Quick answer: OCPP (Open Charge Point Protocol) is an open WebSocket-based protocol from the Open Charge Alliance that lets EV chargers communicate with a backend platform (a CSMS). It standardizes how a charger registers, authorizes users, runs transactions, reports meter values, and applies smart charging — across vendors. The two production versions are OCPP 1.6 (the most widely deployed) and OCPP 2.0.1 (the modern standard with mandatory security profiles, a device model, and ISO 15118 support).
OCPP (Open Charge Point Protocol) is the standard that lets EV chargers communicate with a backend platform such as a CSMS (Charging Station Management System). Maintained by the Open Charge Alliance (OCA), OCPP allows chargers from different manufacturers to connect to compatible software without proprietary lock-in, which is why it underpins most modern EV charging networks.
According to the Open Charge Alliance, OCPP is used by 200+ charge point operators across more than 80 countries, and every major charger manufacturer --- ABB, Schneider Electric, EVBox, Wallbox, Alfen, Tritium, Kempower, and Autel --- ships hardware with OCPP support built in. The specifications themselves run to several hundred pages: OCPP 1.6 Edition 2 defines 28 unique core actions (10 charger-initiated, 19 CSMS-initiated counting DataTransfer once) plus 11 more in the Security Whitepaper edition 2, while OCPP 2.0.1 Edition 2 defines 64 operations across 16 functional blocks (per the official Part 6 test cases).
If you are evaluating implementation or QA work right now, go straight to OCPP 1.6 testing, OCPP 2.0.1 testing, or platform features.
Why OCPP Exists
Before OCPP, every EV charger manufacturer built proprietary communication protocols. A ChargePoint station could only talk to ChargePoint's backend. An ABB charger required ABB's software. This created four systemic problems:
- Vendor lock-in: Operators were permanently tied to a single manufacturer's ecosystem for both hardware and software.
- No interoperability: Running a mixed-brand charging network was either impossible or required expensive custom integrations for each charger model.
- High integration costs: Every new charger model demanded months of bespoke protocol development, driving up costs for CSMS vendors.
- Slow innovation: Closed systems meant features developed by one vendor stayed siloed, and the industry moved slowly as a result.
The Open Charge Alliance (OCA), founded in 2012 in the Netherlands, created OCPP to solve these problems with a single, open, royalty-free standard. The specifications are freely available from the OCA at openchargealliance.org/protocols/ocpp/. Today, OCPP is mandated or strongly encouraged by public funding programs across the EU, UK, and parts of the United States (notably California's NEVI program), making it the de facto global standard for EV charger communication.
How OCPP Works
OCPP operates on a client-server architecture where the charge point (the physical charger) acts as the client and the CSMS acts as the server. Communication flows over persistent WebSocket connections, enabling real-time bidirectional messaging between charger and backend.
Connection Lifecycle
The WebSocket connection lifecycle follows a predictable pattern:
- DNS resolution and TCP handshake: The charger resolves the CSMS hostname and establishes a TCP connection to the configured endpoint (typically
wss://csms.example.com/ocpp/). - TLS negotiation (if using
wss://): The charger and server negotiate a secure TLS session. OCPP 2.0.1 defines three specific security profiles governing this step. - WebSocket upgrade: The charger sends an HTTP Upgrade request with
Sec-WebSocket-Protocol: ocpp1.6orocpp2.0.1. The server validates the charger's identity (often from the URL path, e.g.,/ocpp/CP001) and accepts or rejects the upgrade. - BootNotification: Immediately after the WebSocket is established, the charger sends a
BootNotificationmessage containing its vendor, model, serial number, and firmware version. The CSMS responds withAccepted,Pending, orRejectedalong with a heartbeat interval. - Steady-state communication: Both sides exchange messages over the persistent connection. The charger sends periodic
Heartbeatmessages to confirm connectivity. Either side can initiate requests at any time. - Reconnection: If the connection drops, the charger automatically reconnects using configurable retry logic with exponential backoff.
For a deep dive into WebSocket connection management, error handling, and reconnection strategies, see our OCPP WebSocket guide.
Request-Response Pattern
Every OCPP interaction follows a strict request-response pattern using JSON-RPC-style framing over WebSocket. Messages are JSON arrays with a specific structure:
Call (Request):
[2, "unique-message-id", "BootNotification", {"chargePointVendor": "OCPPLab", "chargePointModel": "Emulator"}]2= Message type (Call)"unique-message-id"= Unique identifier for correlation"BootNotification"= Action name{...}= Payload
CallResult (Successful Response):
[3, "unique-message-id", {"status": "Accepted", "currentTime": "2025-02-20T10:00:00Z", "interval": 300}]3= Message type (CallResult)- Same message ID as the originating Call
{...}= Response payload
CallError (Error Response):
[4, "unique-message-id", "FormationViolation", "Invalid payload", {}]4= Message type (CallError)- Standard error codes like
NotImplemented,NotSupported,InternalError,ProtocolError,SecurityError, andFormationViolation
Each side can only have one outstanding request at a time per the specification (though some implementations relax this). A request must receive a response within a configurable timeout, typically 30 seconds.
OCPP Versions: A Complete History
The protocol has evolved through several versions, each addressing limitations of its predecessor:
| Version | Year | Transport | Status |
|---|---|---|---|
| OCPP 1.2 | 2010 | SOAP/XML | Legacy, rarely seen |
| OCPP 1.5 | 2012 | SOAP/XML | Legacy, still in some older deployments |
| OCPP 1.6 | 2015 | SOAP or WebSocket/JSON | Most widely deployed version globally |
| OCPP 2.0 | 2018 | WebSocket/JSON | Superseded by 2.0.1, never widely adopted |
| OCPP 2.0.1 | 2020 | WebSocket/JSON | Latest stable version, growing adoption |
For a detailed feature-by-feature comparison, see our dedicated OCPP 1.6 vs 2.0.1 comparison.
If you are evaluating tooling rather than protocol features, see best OCPP emulators compared.
OCPP 1.6
Released in 2015, OCPP 1.6 remains the most widely deployed version. The OCA estimates that over 85% of OCPP-connected chargers in the field run version 1.6. It introduced JSON over WebSocket as a transport option alongside the original SOAP/XML format, which dramatically simplified implementations.
Key capabilities of OCPP 1.6:
- Smart Charging: Basic charging profile management with
SetChargingProfileandClearChargingProfile - Remote Operations: Start and stop transactions remotely, reset chargers, unlock connectors
- Authorization: Local authorization list management and remote ID tag validation
- Firmware Management: Remote firmware updates and diagnostics file uploads
- Meter Values: Periodic and transaction-based energy measurement reporting
- Reservation: Reserve a connector for a specific ID tag
OCPP 1.6 core defines 28 unique actions split between charger-initiated and CSMS-initiated operations (with DataTransfer going in both directions). The optional Security Whitepaper edition 2 extension adds 11 more — signed firmware, certificate management, log upload, and SecurityEventNotification — for a total of about 39 when both are implemented.
OCPP 2.0.1
OCPP 2.0.1 represents a ground-up rearchitecture of the protocol. Released in 2020, it addresses the most significant gaps in 1.6 while adding support for modern EV charging requirements like Plug & Charge (ISO 15118) and vehicle-to-grid (V2G).
Key improvements over 1.6:
- Device Model: A comprehensive, standardized data model for charger configuration --- replacing the ad-hoc key-value approach in 1.6 with a structured component/variable hierarchy
- ISO 15118 Support: Native support for certificate-based vehicle authentication, enabling true Plug & Charge without RFID cards
- Security Profiles: Three defined security levels with mandatory TLS, signed firmware updates, and secure boot chains
- Transaction Handling: Redesigned transaction event model that eliminates the "hanging transaction" problem in 1.6 where a
StopTransactionmessage lost in transit could leave a transaction open indefinitely - Display Messages: Remote control of charger screen content for pricing information, instructions, or advertisements
- Cost and Tariff: Real-time cost updates sent to the charger during a transaction
- Improved Smart Charging: Composite charging schedules, external power limits, and better integration with energy management systems
OCPP 2.0.1 defines over 50 messages, more than double the count in 1.6.
OCPP 1.6 vs 2.0.1: Detailed Comparison
| Feature | OCPP 1.6 | OCPP 2.0.1 |
|---|---|---|
| Transport | WebSocket/JSON or SOAP/XML | WebSocket/JSON only |
| Security | Optional TLS in core; Profiles 0–3 via Security Whitepaper edition 2 (opt-in) | Mandatory security profiles (1/2/3) |
| ISO 15118 | No native support (hacky DataTransfer workarounds) |
Full native support for Plug & Charge |
| Smart Charging | Single ChargingProfile stack per connector |
Composite schedules, EVSE-level and station-level profiles |
| Device Management | GetConfiguration/ChangeConfiguration with flat key-value pairs |
Structured Device Model with Components and Variables |
| Transaction Model | StartTransaction + StopTransaction (paired messages) |
TransactionEvent (single message type with Started/Updated/Ended) |
| Message Format | JSON arrays [2, id, action, payload] |
Same JSON array format, backward-compatible framing |
| Message Count | 28 core actions (39 with Security Whitepaper edition 2) | 60+ actions |
| Firmware Update | Basic via UpdateFirmware; SignedUpdateFirmware available via Security Whitepaper edition 2 |
Signed firmware with certificate validation |
| Display Messages | Not supported | SetDisplayMessage, GetDisplayMessages, ClearDisplayMessage |
| Cost Information | Not supported | Running cost and final cost sent to charger |
| Reservation | Reserve single connector | Reserve EVSE with connector type preference |
| Connector Model | Flat: ChargePoint has Connectors | Hierarchical: Station > EVSE > Connector |
| Logging | GetDiagnostics in core; GetLog / LogStatusNotification via Security Whitepaper edition 2 |
GetLog with structured log types (diagnostics, security) |
| Certificate Management | Not in core; full cert lifecycle (InstallCertificate, SignCertificate, CertificateSigned, DeleteCertificate, GetInstalledCertificateIds) available via Security Whitepaper edition 2 |
Full certificate lifecycle management |
| Local Auth List | Basic ID tag list | Extended with ID token types and grouping |
| Error Handling | Limited; lost StopTransaction causes orphan transactions |
Sequence numbers and event-based model prevent data loss |
OCPP Message Types: Complete Reference
OCPP 1.6 Messages
Charger-initiated (Charge Point to CSMS):
| Message | Purpose |
|---|---|
Authorize |
Validate an RFID tag or other credential before allowing charging |
BootNotification |
Register with the CSMS on startup, report vendor/model/firmware |
DataTransfer |
Vendor-specific data exchange (escape hatch for custom features) |
DiagnosticsStatusNotification |
Report status of a diagnostics upload |
FirmwareStatusNotification |
Report status of a firmware update |
Heartbeat |
Periodic keep-alive; CSMS responds with current time for clock sync |
MeterValues |
Report energy consumption, power, voltage, current, temperature, SoC |
StartTransaction |
Notify CSMS that a charging session has started |
StatusNotification |
Report connector status changes (Available, Charging, Faulted, etc.) |
StopTransaction |
Notify CSMS that a charging session has ended, include final meter value |
CSMS-initiated (CSMS to Charge Point):
| Message | Purpose |
|---|---|
CancelReservation |
Cancel a previously made reservation |
ChangeAvailability |
Set a connector to operative or inoperative |
ChangeConfiguration |
Modify a configuration key on the charger |
ClearCache |
Clear the charger's local authorization cache |
ClearChargingProfile |
Remove one or more charging profiles |
DataTransfer |
Vendor-specific data exchange |
GetCompositeSchedule |
Retrieve the combined effective charging schedule |
GetConfiguration |
Read configuration key values from the charger |
GetDiagnostics |
Request the charger to upload diagnostics logs |
GetLocalListVersion |
Check version number of the local authorization list |
RemoteStartTransaction |
Remotely start a charging session |
RemoteStopTransaction |
Remotely stop a charging session |
ReserveNow |
Reserve a connector for a specific ID tag |
Reset |
Soft or hard reset the charger |
SendLocalList |
Update or replace the local authorization list |
SetChargingProfile |
Install a charging profile for load management |
TriggerMessage |
Request the charger to send a specific message (e.g., StatusNotification) |
UnlockConnector |
Remotely unlock the charging cable connector |
UpdateFirmware |
Instruct the charger to download and install new firmware |
OCPP 2.0.1 Messages (Selected Key Additions)
OCPP 2.0.1 retains the concepts from 1.6 but reorganizes and extends them significantly. Notable new or redesigned messages include:
| Message | Purpose |
|---|---|
TransactionEvent |
Replaces StartTransaction/StopTransaction with a unified event model |
SetVariables / GetVariables |
Replace ChangeConfiguration/GetConfiguration with structured device model access |
GetBaseReport |
Request a full dump of the charger's device model |
NotifyReport |
Charger sends device model data in response to GetBaseReport |
RequestStartTransaction / RequestStopTransaction |
Renamed remote start/stop with enhanced parameters |
SetDisplayMessage |
Display custom messages on the charger screen |
CostUpdated |
Send running cost information during a transaction |
SetChargingProfile |
Enhanced with composite schedule support and EVSE-level targeting |
GetCompositeSchedule |
Returns the effective composite from all stacked profiles |
SetNetworkProfile |
Configure charger network settings remotely |
InstallCertificate / DeleteCertificate / GetInstalledCertificateIds |
Full certificate lifecycle management |
SignCertificate |
Charger requests a new certificate from the CSMS |
Get15118EVCertificate |
ISO 15118 certificate provisioning for Plug & Charge |
NotifyEVChargingNeeds |
Vehicle communicates its charging requirements via ISO 15118 |
ClearedChargingLimit |
External charging limit has been removed |
NotifyChargingLimit |
Report external limits imposed by energy management |
ReportChargingProfiles |
Charger reports all installed charging profiles |
CustomerInformation |
Retrieve or clear customer-related data stored on the charger |
LogStatusNotification |
Report status of a log upload operation |
SecurityEventNotification |
Report security-related events (tamper detection, auth failures) |
OCPP Security Profiles
OCPP 2.0.1 defines three security profiles that provide escalating levels of protection. Security was one of the weakest areas in OCPP 1.6, where TLS was optional and most deployments ran unencrypted WebSocket connections.
Security Profile 1: Basic Authentication
Security Profile 1 uses unsecured transport (ws://) with HTTP Basic Authentication. The charger sends a username (typically the charge point identity) and password in the WebSocket handshake headers.
- Transport: Unencrypted WebSocket (
ws://) - Authentication: HTTP Basic Auth (password in Authorization header)
- Use case: Lab environments, isolated private networks
- Risk: Credentials and all OCPP messages travel in plaintext; vulnerable to interception
This profile exists primarily for backward compatibility and testing. It should never be used in production deployments over public networks.
Security Profile 2: TLS with Basic Authentication
Security Profile 2 adds TLS encryption while retaining password-based authentication. The charger validates the CSMS server certificate against a trusted root, ensuring it connects to the legitimate backend.
- Transport: Encrypted WebSocket (
wss://) with server-side TLS - Authentication: HTTP Basic Auth over TLS
- Certificate: Charger validates CSMS server certificate
- Use case: Production deployments where client certificate management is not feasible
- Advantage: All traffic is encrypted; CSMS identity is verified
Security Profile 3: TLS with Client-Side Certificates
Security Profile 3 provides mutual TLS (mTLS) authentication. Both the charger and the CSMS present and validate X.509 certificates, providing the strongest available authentication.
- Transport: Encrypted WebSocket (
wss://) with mutual TLS - Authentication: Client certificate (charger) + server certificate (CSMS)
- Certificate management: Requires PKI infrastructure for provisioning, rotating, and revoking charger certificates
- Use case: High-security deployments, public charging infrastructure, compliance-driven environments
- Advantage: Eliminates password-based vulnerabilities; cryptographic identity verification for both endpoints
Additionally, OCPP 2.0.1 mandates signed firmware updates. The charger validates the cryptographic signature of firmware binaries before installation, preventing malicious firmware injection --- a critical concern for internet-connected devices on public infrastructure.
Smart Charging with OCPP
Smart charging is one of OCPP's most important features. It enables dynamic power management across a charging site, balancing grid constraints, energy costs, renewable availability, and vehicle needs.
How SetChargingProfile Works
A charging profile defines a power or current limit over time. The CSMS sends a SetChargingProfile message to the charger containing:
- Stack level: Priority of this profile (higher levels override lower ones)
- Charging profile purpose:
ChargePointMaxProfile(site-level limit),TxDefaultProfile(default for new transactions), orTxProfile(specific to an active transaction) - Charging schedule: A time-based series of power or current limits
Example: A site with 150 kW of available grid capacity and 4 DC fast chargers can use ChargePointMaxProfile to distribute power dynamically. When one charger is idle, the others can draw more. When all four are active, each gets 37.5 kW. When grid load peaks, the CSMS can reduce the site limit to 100 kW, and the charger recalculates the composite schedule.
In OCPP 1.6, charging profiles operate at the connector level with a simple stack. In OCPP 2.0.1, the system is significantly more capable:
- EVSE-level and station-level profiles: Apply limits at different points in the hierarchy
- Composite schedule calculation: The charger computes the effective limit from all active profiles, and the CSMS can query this composite via
GetCompositeSchedule - External limits: The charger can report constraints from an external energy management system via
NotifyChargingLimit - Absolute and relative schedules: Profiles can be tied to absolute timestamps or relative to transaction start
Smart charging is essential for fleet depot charging, workplace charging, and residential multi-unit installations where grid capacity is shared.
Who Uses OCPP?
OCPP adoption spans the entire EV charging value chain.
Charge Point Operators (CPOs)
CPOs deploy and manage physical charging infrastructure. Major CPOs running OCPP-connected networks include:
- ChargePoint (North America, Europe) --- operates one of the largest OCPP-connected networks globally
- Fastned (Europe) --- high-power fast charging along highways
- EVgo (United States) --- fast charging network with over 950 locations
- Allego (Europe) --- pan-European charging network
- Shell Recharge / Ubitricity (Global) --- leveraging OCPP to unify charger management across acquired brands
- bp pulse (Europe, North America) --- rapidly expanding OCPP-connected infrastructure
CSMS Vendors
Software companies building charging station management systems that communicate with chargers via OCPP:
- Driivz (acquired by Vontier)
- EVConnect
- AMPECO
- Current
- EV.energy
- Open Charge Point (open-source)
Charger Manufacturers
Hardware manufacturers shipping OCPP-compliant chargers:
- ABB E-mobility --- DC fast chargers (Terra series)
- Schneider Electric --- AC and DC chargers for commercial deployments
- EVBox --- residential and commercial AC chargers
- Wallbox --- residential and small commercial chargers
- Alfen --- smart AC chargers popular in the Netherlands
- Tritium --- high-power DC fast chargers
- Kempower --- modular DC fast charging systems
- Autel Energy --- AC and DC chargers for North American market
- BTC Power --- DC fast chargers for fleet and public deployments
Energy Companies and Utilities
Utilities integrating EV charging into grid management strategies use OCPP's smart charging capabilities to implement demand response, time-of-use optimization, and vehicle-to-grid (V2G) programs. Companies like Enel X, E.ON, and Engie are active participants in the OCPP ecosystem.
OCPP vs OCPI vs OICP: EV Charging Protocols Compared
OCPP is one of several open protocols in the EV charging ecosystem. Each serves a different purpose.
| Protocol | Full Name | Purpose | Communication Path |
|---|---|---|---|
| OCPP | Open Charge Point Protocol | Charger-to-backend communication | Charge Point <-> CSMS |
| OCPI | Open Charge Point Interface | Roaming and interoperability between networks | CSMS <-> CSMS (or CSMS <-> eMSP) |
| OICP | Open InterCharge Protocol | Roaming (primarily Hubject ecosystem) | CSMS <-> Hubject Hub <-> CSMS |
| ISO 15118 | Vehicle-to-grid communication | Vehicle-to-charger communication | EV <-> Charge Point |
| OpenADR | Open Automated Demand Response | Grid demand response signals | Utility <-> Energy Management System |
OCPP operates between the charger and the backend. It handles "make the charger do things" --- start charging, report meter values, update firmware.
OCPI operates between charging networks. It handles "let an eMSP customer use a CPO's charger" --- roaming, real-time location data, tariff information, and CDR (Charge Detail Record) exchange. If OCPP is the protocol inside a network, OCPI is the protocol between networks.
OICP serves a similar roaming purpose to OCPI but uses a centralized hub model (Hubject) rather than peer-to-peer connections. It is dominant in Germany and parts of Central Europe.
ISO 15118 operates between the vehicle and the charger (below OCPP in the stack). It enables Plug & Charge authentication and communicates the vehicle's charging requirements. OCPP 2.0.1 has specific messages to relay ISO 15118 data between the charger and CSMS.
How to Test OCPP Implementations
Testing OCPP is inherently complex. The specification defines hundreds of message flows, error scenarios, and state transitions that must work correctly across different network conditions. For a comprehensive testing approach, see our OCPP testing guide and EV charger testing guide.
Challenges of Physical Testing
Testing with real hardware is slow and expensive:
- A single DC fast charger costs $30,000--$150,000
- Testing requires physical EV connectors, power supplies, and often actual vehicles
- Reproducing edge cases (network drops mid-transaction, firmware corruption, concurrent sessions) is difficult with physical equipment
- Test cycles with hardware typically take weeks to months
Simulation-Based Testing
OCPPLab provides cloud-based OCPP simulation that eliminates these constraints:
- Scale: Deploy 1,000+ virtual charge points in minutes, simulating an entire charging network
- Protocol coverage: Test both OCPP 1.6 and 2.0.1 with full message type support
- Realistic behavior: Simulate real charger behaviors from 100+ device models, including vendor-specific quirks and timing characteristics
- Edge case testing: Simulate network failures, malformed messages, slow responses, concurrent operations, and protocol error conditions that are nearly impossible to reproduce with hardware
- CI/CD integration: Automate regression testing as part of your development pipeline
- Smart charging validation: Test complex charging profile scenarios, composite schedule calculations, and load management algorithms
Teams using OCPPLab typically reduce OCPP QA cycles from months to weeks and cut testing infrastructure costs by 60--90%.
OCPP Certification and Compliance
The Open Charge Alliance operates an OCPP certification program that validates conformance to the specification. Certification involves:
- Self-testing: Vendors run the OCA's test tool against their implementation
- Conformance testing: An accredited test lab executes the official test suite
- Interoperability testing: The implementation is tested against other certified products
Certified products are listed in the OCA's product directory. While certification is not legally required in most jurisdictions, many RFPs and government funding programs require or strongly prefer OCA-certified products. The EU's Alternative Fuels Infrastructure Regulation (AFIR) references OCPP as the communication standard for publicly accessible charging points.
Frequently Asked Questions
Is OCPP free to use?
Yes. OCPP is an open protocol published by the Open Charge Alliance under royalty-free terms. Anyone can download the specification and implement it without licensing fees. The specification documents are freely available on the OCA website. Certification is optional and involves a fee, but implementing the protocol itself costs nothing.
What is the difference between OCPP and OCPI?
OCPP handles communication between a charger and its management backend (CSMS) --- operations like starting charging sessions, reporting energy usage, and updating firmware. OCPI handles communication between different charging networks for roaming, allowing an EV driver subscribed to one network to use chargers on another. OCPP operates inside a network; OCPI operates between networks.
Do all EV chargers support OCPP?
Most commercial EV chargers sold today support OCPP 1.6 at minimum. Tesla Superchargers historically used a proprietary protocol, but Tesla has begun adopting OCPP for its chargers that serve non-Tesla vehicles as part of NEVI-funded deployments. Some low-cost residential chargers may lack OCPP support since they are designed for standalone operation without backend management.
What is a CSMS?
A CSMS (Charging Station Management System) is the backend software platform that manages a network of EV chargers via OCPP. It handles user authorization, session management, billing, energy monitoring, remote operations, firmware updates, and analytics. Also referred to as CPMS (Charge Point Management System) or simply "the backend." The term CSMS is used in OCPP 2.0.1, while OCPP 1.6 uses "Central System."
Which OCPP version should I implement?
If you are starting a new implementation in 2025, support both OCPP 1.6 and 2.0.1. Most chargers in the field still run 1.6, so your CSMS needs 1.6 support for backward compatibility. However, new charger models increasingly ship with 2.0.1 support, and features like ISO 15118 Plug & Charge, advanced security profiles, and the structured device model require 2.0.1. For a detailed comparison, see our OCPP 1.6 vs 2.0.1 analysis.
How does OCPP handle offline charging?
OCPP supports offline operation through the Local Authorization List. The CSMS pushes a list of authorized ID tags to the charger via SendLocalList. When the charger loses its WebSocket connection, it can still authorize users against this local list and start charging sessions. Transaction data (meter values, start/stop events) is queued locally and transmitted to the CSMS when connectivity is restored. OCPP 2.0.1 improves this with its event-based transaction model, which handles message loss more gracefully than 1.6's paired start/stop messages.
Is OCPP secure?
Core OCPP 1.6 has minimal built-in security --- TLS is optional, and many deployments run unencrypted. The optional OCPP 1.6 Security Whitepaper edition 2 retroactively adds security profiles (0/1/2/3), certificate management, signed firmware updates, and SecurityEventNotification to 1.6, but it is opt-in per deployment, so a large portion of the installed base still runs without it. OCPP 2.0.1 makes the same profile model mandatory (renumbered Profile 1/2/3) and bakes signed firmware and security event logging into the core spec. For production deployments, Security Profile 2 (TLS with basic auth) is the practical minimum, and Security Profile 3 (mutual TLS) is recommended for public infrastructure.
What is the OCPP heartbeat?
The Heartbeat message is a lightweight keep-alive sent by the charger to the CSMS at a regular interval (configured in the BootNotification response, typically 30--300 seconds). It serves two purposes: confirming that the charger is online and connected, and synchronizing the charger's internal clock with the CSMS server time (the Heartbeat response includes the current UTC timestamp). If the CSMS stops receiving heartbeats, it marks the charger as offline.
Can OCPP support vehicle-to-grid (V2G)?
OCPP 2.0.1 includes foundational support for V2G through its ISO 15118 integration. The NotifyEVChargingNeeds message can communicate bidirectional power flow requirements, and charging profiles can specify negative power values for energy export back to the grid. Full V2G orchestration typically requires additional protocols (like OpenADR for demand response signals), but OCPP 2.0.1 provides the charger-to-backend communication layer needed to participate in V2G programs.
What happens when OCPP messages fail?
When a message fails (timeout, network error, or CallError response), the behavior depends on the message type. Critical messages like StartTransaction and StopTransaction in OCPP 1.6 are queued and retried until delivered. In OCPP 2.0.1, the TransactionEvent message carries a per-transaction seqNo and the Charging Station replays queued offline events in order on reconnect, so the CSMS can detect gaps and reconstruct the full transaction without losing data. (OCPP 2.0.1 does not define an explicit retransmission request — gap recovery relies on the Charging Station's offline message queue.) For a complete guide to error handling, see our OCPP error codes reference.