What is a Location?
A Location represents a physical site where one or more charging stations are installed — for example, a parking garage, office building, or housing complex. Locations are used to:
Group charging stations by physical site
Manage charging access via token groups (a token group linked to a location grants access to all chargers at that location)
Organize your fleet geographically
Each location has a name, address, and other details. Charging stations must be assigned to a location for token-group-based access control to work.
What is a Local Token?
A Local Token represents a charge card (RFID tag) registered in Eve Control. Each token has:
Hidden ID (UID) – the internal identifier stored on the card’s chip, used for authentication
Visual ID – the number printed on the card
Description – a human-readable label (e.g. the cardholder’s name)
Tokens can be valid/invalid and blocked/unblocked. A token must be valid and not blocked to authorize charging. Tokens can be given charging access either directly (per charger) or through token groups (per location).
What is a Local Token Group?
A Local Token Group is a collection of tokens that share the same charging access. Instead of configuring access for each token individually, you:
Create a token group
Add tokens to the group
Link the group to one or more locations
All tokens in the group can then charge at all stations in those locations. Groups can be enabled or disabled — disabling a group instantly revokes access for all tokens in it.
How do I make sure a charge card can charge?
For a charge card to successfully start a session, all of the following must be true:
The card is registered as a Local Token in Eve Control
The token is valid (not invalidated)
The token is not blocked
The token has access to the charger, either:
Directly: the token is added to the charger’s local token list, or
Via group: the token is in a token group that is linked to a location containing the charger
If using a token group: the group is enabled
What is a Backoffice connection?
A Backoffice connection is the link between a charging station and a Charge Point Management System (CPMS) over the OCPP protocol. Eve Control is always connected to every charger you claim and provides visibility and management. You can additionally connect one third-party backoffice (e.g. ICU Connect, has-to-be, or your own CPMS) which then becomes the primary backoffice and takes over authorisation, transaction handling, and other CPMS responsibilities. See section 9.
What is “primary backoffice” mean?
The primary backoffice is the third-party CPMS that a charger forwards its OCPP traffic to. The primary is responsible for authorisation (deciding whether a charge card can charge), transaction handling (start/stop, billing data), and similar CPMS operations. Eve Control keeps a parallel connection for management and observability, but the primary’s decisions are authoritative on the charger. A charger can be linked to at most one primary backoffice.
Can I add my own backoffice if it’s not in the list?
Yes. In the Set primary backoffice dialog, pick Define new backoffice... from the dropdown, then enter a name and the OCPP WebSocket URL of your CPMS. The new backoffice is created as a private backoffice belonging to your organisation, can be reused for other chargers you own, and is connected to the current charger as the primary in one step. See section 9, Option B.
What is the difference between MASTER and READONLY backoffice?
MASTER – the primary backoffice that controls the charger. It can authorize tokens, start/stop sessions, change configuration, and send firmware updates. A charger can have only one MASTER.
READONLY – receives status updates and data from the charger but cannot send commands. Use this when you want Eve Control to monitor the charger while a third-party system manages it.
When forwarding to a primary backoffice, set Eve Control to READONLY and the external system to MASTER.
How do I remove a charging station from a location?
Open the charger’s detail page, go to the Locations tab, and click the trash icon next to the location. Confirm by typing the required text. Alternatively, open the location, go to the Charging stations tab, and remove the charger from there.
How do I block or unblock a token?
Navigate to Local tokens, click on the token to open its detail panel. You will see the Blocked status. Click the Block or Unblock button and confirm. A blocked token cannot start charging sessions, even if it has access to a charger.
How do I validate or invalidate a token?
Navigate to Local tokens, click on the token to open its detail panel. You will see the Valid status. Click the Validate or Invalidate button and confirm. An invalidated token cannot authorize charging. Newly created tokens are valid by default.
How do I enable or disable a token group?
Navigate to Local token groups, click on the group to open its detail panel. You will see the Enabled status. Click Enable token group or Disable token group and confirm. When a group is disabled, none of the tokens in it can charge via that group’s location links.
What happens if I delete a token group?
Deleting a token group removes it permanently. All tokens that were in the group lose the location-based access that the group provided. The tokens themselves are not deleted — they remain in your token list but will no longer have access through that group. If those tokens also have direct charger access, that access is not affected.
Can one token be in multiple token groups?
Yes. A token can belong to multiple token groups. Its effective access is the union of all locations linked to all groups it belongs to. For example, if a token is in Group A (linked to Location 1) and Group B (linked to Location 2), it can charge at both locations.
Can one token group be linked to multiple locations?
Yes. A token group can be linked to multiple locations. All tokens in the group will have access to all chargers at every linked location.
How do I check if a token has charging access?
Navigate to Local tokens, click on the token, then go to the Charging stations tab. This shows all chargers the token has direct access to. To check group-based access, look at the Local token groups tab to see which groups the token belongs to, then check which locations each group is linked to.
What is OCPP?
OCPP (Open Charge Point Protocol) is the industry-standard communication protocol between charging stations and backoffice systems. Alfen chargers use OCPP to communicate with Eve Control (and other CPMS platforms). OCPP handles authentication, session management, configuration, firmware updates, and diagnostics. Eve Control supports OCPP 1.6.
How do I view charger logs?
Navigate to Charging Stations, click on a charger, then select the Logging tab. This shows all OCPP messages between the charger and Eve Control in real time, including authorization requests, session events, configuration changes, and status notifications.
What is the difference between WS and WSS?
WS (ws://) – an unencrypted WebSocket connection. Data between the charger and Eve Control is sent in plain text, which means it can potentially be intercepted or tampered with.
WSS (wss://) – a secure WebSocket connection encrypted with TLS (the same technology used for HTTPS). All communication is protected against eavesdropping and tampering.
WSS is the recommended protocol for production use. WS is only used as an initial connection method when migrating chargers remotely via OCPP, because the charger may not yet have the required TLS root certificate.
Why do remotely migrated chargers initially connect via WS instead of WSS?
When migrating a charger remotely via OCPP from another backoffice (Option B in
section 1), the charger may not yet have the TLS root certificate needed to establish a secure
wss:// connection to Eve Control. Using
ws:// allows the charger to connect initially so that a
security firmware update can be performed through Eve Control to install the certificate and switch to
wss://.
How do I switch a charger from WS to WSS?
Perform a
security firmware update via the charger’s
Firmware tab in Eve Control. This update installs the required TLS root certificate and automatically reconfigures the charger’s OCPP connection URL from
ws://ocpp.alfen.com/ to
wss://ocpp.alfen.com/. The charger will reboot and reconnect securely. See
section 10 for step-by-step instructions.
Do chargers connected via local installation tooling also need a security firmware update?
No. When you connect a charger using the
Service Installer,
MyEve, or
Eve Install app with the Eve Control preset (Option A in
section 1), the charger is configured to use
wss:// from the start. The security firmware update is only needed for chargers that were migrated remotely via OCPP using an initial
ws:// connection.
What is the difference between direct access and location-based access?
Direct access — you link a token directly to a charging station. Simple but requires managing each token-charger pair individually.
Location-based access — you place tokens in a group, link the group to a location, and assign chargers to that location. More scalable: adding a new charger to the location automatically gives all tokens in linked groups access to it.
You can use both methods simultaneously. A token can have direct access to some chargers and group-based access to others.
What happens to a user without an organisation or roles?
A user who has an organisation but no role lands on a controlled page after login — they cannot reach the rest of the app until they have a role:
User in an organisation but with no role → redirected to the Request Access page. From there the user can ask the organisation admin for a role. The admin can approve (by assigning a role) or deny the request. See section 20.
Brand-new self-registered user → if their organisation does not exist yet, they create it during sign-up and start using Eve Control as its first admin. If it already exists, they see a Request Access button (or, when the organisation has no admin yet, a message to contact Alfen support). See section 23.
How do I unlock a charger’s connector remotely?
Navigate to Charging Stations, click on the charger, and click the unlock icon on the Overview tab. Confirm the action. You can verify it worked by going to the Logging tab and checking for an UnlockConnector message with the result “Unlocked”.
How do I change an OCPP configuration parameter on a charger?
Open the charger’s detail page and go to the Configuration tab. Use the filter field to find the parameter, then click the edit icon to change its value. After saving, check the Logging tab to verify the change was accepted by the charger. You can also add entirely new parameters using the “Add variable” button.
How do I download diagnostics from a charger?
Open the charger’s detail page and go to the Diagnostics tab. Select a date range using the calendar picker, then click Send request. The charger will process the request and upload the diagnostics. This may take 20 seconds or more. Check the Logging tab for a DiagnosticsStatusNotification with status “Uploaded” to confirm completion.
What are the available user roles?
Eve Control ships with three built-in organisation roles. Role names use British spelling (Organisation):
Organisation Admin — full access inside the organisation: manages users, approves access requests, claims chargers, manages locations, tokens, token groups, and primary backoffices.
Organisation Technician — operational access: onboards chargers, edits configuration, requests diagnostics, runs firmware updates.
Organisation User — read access for everyday users: sees chargers, locations, and charging sessions.
Role assignment is managed on each user’s detail panel in the Users page. See section 22: Users & Roles.
What does the Security tab on a charger do?
The Security tab controls which token authorisation profiles are active on the charger. For example, the local-token-group profile enables location-based access via token groups. You can drag profiles between “Active” and “Available” lists. Removing local-token-group from the active list means tokens with group-based access can no longer charge at that charger, even if all other conditions are met.
How do I find the Hidden ID of an RFID charge card?
The
Hidden ID (also called UID or token ID) is the internal identifier stored on the card’s RFID chip. It is required when creating a Local Token in Eve Control. Unlike the Visual ID printed on the card, the Hidden ID is not directly visible. There are several ways to find it. See
section 18: Finding the Hidden ID of a Charge Card for detailed step-by-step instructions with screenshots.
How do I add a brand-new charger that does not exist in the platform yet?
Use the Add Device button on the Charging Stations page, enter the charger’s OCPP Identifier (the identifier with which the charger communicates to the backoffice — not necessarily its serial number), and click Check. If the charger is not yet known to Eve Control, a Create form appears: pick the charger model and submit. This creates the device so it can connect for the first time. See section 2 for the full walkthrough.
Can I connect a charger to more than one third-party backoffice?
No. Eve Control supports at most one primary backoffice per charger. If you need to switch to a different one, remove the current entry from the Backoffice tab (trash icon, type delete to confirm) and then set the new one.
Where do I see who changed what?
Open the Audit Logs page from the sidebar. Every administrative change (creating / editing / deleting an entity, assigning a role, granting access, etc.) is recorded with a timestamp, actor, and event payload. You can filter by free text and by object type. Charging session events are not in audit logs — see the Charging Sessions page for those. See section 19.
