Status indicators
Each item below is tagged with one of three status indicators:- 🟢 Pending implementation — on the roadmap, expected in a near-term release
- 🟡 Under discussion — useful and being scoped; design not yet final
- 🔵 Exploratory — interesting but earlier in the design conversation
1. Component-level telemetry 🟢
The current telemetry payload exposes voltage, current, power, energy delivered, SOC, and temperature. Component-level health monitoring requires deeper visibility into the charger’s internal state — information the charger’s firmware already tracks for its own state-machine logic, but does not currently surface to the platform. Proposed addition to the telemetry payload:2. Remote diagnostic commands 🟢
The Fetch Control Commands surface defines the long-polling pattern used to deliver commands to chargers. The currently-supported command types are operational:start_charging, stop_charging, set_power_limit, set_schedule, firmware_upgrade, discharge. Diagnostics needs a complementary set.
Proposed new command types:
| Command | Purpose | Risk class |
|---|---|---|
reboot | Soft-restart the charger’s main controller | Low — affects only the device, no session impact unless mid-session |
soft_reset | Reset the charger’s state machine without rebooting hardware | Low |
force_reconnect | Tear down and re-establish the WebSocket connection to the platform | Low |
fetch_logs | Trigger the charger to upload its on-board log files for inspection | Low (read-only) |
run_self_test | Execute the charger’s built-in self-test sequence and return a structured pass/fail report | Medium — takes the charger out of service for ~2 minutes |
calibrate_sensor | Recalibrate a named sensor (temperature, current, voltage) against a known reference | Medium — should require physical attendance |
reset_contactor_counter | Reset the contactor cycle counter after a physical replacement | Low |
reset_fan_counter | Reset the fan runtime counter after replacement | Low |
reset_power_module | Soft-reset a named power module (CAN-bus issue recovery) | Medium |
trigger_message | Force the charger to re-send a specific OCPP message (StatusNotification, MeterValues, BootNotification, etc.). Maps to OCPP TriggerMessage | Low (read-only) |
unlock_connector | Release a stuck connector lock. Maps to OCPP UnlockConnector | Medium — operator must confirm no vehicle is mid-session |
clear_cache | Clear the charger’s local authorisation cache. Maps to OCPP ClearCache | Low |
accepted, completed, or failed).
Why we need it. Today, every “reboot the charger” or “fetch logs” interaction requires an on-site engineer or a call to a partner CPMS that may or may not support the operation. Exposing these via the Open Platform API lets authorised operators triage remotely, dramatically reducing time-to-resolution for soft issues.
Status. Pending implementation, prioritised by frequency-of-need. reboot, fetch_logs, and force_reconnect are highest priority. run_self_test and calibrate_sensor have safety implications and need careful design (write scope + customer authorisation + audit log).
3. OCPP version and CSMS message-rate metadata 🟡
The Get Charger Details endpoint returnsconnectedHost, connectedWsPort, connectedWebPort, enableConnection, and similar connectivity fields. For partner diagnostic visibility, two additions would help.
Proposed additions to the Device entity:
4. Service-account authentication for the admin API 🟡
The legacy admin API attellus-op-admin/ requires interactive login with a captcha. This is appropriate for human users of the admin web UI, but blocks programmatic access from partner integrations.
Proposed:
A new service_account credential type, with:
service_account_idandservice_account_secretissued out-of-band by Tellus- A long-lived token endpoint that doesn’t require captcha
- Granular scopes matching the admin API’s resource model (org / site / device / firmware / configuration)
- Audit logging on every action taken by a service account
5. Per-session telemetry archive query 🔵
The Real-time Telemetry Stream endpoint provides a live WebSocket feed but no historical query. Power profiles for past sessions can be reconstructed only frommax_power / avg_power summary fields, which is approximate.
Proposed:
A new endpoint GET /v1/operator/devices/{device_id}/sessions/{record_id}/telemetry returning the per-second telemetry archive for a completed session — enabling true power-curve reconstruction, fault-during-session correlation, and post-incident analysis.
Why we’d want it. Diagnostic value is strongest immediately after a fault. Being able to ask “what was the power profile during the 30 seconds preceding F-0411?” turns guesswork into data. Currently we approximate.
Status. Exploratory. Storage implications are non-trivial (per-second telemetry × millions of sessions × multi-year retention). Tiered retention (full resolution for 30 days, 1-min averages for 90 days, summary thereafter) would be a sensible compromise.
6. OAuth refresh-token flow 🟡
The current authentication surface only describes the OAuth client-credentials grant — partners obtain a 24-hour Bearer token by re-exchangingclient_id and client_secret. There is no refresh-token flow, no token-introspection endpoint, and no short-lived access-token / long-lived refresh-token split.
For partners running large, distributed fleets of clients (e.g. multi-region BFFs, edge workers, mobile companion apps), re-exchanging client_secret on every refresh creates two operational concerns:
client_secretexposure surface. Every node that needs to refresh a token must hold the long-lived secret. A leaked secret requires platform-coordinated rotation across every partner deployment.- Refresh storms. A 24-hour TTL across thousands of clients tends to cluster — a fleet that deployed simultaneously will all refresh around the same minute 24 hours later. A refresh-token flow with jittered short-lived access tokens avoids this.
- Add an OAuth refresh-token grant per RFC 6749 §6, with short-lived access tokens (e.g. 1 hour) and longer-lived refresh tokens (e.g. 30 days), and an optional rotation-on-use mode.
- Add a token-introspection endpoint per RFC 7662 so partners can validate tokens server-side without round-tripping the full request.
client_secret across every client node. Standard pattern for any OAuth2 deployment beyond a single backend integration.
Status. Under discussion. Adds complexity to the auth surface, but is the expected pattern for partners building multi-tenant or edge-distributed integrations against the API.
7. OCPP message log 🟡
The platform sees every OCPP request and response that flows between a charger and its CPMS. Today these messages are processed (telemetry stored, events surfaced) but the raw protocol traffic is not exposed as a queryable log. For diagnostic work, this is the single highest-leverage gap to close. Proposed:DataTransfer PDUs — the OCPP envelope used for vendor-specific extensions such as component-level telemetry and pre-15118-20 bidirectional signalling — so partners gain full visibility into the proprietary protocol surface alongside the standard messages.
Status. Under discussion. Storage and retention implications need scoping (likely tiered: full payload for 30 days, headers-only for 90, deleted thereafter).
8. Diagnostics report request / status / download 🟢
OCPP 1.6’sGetDiagnostics and 2.0.1’s GetLog instruct a charger to bundle its on-board logs (boot logs, fault history, config dump, firmware metadata) and upload them to a URL the platform provides. Tellus chargers already implement this — but no public endpoint currently exposes it as a first-class operation.
Proposed:
GetDiagnostics.req (1.6-J) / GetLog.req (2.0.1). Tellus chargers already implement both.
Status. Pending implementation. Listed as a near-term priority alongside item 2 (Remote diagnostic commands).
9. OCPP configuration read / write 🟢
OCPP exposes a key/value configuration dictionary on every charger — heartbeat interval, max-current, allow-offline-tx, connector phase-rotation, dozens of operational settings. The platform can read or write these viaGetConfiguration / ChangeConfiguration (1.6) or GetVariables / SetVariables (2.0.1). Today these calls happen internally but are not exposed as a public API.
Proposed:
HeartbeatInterval is 10 seconds on a flaky cellular link, fix it, problem gone. Without an API to read OCPP config, the Diagnostics Console can identify symptoms but not their configuration cause. With it, the Co-Pilot agents can point at the specific misconfigured key.
OCPP relationship. Direct mapping to OCPP GetConfiguration / ChangeConfiguration (1.6-J) and GetVariables / SetVariables (2.0.1). All Tellus chargers already implement these.
Status. Pending implementation. Read endpoints are low-risk; write endpoints need careful gating (write scope, audit log entry, optional approval workflow for safety-relevant keys).
10. Alerts with state management 🟢
The Intelligence agents (Anomaly Hunter, Maintenance Dispatcher, Repeat-Fault Hunter — see the Intelligence preview) can detect issues but have no persistent destination to record them in. Alerts as a managed entity with a state machine is the missing persistence layer. Proposed:11. Audit logs 🟡
Who-did-what record of every administrative action on the platform: configuration changes (writes via §9), commands issued (start, stop, reboot, get-diagnostics), alert state transitions, user logins, token issuance, service-account actions. Proposed:12. Raw meter values log 🟡
OCPPMeterValues PDUs carry the periodic readings — voltage, current, power, energy, SoC, frequency — that chargers emit during sessions, typically every 5–60 seconds. We already aggregate these into /v1/operator/aggregated/energy (downsampled time-series) and stream them via the WebSocket telemetry feed (real-time). What is missing is the raw, queryable log — the original MeterValues records with all sampled value types preserved.
Proposed:
MeterValues records with full per-sample fidelity (typically one reading every 5–60s, depending on charger configuration). Distinct from aggregated energy and from the realtime WebSocket — this is the historical forensic record.
Why we need it. Diagnostic value is strongest immediately after a fault. “Show me the voltage trace for the 10 seconds before F-0411 fired” turns guesswork into data. Currently only aggregated profiles are available, not raw sample-level traces. This generalises item 5 (per-session telemetry archive) to “any meter value, any time window, any device” rather than scoping to a single session.
OCPP relationship. MeterValues is a core OCPP PDU emitted by every charger during a session. The endpoint exposes the persisted record of those PDUs.
Status. Under discussion. Storage implications are non-trivial — likely the same tiered retention as item 7 (full fidelity for 30 days, downsampled thereafter).
13. Extended device metadata 🟡
The currentDevice object exposes the live operational fields — serial number, model, firmware version, connectivity status — but does not surface the broader catalogue, lifecycle and connectivity-quality metadata that partner consoles and tech-team users expect to see when looking at a single charger.
Proposed addition to the Device object:
DataTransfer); the rest are platform-side metadata (warranty, activation, brand, product name) from internal product-catalogue and CRM systems.
Status. Under discussion. Field set is broadly agreed; the design conversation is about which fields are returned by default vs. behind a ?include= parameter, and how product-catalogue data is kept consistent across regions.
14. Local authorisation list 🟡
Chargers can authorise an RFID/idTag in two ways: by asking the platform live (Authorize OCPP call), or by checking a locally-stored list of allowed tags. The local list is what keeps a charger working when the network drops — for fleet operators with depot-style sites, this is operationally essential.
Proposed:
GetLocalListVersion / SendLocalList (1.6-J) and Authorize callback. All Tellus chargers already implement these.
Status. Under discussion. Design choices remaining: list-size limits per charger, multi-network shared lists, and the relationship with central driver / IdTag management.
15. Smart charging — full surface 🟡
The current API surfaces charging schedules via a singleschedule endpoint. OCPP defines a richer model — charging profiles with priority stacking, composite-schedule queries, and per-purpose profile types (TxDefaultProfile / TxProfile / ChargePointMaxProfile). Surfacing these is required for accurate diagnostics of “why is this charger only delivering 6 kW when its rating is 22?”.
Proposed:
SetChargingProfile / ClearChargingProfile / GetCompositeSchedule (1.6-J) and the equivalent 2.0.1 messages.
Status. Under discussion. The schedule endpoint already exists in a simplified form; this proposal expands it to the full OCPP smart-charging surface.
16. OCPP 2.0.1 features — public-charging suite 🔵
OCPP 2.0.1 introduces several capabilities beyond 1.6-J that are oriented around public charging — dynamic tariff display, real-time cost accumulation, driver messaging on the charger’s screen, and a much richer device-model query surface. These are valuable but not strategic-priority for Tellus’s current customer base; flagged here for partner visibility. Proposed clusters:- Device Model / Variables query —
GET /v1/operator/devices/{device_id}/variablesreturns the full machine-readable catalogue of every variable the charger exposes, with types, units, ranges and read-write flags. Replaces 1.6’s flatGetConfigurationwith structured metadata that the Console can use to auto-generate configuration UI. - Display Message push —
POST /v1/operator/devices/{device_id}/display-messagepushes a message to the charger’s on-board screen (“Discharge in progress — please do not unplug”, “Welcome, John”, etc.). - Tariff push —
POST /v1/operator/devices/{device_id}/tariffsends a structured tariff for display to drivers. - Cost accumulation —
GET /v1/operator/sessions/{session_id}/costreturns the real-time cost of an in-progress session. - Security profile 3 — endpoints for managing the charger’s TLS certificates to support mutual-TLS OCPP transport (
InstallCertificate,DeleteCertificate,GetInstalledCertificateIds).
17. Plug & Charge (PnC) — OCPP 2.0.1 + ISO 15118 🟡
Plug & Charge is the vehicle-to-charger authentication mechanism defined in ISO 15118-2 and 15118-20, integrated into OCPP 2.0.1 viaAuthorize with idTokenType: "eMAID". The vehicle presents a contract certificate; the charger validates it against a root CA list; the session starts without RFID, app, or driver action. Stellantis premium models and most modern BMWs / Mercedes EVs support PnC.
Proposed:
Authorize with eMAID + InstallCertificate / DeleteCertificate / GetInstalledCertificateIds for the certificate-management surface. ISO 15118-2 / 15118-20 for the vehicle-side. Tellus firmware supports both.
Status. Under discussion. Required for the Stellantis premium-model use case; scoping conversation focuses on certificate-root management and the relationship with central driver records.
18. ISO 15118-20 bidirectional power transfer 🟢
The core V2X / V2G capability. Tellus firmware 260420.0107 already supports ISO 15118-20 with full bidirectional power transfer (BPT), along with pre-15118-20 bidirectional extensions used in the Stellantis / Free2move DrossOne integration. The current API surfaces a singledischarge command but does not expose the richer state — negotiated discharge power profile, mid-session schedule renegotiation, vehicle-reported BPT capability, or the granular session-state machine.
Proposed:
NotifyEVChargingSchedule and related messages for the charger-to-platform side; pre-15118-20 bidirectional extensions for legacy vehicle compatibility. All supported in firmware.
Status. Pending implementation. Aligned with the Stellantis pilot timeline.