Complete the OCPI 2.2.1 credentials handshake between CPO and eMSP first (exchange TOKEN_A, TOKEN_B, TOKEN_C) so both parties have authenticated communication channels; the token authorization flow depends on this established connection.
The eMSP pushes its token database to the CPO using PUT /ocpi/{version}/tokens/{country_code}/{party_id}/{token_uid} for each token; the CPO stores these tokens locally for offline authorization to reduce latency at the charge point.
When an EV driver presents an RFID card or token at a CPO charge point, the CPO first checks its local token cache; if the token is found and the whitelist status is 'ALLOWED', authorize immediately without a remote call.
For tokens not in the local cache or with whitelist='NEVER' (requiring always-online authorization), the CPO sends a POST /ocpi/{version}/tokens/{country_code}/{party_id}/{token_uid}/authorize request to the eMSP's tokens module; include the optional LocationReferences body to indicate which EVSE the authorization is for.
Parse the eMSP's AuthorizationInfo response: check the 'allowed' field ('ALLOWED', 'BLOCKED', 'EXPIRED', 'NO_CREDIT', 'NOT_ALLOWED') and, if allowed, extract the Token object which may include a displayText (shown on the charge point display) and an authorization_reference for CDR matching.
Log the authorization result and link it to the subsequent session and CDR using the authorization_reference; if the eMSP returns a response time exceeding the charge point's timeout threshold, fall back to the local cache result if one exists — document the fallback policy with the eMSP.
Known gotchas
OCPI token UIDs are case-sensitive strings and must match exactly between eMSP and CPO; a common interoperability issue is one party uppercasing and the other lowercasing the UID, causing cache misses and failed real-time lookups — normalize to uppercase throughout the pipeline.
The OCPI 2.2.1 token push model means the CPO's local cache may be stale if the eMSP does not reliably deliver all token updates; implement a periodic full-sync by requesting the eMSP's token list via GET /ocpi/{version}/tokens and reconciling with the local cache at least daily.
Real-time authorization adds network latency to the charge session start; if the eMSP is unavailable or slow, the charge point may time out and either deny the session or fall back to cached data — agree on fallback behavior with the eMSP and document it in the roaming agreement to avoid customer disputes.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp