Authorize

Core CS->CSMS OCPP 2.0.1

Sent by the Charging Station to request authorization for an identifier before starting a transaction. In OCPP 2.0.1, the identifier is an IdToken object supporting multiple token types including RFID, eMAID, and ISO 15118.

Quick Reference

Required Fields

idToken IdTokenType

Object containing the identifier to authorize - must include idToken (string) and type (enum)

idToken.idToken string(36)

The actual identifier value (RFID UID, eMAID, etc.)

idToken.type IdTokenEnumType

Type of identifier: ISO14443, ISO15693, eMAID, Central, KeyCode, Local, MacAddress, or NoAuthorization

Optional Fields

certificate string(5500)

X.509 certificate presented by the EV, encoded in PEM format (for ISO 15118)

iso15118CertificateHashData array[OCSPRequestDataType]

Array of OCSP request data for ISO 15118 certificate validation (max 4 items)

Example Payload

{
  "idToken": {
    "idToken": "AABBCCDD",
    "type": "ISO14443"
  }
}

Example Full Frame

[
  2,
  "msg-001",
  "Authorize",
  {
    "idToken": {
      "idToken": "AABBCCDD",
      "type": "ISO14443"
    }
  }
]

Format: [MessageType, MessageId, Action, Payload]

Open in Builder Go to Validator

Overview

The Authorize message validates an identifier with the CSMS before allowing a charging session. In OCPP 2.0.1, the identifier system is significantly richer than in 1.6J — supporting RFID, eMAID (for Plug & Charge), QR codes, and more.

When to Send

  • When a user presents a token (RFID, app, QR code) to start charging
  • Before sending a TransactionEvent with eventType: Started if authorization is required
  • Optionally to re-authorize during a session or at session end

Expected Response

The CSMS responds with an IdTokenInfoType object:

  • status: Accepted, Blocked, Expired, Invalid, ConcurrentTx, NoCredit, or NotAllowedTypeEVSE
  • cacheExpiryDateTime (optional): When to expire the cached authorization
  • chargingPriority (optional): Priority hint for smart charging
  • personalMessage (optional): Message to display to the user

Key Differences from OCPP 1.6J

OCPP 1.6JOCPP 2.0.1
idTag: "AABBCCDD" (plain string, max 20)idToken: { idToken: "AABBCCDD", type: "ISO14443" }
Only RFID impliedExplicit type: ISO14443, ISO15693, eMAID, etc.
No certificate supportOptional PEM certificate for ISO 15118
Response: IdTagInfoResponse: IdTokenInfo (richer status set)

Usage Notes

  • The idToken.idToken field is case-insensitive
  • For RFID cards: use type: "ISO14443" (Mifare) or type: "ISO15693"
  • For Plug & Charge (ISO 15118): use type: "eMAID" and include the certificate fields
  • NoAuthorization type skips authorization checks — use for free charging scenarios

Best Practices

  1. Cache authorizations locally — If the CSMS returns Accepted with a cacheExpiryDateTime, cache it for offline use
  2. Handle all status valuesNoCredit and NotAllowedTypeEVSE are new in 2.0.1
  3. Display personalMessage — If the CSMS sends a message for the user, show it on the Charging Station screen
  4. Specify the correct type — The type field is required and must be accurate

Testing Tips

  • Test ISO14443 with a standard RFID tag
  • Test eMAID format: DE*ICE*E12345678X (countryprovidereMAID)
  • Test Invalid response to verify the Charging Station denies the session correctly
  • Test offline mode with cached authorizations

Common Errors

PropertyConstraintViolation

Cause: idToken.idToken exceeds 36 characters

Solution: Ensure the token value is max 36 characters (note: 1.6J idTag was max 20 chars)

TypeConstraintViolation

Cause: idToken sent as a plain string instead of an object

Solution: In OCPP 2.0.1, idToken is an object with idToken and type fields - not a plain string

TypeConstraintViolation

Cause: type field contains an unsupported value

Solution: Use one of: Central, eMAID, ISO14443, ISO15693, KeyCode, Local, MacAddress, NoAuthorization

Related Actions

TransactionEvent RequestStartTransaction SendLocalList