The latest articles on DEV Community by Rohit Tiwari (@rohittiwari-dev). https://dev.to/rohittiwari-dev https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F2895160%2Fd6042e11-0813-453d-9379-138304421747.jpg https://dev.to/rohittiwari-dev en Rohit Tiwari Sat, 07 Mar 2026 15:09:50 +0000 https://dev.to/rohittiwari-dev/introducing-ocpp-ws-io-the-type-safe-ocpp-ecosystem-for-nodejs-314b https://dev.to/rohittiwari-dev/introducing-ocpp-ws-io-the-type-safe-ocpp-ecosystem-for-nodejs-314b <p>I spent the better part of three months building a Central System (CSMS) for EV chargers. This post is about what that actually looks like in Node.js — the messy parts, the boring parts, and the parts where everything finally clicked.</p> <p>If you're here because you Googled "OCPP Node.js" and found a pile of unmaintained repos and outdated forum posts — yeah, same. Let me save you some time.</p> <h2> What Even Is OCPP </h2> <p>If you're coming from a pure web background, OCPP is probably unfamiliar territory. It's a WebSocket-based RPC protocol that chargers (Charge Points) use to talk to a backend server (Central System or CSMS). The charger connects to your server, sends a <code>BootNotification</code> to announce itself, and from that point on it's a two-way RPC channel — the charger can send you <code>Heartbeat</code>, <code>MeterValues</code>, <code>StatusNotification</code>, etc., and your server can push back commands like <code>RemoteStartTransaction</code>, <code>ChangeConfiguration</code>, <code>Reset</code>.</p> <p>There are two major versions in the wild: <strong>OCPP 1.6</strong> (most hardware in deployment today) and <strong>OCPP 2.0.1 / 2.1</strong> (newer, more structured, more verbose). They're not backward compatible. Hardware vendors ship one or the other, or sometimes both.</p> <p>The RPC framing is simple enough — a <code>CALL</code> is <code>[2, uniqueId, action, payload]</code>, a <code>CALLRESULT</code> is <code>[3, uniqueId, payload]</code>, and <code>CALLERROR</code> is <code>[4, uniqueId, errorCode, description, details]</code>. Simple in principle. But writing all the schema validation, connection lifecycle management, reconnect logic, multi-version type safety, and authentication on top of <code>ws</code> by hand is where things start to unravel.</p> <h2> The DIY Attempt </h2> <p>My first cut was hand-rolled on top of the <code>ws</code> package. It looked something like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="nx">WebSocket</span><span class="p">,</span> <span class="p">{</span> <span class="nx">WebSocketServer</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">ws</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">wss</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">WebSocketServer</span><span class="p">({</span> <span class="na">port</span><span class="p">:</span> <span class="mi">3000</span> <span class="p">});</span> <span class="nx">wss</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">"</span><span class="s2">connection</span><span class="dl">"</span><span class="p">,</span> <span class="p">(</span><span class="nx">socket</span><span class="p">,</span> <span class="nx">req</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">identity</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">url</span><span class="p">?.</span><span class="nf">split</span><span class="p">(</span><span class="dl">"</span><span class="s2">/</span><span class="dl">"</span><span class="p">).</span><span class="nf">pop</span><span class="p">();</span> <span class="nx">socket</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">"</span><span class="s2">message</span><span class="dl">"</span><span class="p">,</span> <span class="p">(</span><span class="nx">raw</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">msg</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">raw</span><span class="p">.</span><span class="nf">toString</span><span class="p">());</span> <span class="kd">const</span> <span class="p">[</span><span class="kd">type</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="nx">action</span><span class="p">,</span> <span class="nx">payload</span><span class="p">]</span> <span class="o">=</span> <span class="nx">msg</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="kd">type</span> <span class="o">===</span> <span class="mi">2</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">action</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">BootNotification</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="nx">socket</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">([</span><span class="mi">3</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Accepted</span><span class="dl">"</span><span class="p">,</span> <span class="na">currentTime</span><span class="p">:</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">().</span><span class="nf">toISOString</span><span class="p">(),</span> <span class="na">interval</span><span class="p">:</span> <span class="mi">300</span><span class="p">,</span> <span class="p">}]));</span> <span class="p">}</span> <span class="p">}</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p>Fine for a demo. Not fine for production. Problems start piling up fast:</p> <ul> <li> <strong>No types on <code>payload</code></strong> — you're just trusting JSON.parse and hoping the charger sent what you expect</li> <li> <strong>No request/response correlation</strong> — when a charger responds to your <code>RemoteStart</code>, how do you match it back to the caller? You're writing your own promise-per-uniqueId tracking</li> <li> <strong>No reconnect handling</strong> — chargers drop, networks flicker, you need backoff logic on the client side</li> <li> <strong>No auth</strong> — OCPP security profiles exist (Basic Auth, TLS, Mutual TLS), and none of that is in <code>ws</code> by default</li> <li> <strong>Multi-version chaos</strong> — 1.6 and 2.0.1 have different field names for the same concepts. <code>idTag</code> vs <code>idToken</code>, for instance. You end up with <code>if (protocol === "ocpp1.6")</code> forks everywhere</li> </ul> <p>After about three weeks I had a codebase that worked for the happy path and fell over on everything else. So I went looking for a library.</p> <h2> Finding <code>ocpp-ws-io</code> </h2> <p>I created <a href="https://github.com/rohittiwari-dev/ocpp-ws-io" rel="noopener noreferrer"><code>ocpp-ws-io</code></a> while digging into ocpp and server implementation with node js. It's a TypeScript-first OCPP client and server framework for Node.js, supporting OCPP 1.6, 2.0.1, and 2.1. It handles the RPC framing, schema validation, auth, and clustering — all the infrastructure work I was tired of doing myself.</p> <p>Here's what the same boot notification handler looks like with it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">OCPPServer</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">ocpp-ws-io</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">server</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">OCPPServer</span><span class="p">({</span> <span class="na">protocols</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">ocpp1.6</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">ocpp2.0.1</span><span class="dl">"</span><span class="p">],</span> <span class="p">});</span> <span class="nx">server</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">"</span><span class="s2">client</span><span class="dl">"</span><span class="p">,</span> <span class="p">(</span><span class="nx">client</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">client</span><span class="p">.</span><span class="nf">handle</span><span class="p">(</span><span class="dl">"</span><span class="s2">ocpp1.6</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">BootNotification</span><span class="dl">"</span><span class="p">,</span> <span class="p">({</span> <span class="nx">params</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// params is fully typed — chargePointVendor, chargePointModel, etc.</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`Boot from </span><span class="p">${</span><span class="nx">params</span><span class="p">.</span><span class="nx">chargePointVendor</span><span class="p">}</span><span class="s2"> / </span><span class="p">${</span><span class="nx">params</span><span class="p">.</span><span class="nx">chargePointModel</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="k">return</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Accepted</span><span class="dl">"</span><span class="p">,</span> <span class="na">currentTime</span><span class="p">:</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">().</span><span class="nf">toISOString</span><span class="p">(),</span> <span class="na">interval</span><span class="p">:</span> <span class="mi">300</span><span class="p">,</span> <span class="p">};</span> <span class="p">});</span> <span class="p">});</span> <span class="k">await</span> <span class="nx">server</span><span class="p">.</span><span class="nf">listen</span><span class="p">(</span><span class="mi">3000</span><span class="p">);</span> </code></pre> </div> <p>The return type is also inferred — if you try to return <code>status: "Whatever"</code>, TypeScript catches it at compile time. That alone saved me from a class of bugs I was discovering in logs at 2am.</p> <h2> Plugging It Into an Existing Express Server </h2> <p>This was the first thing I actually needed to figure out. Our backend already had an Express app handling REST endpoints. I didn't want to run OCPP on a separate port with a separate process — I wanted it on the same server, under a specific path like <code>/api/v1/chargers/:id</code>.</p> <p><code>ocpp-ws-io</code> is framework-agnostic. You can attach it to any existing <code>http.Server</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="nx">express</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">express</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">createServer</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">http</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">OCPPServer</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">ocpp-ws-io</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="nf">express</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">httpServer</span> <span class="o">=</span> <span class="nf">createServer</span><span class="p">(</span><span class="nx">app</span><span class="p">);</span> <span class="c1">// Your normal REST routes</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">/health</span><span class="dl">"</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">ok</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}));</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="dl">"</span><span class="s2">/api/v1</span><span class="dl">"</span><span class="p">,</span> <span class="nx">yourApiRouter</span><span class="p">);</span> <span class="c1">// OCPP server attached to the same HTTP server</span> <span class="kd">const</span> <span class="nx">ocppServer</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">OCPPServer</span><span class="p">({</span> <span class="na">protocols</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">ocpp1.6</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">ocpp2.0.1</span><span class="dl">"</span><span class="p">],</span> <span class="na">server</span><span class="p">:</span> <span class="nx">httpServer</span><span class="p">,</span> <span class="c1">// ← the key part</span> <span class="p">});</span> <span class="c1">// Dynamic routing with path param extraction</span> <span class="kd">const</span> <span class="nx">chargerRoute</span> <span class="o">=</span> <span class="nx">ocppServer</span><span class="p">.</span><span class="nf">route</span><span class="p">(</span><span class="dl">"</span><span class="s2">/api/v1/chargers/:id</span><span class="dl">"</span><span class="p">);</span> <span class="nx">chargerRoute</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">"</span><span class="s2">client</span><span class="dl">"</span><span class="p">,</span> <span class="p">(</span><span class="nx">client</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">chargerId</span> <span class="o">=</span> <span class="nx">client</span><span class="p">.</span><span class="nx">handshake</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">;</span> <span class="c1">// extracted from the URL</span> <span class="nx">client</span><span class="p">.</span><span class="nf">handle</span><span class="p">(</span><span class="dl">"</span><span class="s2">ocpp1.6</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">BootNotification</span><span class="dl">"</span><span class="p">,</span> <span class="p">({</span> <span class="nx">params</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Accepted</span><span class="dl">"</span><span class="p">,</span> <span class="na">currentTime</span><span class="p">:</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">().</span><span class="nf">toISOString</span><span class="p">(),</span> <span class="na">interval</span><span class="p">:</span> <span class="mi">300</span><span class="p">,</span> <span class="p">};</span> <span class="p">});</span> <span class="nx">client</span><span class="p">.</span><span class="nf">handle</span><span class="p">(</span><span class="dl">"</span><span class="s2">ocpp1.6</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Heartbeat</span><span class="dl">"</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="na">currentTime</span><span class="p">:</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">().</span><span class="nf">toISOString</span><span class="p">(),</span> <span class="p">}));</span> <span class="nx">client</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">"</span><span class="s2">disconnect</span><span class="dl">"</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">chargerId</span><span class="p">}</span><span class="s2"> disconnected`</span><span class="p">);</span> <span class="p">});</span> <span class="p">});</span> <span class="nx">httpServer</span><span class="p">.</span><span class="nf">listen</span><span class="p">(</span><span class="mi">3000</span><span class="p">);</span> </code></pre> </div> <p>One HTTP server, REST and WebSocket on the same port, path-based routing. Works exactly as expected.</p> <h2> Authentication </h2> <p>OCPP 1.6 uses Basic Auth in the WebSocket handshake URL (<code>ws://user:pass@host/path</code>). The library handles the WebSocket upgrade and gives you a hook before the connection is accepted:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">ocppServer</span><span class="p">.</span><span class="nf">auth</span><span class="p">((</span><span class="nx">ctx</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">identity</span><span class="p">,</span> <span class="nx">headers</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">ctx</span><span class="p">.</span><span class="nx">handshake</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">authHeader</span> <span class="o">=</span> <span class="nx">headers</span><span class="p">[</span><span class="dl">"</span><span class="s2">authorization</span><span class="dl">"</span><span class="p">];</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">authHeader</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">ctx</span><span class="p">.</span><span class="nf">reject</span><span class="p">(</span><span class="mi">401</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Missing credentials</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="p">[,</span> <span class="nx">encoded</span><span class="p">]</span> <span class="o">=</span> <span class="nx">authHeader</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="dl">"</span><span class="s2"> </span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">user</span><span class="p">,</span> <span class="nx">pass</span><span class="p">]</span> <span class="o">=</span> <span class="nx">Buffer</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="nx">encoded</span><span class="p">,</span> <span class="dl">"</span><span class="s2">base64</span><span class="dl">"</span><span class="p">).</span><span class="nf">toString</span><span class="p">().</span><span class="nf">split</span><span class="p">(</span><span class="dl">"</span><span class="s2">:</span><span class="dl">"</span><span class="p">);</span> <span class="c1">// Check against your database</span> <span class="kd">const</span> <span class="nx">isValid</span> <span class="o">=</span> <span class="nf">validateChargerCredentials</span><span class="p">(</span><span class="nx">user</span><span class="p">,</span> <span class="nx">pass</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">isValid</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">ctx</span><span class="p">.</span><span class="nf">reject</span><span class="p">(</span><span class="mi">401</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Invalid credentials</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="nx">ctx</span><span class="p">.</span><span class="nf">accept</span><span class="p">({</span> <span class="na">session</span><span class="p">:</span> <span class="p">{</span> <span class="na">chargerId</span><span class="p">:</span> <span class="nx">user</span> <span class="p">}</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p>You can attach arbitrary data to the session in <code>ctx.accept()</code> and read it back later in <code>client.session</code>. Useful for things like storing the charger's database ID or tenant info.</p> <h2> Connection Middleware </h2> <p>One pattern that genuinely surprised me was that the middleware system works at two levels: the HTTP Upgrade (before the WebSocket is even opened) and the OCPP message layer. This lets you handle rate limiting, IP filtering, and logging cleanly without polluting your handlers:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">defineMiddleware</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">ocpp-ws-io</span><span class="dl">"</span><span class="p">;</span> <span class="c1">// Connection-phase middleware — runs before WebSocket handshake completes</span> <span class="nx">ocppServer</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span> <span class="nf">defineMiddleware</span><span class="p">(</span><span class="k">async </span><span class="p">(</span><span class="nx">ctx</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">ip</span> <span class="o">=</span> <span class="nx">ctx</span><span class="p">.</span><span class="nx">handshake</span><span class="p">.</span><span class="nx">remoteAddress</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="k">await</span> <span class="nf">isIPBanned</span><span class="p">(</span><span class="nx">ip</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">ctx</span><span class="p">.</span><span class="nf">reject</span><span class="p">(</span><span class="mi">403</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Forbidden</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="k">await</span> <span class="nf">next</span><span class="p">();</span> <span class="p">})</span> <span class="p">);</span> <span class="c1">// Message-phase middleware — wraps every RPC call per client</span> <span class="nx">chargerRoute</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">"</span><span class="s2">client</span><span class="dl">"</span><span class="p">,</span> <span class="p">(</span><span class="nx">client</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">client</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="k">async </span><span class="p">(</span><span class="nx">ctx</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">t</span> <span class="o">=</span> <span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">();</span> <span class="k">await</span> <span class="nf">next</span><span class="p">();</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`[</span><span class="p">${</span><span class="nx">client</span><span class="p">.</span><span class="nx">identity</span><span class="p">}</span><span class="s2">] </span><span class="p">${</span><span class="nx">ctx</span><span class="p">.</span><span class="nx">action</span><span class="p">}</span><span class="s2"> — </span><span class="p">${</span><span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">()</span> <span class="o">-</span> <span class="nx">t</span><span class="p">}</span><span class="s2">ms`</span><span class="p">);</span> <span class="p">});</span> <span class="c1">// handlers below...</span> <span class="p">});</span> </code></pre> </div> <p>The logging middleware is something I have running in staging to catch slow handlers. The timing data showed that one of our <code>MeterValues</code> handlers was taking 200ms because it was doing a synchronous database write. Fixed it, now it's async.</p> <h2> Sending Commands to a Charger </h2> <p>OCPP is bidirectional — you need to be able to push commands to chargers, not just respond to them. The <code>client.call()</code> method handles this with a proper promise that resolves when the charger responds:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Somewhere in a REST handler or background job</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">remoteStartSession</span><span class="p">(</span><span class="nx">chargerId</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">rfidTag</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">client</span> <span class="o">=</span> <span class="nx">ocppServer</span><span class="p">.</span><span class="nf">getClient</span><span class="p">(</span><span class="nx">chargerId</span><span class="p">);</span> <span class="c1">// get connected client by identity</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">client</span><span class="p">)</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Charger not connected</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">client</span><span class="p">.</span><span class="nf">call</span><span class="p">(</span><span class="dl">"</span><span class="s2">ocpp1.6</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">RemoteStartTransaction</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">connectorId</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="na">idTag</span><span class="p">:</span> <span class="nx">rfidTag</span><span class="p">,</span> <span class="p">});</span> <span class="c1">// result.status is typed: "Accepted" | "Rejected"</span> <span class="k">if </span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">status</span> <span class="o">!==</span> <span class="dl">"</span><span class="s2">Accepted</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="s2">`Charger rejected start: </span><span class="p">${</span><span class="nx">result</span><span class="p">.</span><span class="nx">status</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>This is where the typed RPC really earns its keep. On my hand-rolled version I had a bug where I was sending <code>idToken</code> instead of <code>idTag</code> for OCPP 1.6. TypeScript would have caught that at compile time. Instead I found it in production when a charger started rejecting every remote start.</p> <h2> Handling Multiple OCPP Versions </h2> <p>We have a mix of hardware — some chargers only support 1.6, a few newer units support 2.0.1. The subprotocol negotiation happens automatically during the WebSocket handshake. In your handlers you just register per-version:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">client</span><span class="p">.</span><span class="nf">handle</span><span class="p">(</span><span class="dl">"</span><span class="s2">ocpp1.6</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">StatusNotification</span><span class="dl">"</span><span class="p">,</span> <span class="p">({</span> <span class="nx">params</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// params: { connectorId, status, errorCode, ... }</span> <span class="nf">updateConnectorStatus</span><span class="p">(</span><span class="nx">client</span><span class="p">.</span><span class="nx">identity</span><span class="p">,</span> <span class="nx">params</span><span class="p">.</span><span class="nx">connectorId</span><span class="p">,</span> <span class="nx">params</span><span class="p">.</span><span class="nx">status</span><span class="p">);</span> <span class="k">return</span> <span class="p">{};</span> <span class="p">});</span> <span class="nx">client</span><span class="p">.</span><span class="nf">handle</span><span class="p">(</span><span class="dl">"</span><span class="s2">ocpp2.0.1</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">StatusNotificationRequest</span><span class="dl">"</span><span class="p">,</span> <span class="p">({</span> <span class="nx">params</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// params: { connectorId, connectorStatus, evseId, ... } — different shape</span> <span class="nf">updateConnectorStatus</span><span class="p">(</span><span class="nx">client</span><span class="p">.</span><span class="nx">identity</span><span class="p">,</span> <span class="nx">params</span><span class="p">.</span><span class="nx">connectorId</span><span class="p">,</span> <span class="nx">params</span><span class="p">.</span><span class="nx">connectorStatus</span><span class="p">);</span> <span class="k">return</span> <span class="p">{};</span> <span class="p">});</span> </code></pre> </div> <p>You can also check <code>client.protocol</code> at runtime if you need version-branching logic, but mostly I've been able to keep them in separate handlers.</p> <h2> What I'm Not Using (Yet) </h2> <p>The library has a Redis adapter for multi-instance deployments via pub/sub. We're currently on a single Node process, so I haven't wired that up. When we need to scale horizontally behind a load balancer it'll matter — charger A's WebSocket might land on server instance 1, but a REST request to trigger <code>RemoteStart</code> might hit instance 2. Without clustering, that call fails silently because the client isn't on that process.</p> <p>I also haven't used the Protocol Proxy package yet. That one translates OCPP 1.6 frames to 2.0.1 format dynamically, which would be useful if we ever want to standardize our CSMS on 2.0.1 internally while still accepting 1.6 hardware. It's a separate package (<code>ocpp-protocol-proxy</code> or similar) under the same ecosystem.</p> <h2> The CLI </h2> <p>There's a companion CLI (<code>ocpp-ws-cli</code>, available via <code>npx</code>) that I've been using for local testing. The one I use most is <code>ocpp simulate</code> — it spins up an interactive charge point emulator in the terminal with a live TUI showing voltage, current, and SoC. You can trigger plug-ins, send RFID taps, and fire <code>MeterValues</code> without any physical hardware. Useful when you want to test a specific flow without digging out a dev charger.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npx ocpp-ws-cli simulate <span class="nt">--endpoint</span> ws://localhost:3000/api/v1/chargers/TEST-01 <span class="nt">--protocol</span> ocpp1.6 </code></pre> </div> <p>There's also <code>ocpp bench</code> for throughput testing and <code>ocpp fuzz</code> for throwing malformed payloads at your server to make sure your validation is solid. I ran <code>ocpp fuzz</code> against our server after turning on strict mode and it caught two edge cases where our handlers were crashing on unexpected payload shapes.</p> <h2> Honest Thoughts </h2> <p>Things I like:</p> <ul> <li>The TypeScript types are genuinely useful, not just cosmetic. Auto-generated from the OCPP JSON schemas directly.</li> <li>The Express integration is seamless. No port juggling.</li> <li>The middleware API is clean and familiar if you've written Express middleware.</li> <li>The CLI tooling saves a lot of time on test setup.</li> </ul> <p>Things to be aware of:</p> <ul> <li>The documentation is still filling out for some of the newer packages (Protocol Proxy, Smart Charge Engine). Expect to read the source for edge cases.</li> <li>OCPP itself is under-specified in places. The library can give you type safety, but the protocol still has implementation-defined behavior that you'll need to handle per your hardware vendor.</li> <li>Strict mode is off by default. Turn it on early in development — <code>strictMode: true</code> in the server config. You want schema validation errors to be loud during testing, not silent in production.</li> </ul> <h2> Quick Reference — The Bits I Look Up Most Often </h2> <h3> Server with Express </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="nf">express</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">httpServer</span> <span class="o">=</span> <span class="nf">createServer</span><span class="p">(</span><span class="nx">app</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">ocppServer</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">OCPPServer</span><span class="p">({</span> <span class="na">protocols</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">ocpp1.6</span><span class="dl">"</span><span class="p">],</span> <span class="na">server</span><span class="p">:</span> <span class="nx">httpServer</span> <span class="p">});</span> <span class="nx">httpServer</span><span class="p">.</span><span class="nf">listen</span><span class="p">(</span><span class="mi">3000</span><span class="p">);</span> </code></pre> </div> <h3> Route + Auth </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">ocppServer</span><span class="p">.</span><span class="nf">auth</span><span class="p">((</span><span class="nx">ctx</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">ctx</span><span class="p">.</span><span class="nf">accept</span><span class="p">());</span> <span class="kd">const</span> <span class="nx">route</span> <span class="o">=</span> <span class="nx">ocppServer</span><span class="p">.</span><span class="nf">route</span><span class="p">(</span><span class="dl">"</span><span class="s2">/api/v1/chargers/:id</span><span class="dl">"</span><span class="p">);</span> <span class="nx">route</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">"</span><span class="s2">client</span><span class="dl">"</span><span class="p">,</span> <span class="p">(</span><span class="nx">client</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="cm">/* ... */</span> <span class="p">});</span> </code></pre> </div> <h3> Inbound handler (charger → server) </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">client</span><span class="p">.</span><span class="nf">handle</span><span class="p">(</span><span class="dl">"</span><span class="s2">ocpp1.6</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">BootNotification</span><span class="dl">"</span><span class="p">,</span> <span class="p">({</span> <span class="nx">params</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="na">status</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Accepted</span><span class="dl">"</span><span class="p">,</span> <span class="na">currentTime</span><span class="p">:</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">().</span><span class="nf">toISOString</span><span class="p">(),</span> <span class="na">interval</span><span class="p">:</span> <span class="mi">300</span><span class="p">,</span> <span class="p">}));</span> </code></pre> </div> <h3> Outbound call (server → charger) </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">client</span><span class="p">.</span><span class="nf">call</span><span class="p">(</span><span class="dl">"</span><span class="s2">ocpp1.6</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">RemoteStopTransaction</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">transactionId</span><span class="p">:</span> <span class="mi">42</span><span class="p">,</span> <span class="p">});</span> </code></pre> </div> <h3> Message middleware </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">client</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="k">async </span><span class="p">(</span><span class="nx">ctx</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">next</span><span class="p">();</span> <span class="c1">// runs after handler</span> <span class="p">});</span> </code></pre> </div> <p>If you're building anything in this space — CSMS, charge point simulator, fleet management backend — and you're starting from scratch on the OCPP layer, this library is worth your time. It's not magic, but it takes about two weeks of infrastructure work off your plate so you can focus on the actual business logic.</p> <p>GitHub: <a href="https://github.com/rohittiwari-dev/ocpp-ws-io" rel="noopener noreferrer">rohittiwari-dev/ocpp-ws-io</a><br><br> Docs: <a href="https://ocpp-ws-io.rohittiwari.me" rel="noopener noreferrer">ocpp-ws-io.rohittiwari.me</a><br><br> Install: <code>npm install ocpp-ws-io</code></p> ocpp ocpprpc ocppserver node Rohit Tiwari Wed, 04 Mar 2026 11:14:45 +0000 https://dev.to/rohittiwari-dev/rest-gave-me-a-production-incident-so-i-rethought-how-i-name-api-operations-2mef https://dev.to/rohittiwari-dev/rest-gave-me-a-production-incident-so-i-rethought-how-i-name-api-operations-2mef <h2> It started with a production incident </h2> <p>[INCIDENT — e.g. "A customer was charged twice. The client received a network timeout, retried the request, and our order service created two identical orders seconds apart. Same card. Two charges. Support was already on the phone before I knew anything was wrong."]</p> <p>I found the root cause in twenty minutes. But I spent three more hours in the logs trying to reconstruct exactly what had happened — because nothing in the system agreed on how to report things. Different error shapes. Different HTTP codes. Some endpoints returned nothing at all on failure.</p> <p>We fixed it. But I spent the following week thinking about the actual problem — which wasn't the bug. It was that our API had no shared contract for anything.</p> <h2> The naming problem REST never solved </h2> <p>Here is the specific thing that kept bothering me:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>DELETE /orders/123 </code></pre> </div> <p>Looks clean. But in our system, cancelling an order actually:</p> <ol> <li>Validates the order can be cancelled given its current state</li> <li>Issues a refund through Stripe</li> <li>Releases reserved inventory</li> <li>Sends a cancellation email to the customer</li> <li>Writes a compliance log entry</li> </ol> <p>The URL says <code>DELETE</code>. The operation does five things. Those two facts are not just different — they are actively misleading. Every developer who touches this endpoint has to go read the implementation to understand what they are actually calling. There is no other way to know.</p> <p>Multiply that by fifty endpoints. A hundred. Every URL is technically accurate and practically useless.</p> <h2> The fix: name the operation, not the noun </h2> <p>I started naming operations after what they actually do — not what noun they touch, but the whole operation.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># REST — says what thing, not what happens DELETE /orders/123 # PACT — says exactly what happens POST /api/v1/private/cancel-order-and-refund-and-notify </code></pre> </div> <p>That second URL is longer. It is also completely <strong>honest</strong>. You know what will happen before you call it. You know what to test. You know what to put in the incident report.</p> <p>I called this convention <strong>PACT</strong> — Protocol for Action-based Coordinated Transport.</p> <p>The resource segment of the URL is not a noun. It is a description of the full operation — whatever that involves, however many systems it touches.</p> <h2> The URL structure </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>POST /api/:version/:scheme/:resource </code></pre> </div> <p>Three segments after the prefix. That is all.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Segment</th> <th>What it is</th> <th>Examples</th> </tr> </thead> <tbody> <tr> <td><code>:version</code></td> <td>API contract version — team picks the format</td> <td> <code>v1</code> <code>v2</code> <code>2024-01</code> <code>stable</code> </td> </tr> <tr> <td><code>:scheme</code></td> <td>Access level — enforced before your code runs</td> <td> <code>public</code> <code>private</code> <code>internal</code> </td> </tr> <tr> <td><code>:resource</code></td> <td>The full operation name</td> <td><code>cancel-order-and-refund-and-notify</code></td> </tr> </tbody> </table></div> <h3> Simple operations </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>POST /api/v1/public/fetch-product-catalogue POST /api/v1/private/update-billing-address POST /api/v1/private/delete-draft-post </code></pre> </div> <h3> Compound operations — where this shines </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>POST /api/v1/private/register-user-and-send-welcome POST /api/v1/private/cancel-order-and-refund-and-notify POST /api/v1/private/downgrade-plan-and-prorate-and-email POST /api/v1/internal/expire-stale-sessions-and-audit-log </code></pre> </div> <p>Read those compound operations. You know exactly what they do. No docs needed. No implementation dive. No guesswork.</p> <p>When you ship v2, old and new run in parallel — clients migrate on their own timeline:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>POST /api/v1/private/cancel-order-and-refund <span class="c"># still running</span> POST /api/v2/private/cancel-order-and-refund <span class="c"># new contract alongside it</span> </code></pre> </div> <h2> Seven URL prefixes, one naming pattern </h2> <p>The same idea extends across every transport in your system:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>POST /api/:version/:scheme/:resource <span class="c"># application operations</span> POST /webhook/:provider/:event <span class="c"># Stripe, GitHub, SendGrid</span> WS /ws/:version/:resource <span class="c"># real-time bidirectional</span> GET /stream/:version/:resource <span class="c"># SSE — server pushes to client</span> POST /events/:version/:resource <span class="c"># internal event bus</span> POST /rpc/:version/:resource <span class="c"># service-to-service calls</span> GET /health <span class="c"># liveness — no version needed</span> </code></pre> </div> <p>One naming convention. Every transport. If you know what something does, you know what it is called — regardless of how it travels.</p> <h2> Responses: always HTTP 200, always the same shape </h2> <p>This is the other half of what the incident exposed. Every endpoint had invented its own error format.</p> <p>PACT fixes it with one rule: <strong>always HTTP 200</strong>. Success or failure lives inside the body.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="err">//</span><span class="w"> </span><span class="err">Works</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"success"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"requestId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"req_a3f9b2c1"</span><span class="p">,</span><span class="w"> </span><span class="nl">"data"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"orderId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ord_789"</span><span class="p">,</span><span class="w"> </span><span class="nl">"refunded"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"meta"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"duration"</span><span class="p">:</span><span class="w"> </span><span class="mi">42</span><span class="p">,</span><span class="w"> </span><span class="nl">"cached"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="err">//</span><span class="w"> </span><span class="err">Fails</span><span class="w"> </span><span class="err">—</span><span class="w"> </span><span class="err">still</span><span class="w"> </span><span class="err">HTTP</span><span class="w"> </span><span class="mi">200</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"success"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"requestId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"req_a3f9b2c1"</span><span class="p">,</span><span class="w"> </span><span class="nl">"error"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"category"</span><span class="p">:</span><span class="w"> </span><span class="s2">"CONFLICT"</span><span class="p">,</span><span class="w"> </span><span class="nl">"code"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ORDER_ALREADY_CANCELLED"</span><span class="p">,</span><span class="w"> </span><span class="nl">"message"</span><span class="p">:</span><span class="w"> </span><span class="s2">"This order cannot be cancelled"</span><span class="p">,</span><span class="w"> </span><span class="nl">"retryable"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"source"</span><span class="p">:</span><span class="w"> </span><span class="s2">"runner"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"meta"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"duration"</span><span class="p">:</span><span class="w"> </span><span class="mi">8</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><code>requestId</code> is present on every response — success or failure. Write your error handling once. It works on every endpoint, every version, forever.</p> <h2> Eight error categories </h2> <p>No more arguing about 422 vs 400 vs 409:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Category</th> <th>Retry?</th> <th>When</th> </tr> </thead> <tbody> <tr> <td><code>VALIDATION</code></td> <td>No</td> <td>Bad input — wrong types, missing fields</td> </tr> <tr> <td><code>AUTH</code></td> <td>No</td> <td>Token missing or invalid</td> </tr> <tr> <td><code>FORBIDDEN</code></td> <td>No</td> <td>Valid token, wrong permissions</td> </tr> <tr> <td><code>NOT_FOUND</code></td> <td>No</td> <td>The thing does not exist</td> </tr> <tr> <td><code>CONFLICT</code></td> <td>No</td> <td>Wrong state — duplicate, already done</td> </tr> <tr> <td><code>RATE_LIMITED</code></td> <td>✅ Yes</td> <td>Too many requests — wait and retry</td> </tr> <tr> <td><code>INTERNAL</code></td> <td>✅ Yes</td> <td>Server error</td> </tr> <tr> <td><code>UNAVAILABLE</code></td> <td>✅ Yes</td> <td>Dependency is down</td> </tr> </tbody> </table></div> <p><code>retryable: true</code> = try again. <code>retryable: false</code> = fix the request first. That is all your client needs to decide what to do next.</p> <h2> Per-operation files — contract.ts and runner.ts </h2> <p>Each operation is a folder:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>/transports/api/v1/cancel-order-and-refund/ contract.ts ← rules — declared here, enforced automatically runner.ts ← business logic only test.spec.ts </code></pre> </div> <p><strong><code>contract.ts</code></strong> — you declare, the framework enforces:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">const</span> <span class="nx">contract</span> <span class="o">=</span> <span class="p">{</span> <span class="na">scheme</span><span class="p">:</span> <span class="dl">'</span><span class="s1">private</span><span class="dl">'</span><span class="p">,</span> <span class="na">schema</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">object</span><span class="p">({</span> <span class="na">orderId</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">(),</span> <span class="na">reason</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">optional</span><span class="p">(),</span> <span class="p">}),</span> <span class="na">idempotency</span><span class="p">:</span> <span class="p">{</span> <span class="na">required</span><span class="p">:</span> <span class="kc">true</span> <span class="p">},</span> <span class="c1">// ← prevents the double-charge incident</span> <span class="na">cache</span><span class="p">:</span> <span class="p">{</span> <span class="na">enabled</span><span class="p">:</span> <span class="kc">false</span> <span class="p">},</span> <span class="na">rateLimit</span><span class="p">:</span> <span class="p">{</span> <span class="na">rpm</span><span class="p">:</span> <span class="mi">30</span> <span class="p">},</span> <span class="p">}</span> </code></pre> </div> <p><strong><code>runner.ts</code></strong> — zero protocol knowledge. No HTTP. No auth checks. No rate limiting. All of that is already handled before your code runs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="k">default</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">run</span><span class="p">(</span><span class="nx">ctx</span><span class="p">:</span> <span class="nx">PactContext</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// ctx.payload — validated, matches schema exactly</span> <span class="c1">// ctx.identity — logged-in user (null if public)</span> <span class="c1">// ctx.tenant — resolved tenant (null if single-tenant)</span> <span class="c1">// ctx.version — 'v1', 'v2' — read-only, for logging only</span> <span class="kd">const</span> <span class="nx">order</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nx">orders</span><span class="p">.</span><span class="nf">find</span><span class="p">(</span><span class="nx">ctx</span><span class="p">.</span><span class="nx">payload</span><span class="p">.</span><span class="nx">orderId</span><span class="p">)</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">order</span><span class="p">)</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">NotFoundError</span><span class="p">(</span><span class="dl">'</span><span class="s1">ORDER_NOT_FOUND</span><span class="dl">'</span><span class="p">)</span> <span class="k">await</span> <span class="nx">stripe</span><span class="p">.</span><span class="nf">refund</span><span class="p">(</span><span class="nx">order</span><span class="p">.</span><span class="nx">paymentId</span><span class="p">)</span> <span class="k">await</span> <span class="nx">email</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="dl">'</span><span class="s1">cancellation</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="nx">order</span> <span class="p">})</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nx">orders</span><span class="p">.</span><span class="nf">cancel</span><span class="p">(</span><span class="nx">order</span><span class="p">.</span><span class="nx">id</span><span class="p">)</span> <span class="k">return</span> <span class="p">{</span> <span class="na">cancelled</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">refunded</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}</span> <span class="c1">// PACT wraps it: { success: true, data: { cancelled: true, refunded: true } }</span> <span class="p">}</span> </code></pre> </div> <p>The double-charge from my incident? Solved by <code>idempotency: { required: true }</code>. Client sends <code>X-Idempotency-Key</code>. Same key seen again — stored result returned immediately, runner never executes twice. Declared at the contract level. Visible. Auditable. Automatic.</p> <h2> Versioning and deprecation </h2> <p>When v1 is being retired in favour of v2, you set one field:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// /transports/api/v1/cancel-order-and-refund/contract.ts</span> <span class="nx">deprecated</span><span class="p">:</span> <span class="dl">'</span><span class="s1">2026-06-01</span><span class="dl">'</span> <span class="c1">// 90-day minimum window required</span> </code></pre> </div> <p>From that point, every response includes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="nl">"meta"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"duration"</span><span class="p">:</span><span class="w"> </span><span class="mi">24</span><span class="p">,</span><span class="w"> </span><span class="nl">"cached"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"deprecation"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2026-06-01"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Plus a standard <code>Sunset</code> HTTP header that infrastructure tools read automatically. After the date, the route returns <code>VERSION_RETIRED</code> under <code>UNAVAILABLE</code> — not a silent 404. Clients get a clear, machine-readable signal that they need to upgrade.</p> <h2> Tenant context — not in the URL </h2> <p>Multi-tenancy lives in context, not path segments:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>JWT token claim → wins always X-Tenant-ID header → fallback when token has no tenant claim Neither present → single-tenant mode — not an error </code></pre> </div> <p>No <code>/api/v1/acme/private/cancel-order</code> in your routes. The URL says what happens. The context carries who is asking.</p> <h2> The folder structure </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>/transports ← all communication channels /api /v1 /cancel-order-and-refund contract.ts runner.ts test.spec.ts /register-user-and-send-welcome contract.ts runner.ts test.spec.ts /v2 /cancel-order-and-refund ← new contract, runs in parallel contract.ts runner.ts test.spec.ts /webhook /stripe /payment-succeeded /ws/v1/order-tracking-updates /stream/v1/activity-feed /events/v1/order-placed /rpc/v1/check-permissions /core ← framework — never edit for features /adapters ← outbound: stripe, sendgrid, openai, anthropic /queue publisher.ts consumer.ts /jobs ← background jobs are queue consumers /send-invoice-reminders /expire-stale-sessions /libs ← all shared internal code /utils /types /constants /validators /errors /helpers /middleware /config server.ts </code></pre> </div> <p>A new developer gets a bug report on <code>POST /api/v1/private/cancel-order-and-refund</code>. They open <code>/transports/api/v1/cancel-order-and-refund/runner.ts</code>. One path. No searching.</p> <h2> What I actually learned </h2> <p>The most valuable thing about operation-based naming was something I did not expect: it forced clearer thinking at design time.</p> <p>When you have to write <code>cancel-order-and-refund-and-notify</code> as a URL, you commit to that operation as a unit. You think about what complete success means. You think about partial failure. You think about idempotency. You think about the audit trail.</p> <p>When you write <code>DELETE /orders/123</code>, you are thinking about a resource state change — not the five downstream effects. That difference in framing is where a lot of production incidents are born.</p> <p>The URL is a contract with everyone who reads it. It should be honest.</p> <h2> What PACT is — and is not </h2> <p><strong>Not</strong> a framework. <strong>Not</strong> a package. <strong>Not</strong> a spec with a committee.</p> <p>A convention — a set of rules a team agrees to follow. You implement it in whatever language and stack you already use. The value is consistency: every operation behaves the same way, reports errors the same way, handles retries the same way, deprecates the same way.</p> <p>I built a full specification covering all seven transports, the complete request/response envelope, eight error categories, a 20-step middleware chain, versioning and deprecation contract, folder structure, and a compliance checklist. Drop a comment if you want it.</p> <p><strong>Does operation-based naming resonate with you? Where does it break down? What would you change?</strong></p> <p><em>PACT — Protocol for Action-based Coordinated Transport</em></p> webdev api architecture typescript