All OCPI requests to ChargeIndia Hub require authentication unless explicitly noted otherwise.
Request authentication
Include the OCPI token in every request:
Authorization: Token {your-token}
The token is issued during credentials exchange. Store it securely — treat it as a secret comparable to an API key.
ChargeIndia Hub requires authentication on all /ocpi/* routes, including GET /ocpi/versions. This differs from some OCPI implementations that expose versions without auth.
Tracing headers
The Hub accepts optional tracing headers:
| Header | Purpose |
|---|---|
X-Request-ID | Unique ID for this request |
X-Correlation-ID | ID linking related requests across parties |
If omitted, the Hub generates values automatically. Include them in your logs for support investigations.
Response envelope
All Hub responses use the standard OCPI envelope:
{
"status_code": 1000,
"status_message": "Success",
"timestamp": "2025-06-23T10:00:00.000Z",
"data": { }
}
| status_code | Meaning |
|---|---|
1000 | Success |
2000 | Generic client/server error |
2002 | Unauthorized (invalid or suspended party) |
2003 | Not found |
2004 | Rate limit exceeded |
Suspended parties
If your party account is suspended, all authenticated requests return 401 with status_code: 2002. Contact your account team to resolve.
Outbound calls (Hub → your platform)
When the Hub calls your OCPI endpoints, it uses:
Authorization: Token {token-you-provided-during-exchange}
Your platform must validate this token on every inbound OCPI request.
Unauthenticated endpoints
The only Hub OCPI endpoint that does not require authentication is:
POST /ocpi/2.2.1/commands/callback/{command_id}
This is called by CPOs to deliver async command results. The Hub validates the callback using the command context, not a bearer token.
Related docs
- Onboarding — how tokens are issued
- Token Rotation — rotating credentials safely
- Rate Limits & Errors — error handling