Authentication keys are part of the Open Charge Point Protocol (OCPP) security standard. They provide an essential layer of protection, and ensure that only authorized devices can communicate with the platform of the Charge Point Operator (CPO).

That way, they prevent unauthorized access and data breaches. This page answers the frequently asked questions related to authentication keys.

Depending on the manufacturer, the authentication key may be named differently:

• Alfen: “Back office authorization key”
• Schneider: “Basic authentication key”
• Mennekes: “Basic authentication password”
• Other manufacturers: Look for terms like “Authorization Key”, “Security Credentials”, or “OCPP Password”

Tip: Handling and setup vary by manufacturer. Always consult your device manual for specific instructions.

Most devices don’t have a preset authentication key:

• If no key is set, then you can create and set one yourself.
• If the manufacturer already set a key, then you can usually find it on a physical label inside the device, or on a security sheet in the packaging. You can reset this key in the device software.

Note: The authentication key is different from the device password that you use to log in to the device software.

There are three ways to set your key:

• Locally: Log in to the device software and enter a new key in the “Network” tab or “OCPP Settings” tab.
• Via the QA platform: Select your device, go to the “Security” tab, and then generate a random key or enter a custom one.
• Via the maintenance platform: If the device is already onboarded on QA, then navigate to the maintenance page of that device, and execute the “Reset authentication key” action.

Tip: If you set a key on a device as an installer, then it’s recommended to give the key to the actual owner of the device.

This depends on the situation:

• During installation: Navigate to the “Security” tab in the device details on the QA platform to generate a random key or enter a custom one.
• After installation: Use the “Reset authentication key” action in the maintenance platform.
• If offline: Log in to the device software to update the key manually.

Take the steps below if you transfer a device to a new owner or platform:

1. Perform a factory reset to clear the connection URL and credentials.
2. Delete or overwrite the old key.
3. Set a new unique key for the new connection.

• Length: Requirements can vary by manufacturer and may not always follow standard OCPP guidelines. Generally, the key must be 16 to 20 characters long. If you use a hexadecimal key (using only numbers and letters “a” through “f”), it must be 32 to 40 characters long.
• Format: Check whether the device requires specific characters.
• Firmware: Update the device to a version that supports the OCPP basic authentication security profile.
• Connection: Make sure that the device is online, and that the connection URL is correct.

For security reasons, keys are “write-only”, and they can’t be retrieved. If you lose a key, and it isn’t stored in the platform, then you need to reset the security settings on the device itself.

A factory reset on the device usually clears any custom key, or reverts it to the factory default found on the device label.

Check the manufacturer’s technical manual for specific steps and security requirements related to your device.