Connect your CSMS

Chargeflux.io connects from your browser directly to the CSMS endpoint you provide. Because of how browsers handle WebSocket connections, your CSMS must meet a few requirements. This guide explains what is supported and what is not.

Endpoint requirements

  • The endpoint must use wss:// (secure WebSocket). Plain ws:// is only permitted for localhost during local development.
  • It must accept the ocpp1.6 WebSocket subprotocol during the handshake.
  • It must be reachable from the public internet. Private or internal-only endpoints cannot be reached from the browser.
  • The station identity must match what the CSMS expects, typically as the last path segment of the URL.

Origin handling

Browsers always send an Origin header when opening a WebSocket, and you cannot remove or change it. Your CSMS may need to allow the Chargeflux.io origin:

Origin: https://chargeflux.io

Some CSMS products reject connections from an unexpected origin. If yours does, add https://chargeflux.io to its allowed origins, or see the hosted-runtime roadmap for a future server-side connection option.

Supported authentication

Only authentication methods the browser can perform over a WebSocket are supported, and only when your CSMS accepts them:

  • No authentication.
  • Station identity in the URL path.
  • A token in the query string.
  • Browser-supported URL credentials, where both the browser and CSMS permit them.

Putting a token in a URL can expose it through browser history, CSMS logs or copied screenshots. The simulator warns you when a URL contains a token.

Not supported in the proof of concept

The browser WebSocket API does not provide a general way to set arbitrary handshake headers, so the POC cannot support endpoints that require:

  • A custom Authorization header (for example HTTP Basic or Bearer auth).
  • A custom API-key header.
  • Mutual TLS with a client certificate selected by the application.
  • Private network access or a source-IP allowlist.
  • A WebSocket connection without an Origin header.

If your CSMS needs one of these, a future hosted runtime is the planned path. If a connection fails, see troubleshooting WebSocket connections.

Last reviewed June 2026 · Chargeflux.io