequent calls without attempting the operation. After a predefined interval, it transitions to a "half-open" state, allowing a limited number of test requests to pass through. If these succeed, the circuit "closes" again; otherwise, it returns to the open state. This pattern prevents cascading failures and gives the failing service time to recover.
Building a Resilient HTTP Client
Our goal is to create a decorator for http.Client that seamlessly integrates these fault-tolerance features. Let's design a custom HTTPClient interface and its implementation.
Initial Setup and Basic Client
First, we define a simple interface for our HTTP client to allow for easy mocking and testing.
package resilientclient import ( "net/http" "time" ) // HTTPClient interface defines the contract for our client type HTTPClient interface { Do(req *http.Request) (*http.Response, error) } // defaultClient wraps the standard http.Client type defaultClient struct { client *http.Client } // NewDefaultClient creates a new default client func NewDefaultClient(timeout time.Duration) HTTPClient { return &defaultClient{ client: &http.Client{ Timeout: timeout, // Basic request timeout Transport: &http.Transport{ MaxIdleConns: 100, IdleConnTimeout: 90 * time.Second, TLSHandshakeTimeout: 10 * time.Second, // More transport options can be added here }, }, } } // Do implements the HTTPClient interface for defaultClient func (c *defaultClient) Do(req *http.Request) (*http.Response, error) { return c.client.Do(req) }
Here, we've already introduced a basic request timeout via http.Client.Timeout. This is a good starting point for preventing indefinite waits.
Implementing Retries
Retries will wrap the Do method. We'll introduce a RetryClient that takes another HTTPClient as an argument.
package resilientclient import ( "fmt" "io" "io/ioutil" "log" "net/http" "time" ) // RetryConfig holds parameters for retry logic type RetryConfig struct { MaxRetries int InitialDelay time.Duration MaxDelay time.Duration // Add a predicate function if specific errors should not be retried ShouldRetry func(*http.Response, error) bool } // RetryClient provides retry logic for HTTP requests type RetryClient struct { delegate HTTPClient config RetryConfig } // NewRetryClient creates a new client with retry capabilities func NewRetryClient(delegate HTTPClient, config RetryConfig) *RetryClient { if config.MaxRetries == 0 { config.MaxRetries = 3 // Default retries } if config.InitialDelay == 0 { config.InitialDelay = 100 * time.Millisecond // Default initial delay } if config.MaxDelay == 0 { config.MaxDelay = 5 * time.Second // Default max delay } if config.ShouldRetry == nil { config.ShouldRetry = func(resp *http.Response, err error) bool { if err != nil { return true // Network errors are usually retryable } // Status codes indicating server-side issues (e.g., 5xx) return resp.StatusCode >= 500 } } return &RetryClient{ delegate: delegate, config: config, } } func (c *RetryClient) Do(req *http.Request) (*http.Response, error) { var ( resp *http.Response err error delay = c.config.InitialDelay ) for i := 0; i < c.config.MaxRetries; i++ { // Important: For requests with a body, we need to reset the body reader // for each retry, as the original reader will be consumed after the first attempt. if req.Body != nil { // Check if the body can be reset (e.g., *http.NoBody, bytes.Buffer, or a custom io.Seeker) if seeker, ok := req.Body.(io.Seeker); ok { _, seekErr := seeker.Seek(0, io.SeekStart) if seekErr != nil { return nil, fmt.Errorf("failed to seek request body: %w", seekErr) } } else { // If not seekable, read the body into memory and create a new NopCloser. // This is generally not ideal for large payloads, consider using `bytes.Buffer` // or `io.ReaderAt` for the original body if retries are expected. bodyBytes, readErr := ioutil.ReadAll(req.Body) if readErr != nil { return nil, fmt.Errorf("failed to read request body for retry: %w", readErr) } req.Body = ioutil.NopCloser(bytes.NewReader(bodyBytes)) } } resp, err = c.delegate.Do(req) if c.config.ShouldRetry(resp, err) { log.Printf("Request failed (attempt %d/%d), retrying in %v. Error: %v", i+1, c.config.MaxRetries, delay, err) time.Sleep(delay) delay = time.Duration(float64(delay) * 2) // Exponential backoff if delay > c.config.MaxDelay { delay = c.config.MaxDelay } continue } return resp, err // Success or non-retryable error } return resp, err // Return the last response/error if all retries fail }
Important consideration for request bodies: When retrying requests that send a body (e.g., POST, PUT), the req.Body (which is an io.ReadCloser) is consumed after the first Do call. For subsequent retries, the body would be empty, leading to incorrect requests. The provided code attempts to handle this by either seeking back the body if it's an io.Seeker or by reading the entire body into memory to create a new NopCloser. For large bodies, reading into memory can be inefficient, so designing the original http.Request body to be seekable (e.g., using bytes.Buffer) is preferable.
Implementing Circuit Breaker
For circuit breakers, we can leverage a mature library like sony/gobreaker. This library provides a robust implementation of the circuit breaker pattern.
package resilientclient import ( "fmt" "net/http" "time" "github.com/sony/gobreaker" ) // CircuitBreakerClient wraps an HTTPClient with circuit breaking logic type CircuitBreakerClient struct { delegate HTTPClient breaker *gobreaker.CircuitBreaker } // NewCircuitBreakerClient creates a new client with circuit breaker capabilities func NewCircuitBreakerClient(delegate HTTPClient, settings gobreaker.Settings) *CircuitBreakerClient { if settings.Name == "" { settings.Name = "default-circuit-breaker" } if settings.Timeout == 0 { settings.Timeout = 60 * time.Second // How long to wait in 'open' state before attempting 'half-open' } if settings.MaxRequests == 0 { settings.MaxRequests = 1 // Allow 1 request in 'half-open' state } if settings.Interval == 0 { settings.Interval = 5 * time.Second // Time until reset of counts } if settings.ReadyToTrip == nil { settings.ReadyToTrip = func(counts gobreaker.Counts) bool { failureRatio := float64(counts.TotalFailures) / float64(counts.Requests) // Trip if there are at least 3 requests and 60% of them failed return counts.Requests >= 3 && failureRatio >= 0.6 } } return &CircuitBreakerClient{ delegate: delegate, breaker: gobreaker.NewCircuitBreaker(settings), } } func (c *CircuitBreakerClient) Do(req *http.Request) (*http.Response, error) { // The Execute method calls the provided function if the breaker is closed or half-open. // If the breaker is open, it immediately returns gobreaker.ErrOpenState. result, err := c.breaker.Execute(func() (interface{}, error) { resp, err := c.delegate.Do(req) if err != nil { // Errors from the delegate (like network errors, timeouts) should be counted as failures return nil, err } // For circuit breakers, we also consider server-side errors (5xx) as failures if resp.StatusCode >= 500 { // Important: To prevent resource leaks, read and close the body even on error // if you are only returning nil for the interface. // Or, ideally, return the *http.Response as the interface{} and let the caller // handle the body if it fails, which is cleaner. // For simplicity here, we'll indicate failure. return resp, fmt.Errorf("server error: %d", resp.StatusCode) } return resp, nil }) if err != nil { if err == gobreaker.ErrOpenState { return nil, fmt.Errorf("circuit breaker is open: %w", err) } // If it's a server error or a network error, we return the original error. // If the error was a server error we formatted, we can extract the response // if we returned it as the interface{}. if resp, ok := result.(*http.Response); ok && resp != nil { return resp, err // Return the response received before circuit trip consideration } return nil, err } return result.(*http.Response), nil }
The gobreaker library handles the state transitions (closed, open, half-open) and failure counting automatically. We configure it with gobreaker.Settings to define thresholds for tripping and recovery. The Execute method takes a function that performs the actual operation and returns interface{}, error. The gobreaker library uses the returned error to determine if the operation failed.
Chaining Them Together
The beauty of this decorator pattern is that we can chain these clients together. A typical setup would be: CircuitBreakerClient wrapping RetryClient wrapping DefaultClient. This ensures that:
- Before even trying, the circuit breaker checks if the remote service is likely down.
- If the circuit is closed (or half-open), the request proceeds to the retry logic.
- The retry logic handles transient failures with backoff.
- The underlying
defaultClienthandles the actual HTTP request with its base timeout.
package main import ( "fmt" "io" "log" "net/http" "time" "github.com/sony/gobreaker" "your_module_path/resilientclient" // Assuming resilientclient is in a subpackage ) func main() { // 1. Create the base client with a default timeout baseClient := resilientclient.NewDefaultClient(5 * time.Second) // 2. Wrap with retry logic retryConfig := resilientclient.RetryConfig{ MaxRetries: 5, InitialDelay: 200 * time.Millisecond, MaxDelay: 10 * time.Second, ShouldRetry: func(resp *http.Response, err error) bool { if err != nil { return true // Retry on network errors } // Only retry on specific server errors or too many requests return resp.StatusCode == http.StatusTooManyRequests || resp.StatusCode >= http.StatusInternalServerError }} retryClient := resilientclient.NewRetryClient(baseClient, retryConfig) // 3. Wrap with circuit breaker cbSettings := gobreaker.Settings{ Name: "ExternalService", MaxRequests: 3, // Allow 3 requests in half-open state Interval: 5 * time.Second, // Reset counts every 5 seconds Timeout: 30 * time.Second, // Open for 30 seconds before half-open attempt ReadyToTrip: func(counts gobreaker.Counts) bool { failureRatio := float64(counts.TotalFailures) / float64(counts.Requests) return counts.Requests >= 10 && failureRatio >= 0.3 // Trip if 30% of 10 requests fail }, } resilientHttClient := resilientclient.NewCircuitBreakerClient(retryClient, cbSettings) // Example usage for i := 0; i < 20; i++ { req, err := http.NewRequest("GET", "http://localhost:8080/api/data", nil) if err != nil { log.Fatalf("Error creating request: %v", err) } log.Printf("Making request %d...", i+1) resp, err := resilientHttClient.Do(req) if err != nil { log.Printf("Request %d ERROR: %v", i+1, err) time.Sleep(500 * time.Millisecond) // Simulate some delay between calls continue } defer resp.Body.Close() body, _ := io.ReadAll(resp.Body) log.Printf("Request %d SUCCESS: Status %d, Body: %s", i+1, resp.StatusCode, string(body)) time.Sleep(500 * time.Millisecond) } }
This main function demonstrates how to construct and use our resilientHttClient. You would typically replace http://localhost:8080/api/data with your actual service endpoint.
Application Scenarios
This pattern is invaluable for:
- Microservices Communication: Ensuring service-to-service calls remain stable despite network hiccups or temporary overload of dependencies.
- External API Integrations: Reliably consuming third-party APIs that might be rate-limited or occasionally unstable.
- Database Interactions (indirectly): While
http.Clientisn't for direct database interaction, if a service exposes an HTTP API that fronts a database, these patterns protect against database-related service failures.
Conclusion
By programmatically wrapping Go's standard http.Client with retry, timeout, and circuit breaker logic, we've transformed a basic HTTP client into a production-ready, fault-tolerant component. This layered approach, using the decorator pattern, keeps concerns separate and makes our code more maintainable and robust. Implementing these patterns is not just about handling errors; it's about building resilient systems that gracefully degrade and recover, ensuring continuous operation even in challenging distributed environments. Robustness is not optional; it is fundamental to reliable distributed systems.
Share this article
![x](data:image/svg+xml;utf8,<svg xmlns="http://www.w3.org/2000/svg" viewbox="0 0 64 64" width="64" height="64" fill-rule="evenodd"><g fill="%23ffffff"><path d="M0,0H64V64H0ZM0 0v64h64V0zm16 17.537h10.125l6.992 9.242 8.084-9.242h4.908L35.39 29.79 48 46.463h-9.875l-7.734-10.111-8.85 10.11h-4.908l11.465-13.105zm5.73 2.783 17.75 23.205h2.72L24.647 20.32z" /></g><g fill="%23000000"><path d="M0 0v64h64V0zm16 17.537h10.125l6.992 9.242 8.084-9.242h4.908L35.39 29.79 48 46.463h-9.875l-7.734-10.111-8.85 10.11h-4.908l11.465-13.105zm5.73 2.783 17.75 23.205h2.72L24.647 20.32z" /></g></svg>){kind=small}
![facebook](data:image/svg+xml;utf8,<svg xmlns="http://www.w3.org/2000/svg" viewbox="0 0 64 64" width="64" height="64" fill-rule="evenodd"><g fill="%23ffffff"><path d="M0,0H64V64H0ZM0 0v64h64V0zm39.6 22h-2.8c-2.2 0-2.6 1.1-2.6 2.6V28h5.3l-.7 5.3h-4.6V47h-5.5V33.3H24V28h4.6v-4c0-4.6 2.8-7 6.9-7 2 0 3.6.1 4.1.2z" /></g><g fill="%233b5998"><path d="M0 0v64h64V0zm39.6 22h-2.8c-2.2 0-2.6 1.1-2.6 2.6V28h5.3l-.7 5.3h-4.6V47h-5.5V33.3H24V28h4.6v-4c0-4.6 2.8-7 6.9-7 2 0 3.6.1 4.1.2z" /></g></svg>){kind=small}
![linkedin](data:image/svg+xml;utf8,<svg xmlns="http://www.w3.org/2000/svg" viewbox="0 0 64 64" width="64" height="64" fill-rule="evenodd"><g fill="%23ffffff"><path d="M0,0H64V64H0ZM0 0v64h64V0zm25.8 44h-5.4V26.6h5.4zm-2.7-19.7c-1.7 0-3.1-1.4-3.1-3.1s1.4-3.1 3.1-3.1 3.1 1.4 3.1 3.1-1.4 3.1-3.1 3.1M46 44h-5.4v-8.4c0-2 0-4.6-2.8-4.6s-3.2 2.2-3.2 4.5V44h-5.4V26.6h5.2V29h.1c.7-1.4 2.5-2.8 5.1-2.8 5.5 0 6.5 3.6 6.5 8.3V44z" /></g><g fill="%23007fb1"><path d="M0 0v64h64V0zm25.8 44h-5.4V26.6h5.4zm-2.7-19.7c-1.7 0-3.1-1.4-3.1-3.1s1.4-3.1 3.1-3.1 3.1 1.4 3.1 3.1-1.4 3.1-3.1 3.1M46 44h-5.4v-8.4c0-2 0-4.6-2.8-4.6s-3.2 2.2-3.2 4.5V44h-5.4V26.6h5.2V29h.1c.7-1.4 2.5-2.8 5.1-2.8 5.5 0 6.5 3.6 6.5 8.3V44z" /></g></svg>){kind=small}
![reddit](data:image/svg+xml;utf8,<svg xmlns="http://www.w3.org/2000/svg" viewbox="0 0 64 64" width="64" height="64" fill-rule="evenodd"><g fill="%23ffffff"><path d="M0,0H64V64H0ZM0 0v64h64V0zm53.344 32a4.67 4.67 0 0 0-7.903-3.2 22.77 22.77 0 0 0-12.32-3.937L35.2 14.88l6.848 1.441a3.2 3.2 0 0 0 3.02 2.852 3.2 3.2 0 1 0-2.602-4.805l-7.84-1.566a1 1 0 0 0-.754.136.98.98 0 0 0-.43.63l-2.37 11.105a22.8 22.8 0 0 0-12.477 3.937 4.672 4.672 0 1 0-5.152 7.648q-.06.704 0 1.407c0 7.168 8.351 12.992 18.656 12.992 10.3 0 18.656-5.824 18.656-12.992a9.4 9.4 0 0 0 0-1.406A4.68 4.68 0 0 0 53.344 32m-32 3.2a3.198 3.198 0 1 1 6.398 0 3.195 3.195 0 0 1-3.199 3.198c-1.766 0-3.2-1.43-3.2-3.199M39.938 44a12.3 12.3 0 0 1-7.907 2.465A12.3 12.3 0 0 1 24.13 44a.87.87 0 0 1 .055-1.16.87.87 0 0 1 1.16-.055A10.48 10.48 0 0 0 32 44.801a10.5 10.5 0 0 0 6.688-1.953.9.9 0 0 1 1.265.015.9.9 0 0 1-.016 1.266Zm-.579-5.473a3.2 3.2 0 0 1-3.199-3.199 3.198 3.198 0 1 1 6.398 0 3.2 3.2 0 0 1-3.23 3.328Zm0 0" /></g><g fill="%23FF4500"><path d="M0 0v64h64V0zm53.344 32a4.67 4.67 0 0 0-7.903-3.2 22.77 22.77 0 0 0-12.32-3.937L35.2 14.88l6.848 1.441a3.2 3.2 0 0 0 3.02 2.852 3.2 3.2 0 1 0-2.602-4.805l-7.84-1.566a1 1 0 0 0-.754.136.98.98 0 0 0-.43.63l-2.37 11.105a22.8 22.8 0 0 0-12.477 3.937 4.672 4.672 0 1 0-5.152 7.648q-.06.704 0 1.407c0 7.168 8.351 12.992 18.656 12.992 10.3 0 18.656-5.824 18.656-12.992a9.4 9.4 0 0 0 0-1.406A4.68 4.68 0 0 0 53.344 32m-32 3.2a3.198 3.198 0 1 1 6.398 0 3.195 3.195 0 0 1-3.199 3.198c-1.766 0-3.2-1.43-3.2-3.199M39.938 44a12.3 12.3 0 0 1-7.907 2.465A12.3 12.3 0 0 1 24.13 44a.87.87 0 0 1 .055-1.16.87.87 0 0 1 1.16-.055A10.48 10.48 0 0 0 32 44.801a10.5 10.5 0 0 0 6.688-1.953.9.9 0 0 1 1.265.015.9.9 0 0 1-.016 1.266Zm-.579-5.473a3.2 3.2 0 0 1-3.199-3.199 3.198 3.198 0 1 1 6.398 0 3.2 3.2 0 0 1-3.23 3.328Zm0 0" /></g></svg>){kind=small}
![telegram](data:image/svg+xml;utf8,<svg xmlns="http://www.w3.org/2000/svg" viewbox="0 0 64 64" width="64" height="64" fill-rule="evenodd"><g fill="%23ffffff"><path d="M0,0H64V64H0ZM0 0v64h64V0zm11.887 33.477c3.73-2.055 7.894-3.77 11.785-5.497 6.695-2.824 13.414-5.597 20.203-8.18 1.324-.44 3.695-.87 3.93 1.087-.13 2.773-.653 5.527-1.012 8.281-.914 6.055-1.969 12.094-2.996 18.133-.356 2.008-2.875 3.05-4.488 1.761-3.871-2.613-7.778-5.207-11.598-7.882-1.254-1.274-.094-3.102 1.027-4.012 3.188-3.145 6.575-5.816 9.598-9.121.816-1.973-1.594-.313-2.39.2-4.368 3.007-8.63 6.202-13.235 8.847-2.352 1.297-5.094.187-7.445-.535-2.11-.871-5.2-1.75-3.38-3.082m0 0" /></g><g fill="%2349a9e9"><path d="M0 0v64h64V0zm11.887 33.477c3.73-2.055 7.894-3.77 11.785-5.497 6.695-2.824 13.414-5.597 20.203-8.18 1.324-.44 3.695-.87 3.93 1.087-.13 2.773-.653 5.527-1.012 8.281-.914 6.055-1.969 12.094-2.996 18.133-.356 2.008-2.875 3.05-4.488 1.761-3.871-2.613-7.778-5.207-11.598-7.882-1.254-1.274-.094-3.102 1.027-4.012 3.188-3.145 6.575-5.816 9.598-9.121.816-1.973-1.594-.313-2.39.2-4.368 3.007-8.63 6.202-13.235 8.847-2.352 1.297-5.094.187-7.445-.535-2.11-.871-5.2-1.75-3.38-3.082m0 0" /></g></svg>){kind=small}
