Going off of the above... if I have a single retrofitApiService instance, then acquire an auth token (because I logged in)... how would I go about adding it to my interceptor? Or is there basically no away around just creating a new retrofit service so that I can properly add the new auth interceptor after logging in?

You add the interceptor at the beginning and mutate its state later

Hm. Okay. It works in my app code, but it's not working in my test. Must be doing something wrong.

I usually do 2 retrofit/api one for the webservice that doesn’t require auth token, and another one with the ws that require auth

I did that for my old app. I wonder if I should do it here too. I thought a single api service would be easier.