OSPP Logo Open Self-Service Point Protocol

Open Self-Service Point Protocol

An open specification for secure, interoperable communication between self-service infrastructure devices and central management systems.

STATUS: DRAFT VERSION: v0.1.0 TRANSPORT: MQTT 5.0 / BLE / REST SECURITY: mTLS + HMAC SANDBOX: LIVE
Read the Specification Try the Sandbox Report Issues

Quick Links

Specification
github.com/ospp-org/spec
JSON Schemas
75 schema files (MQTT, BLE, Common)
PHP SDK
ospp/protocol on Packagist
CSMS Sandbox
csms-sandbox.ospp-standard.org
Station Simulator
github.com/ospp-org/station-simulator
Flow Examples
12 documented message flows
26
MQTT Actions
75
JSON Schemas
12
Flow Examples
14
Conformance Rules

Ecosystem

Everything you need to implement, test, and validate OSPP-compliant devices.

Specification

Protocol spec with 8 chapters covering architecture, transport, messages, state machines, security, configuration, errors, and profiles.

MQTT 5.0 BLE GATT REST mTLS
View Spec

CSMS Sandbox

Hosted testing environment. Register, connect your station via MQTT, get real-time conformance feedback. 26/26 actions, 14 behavior rules.

LIVE TLS Free
Open Sandbox

Station Simulator

Simulate 1-N OSPP stations. YAML scenario engine, 41 built-in scenarios, REST API, WebSocket push. For development and automated testing.

PHP 8.3+ MIT
View Repo

PHP SDK

Protocol enums, JSON schemas, message builder, schema validator. Install via Composer. Used by both Sandbox and Simulator.

Composer v0.2.1
Packagist

CSMS Sandbox — Test Your Station in Minutes

The hosted sandbox validates your station's MQTT messages against the OSPP specification in real time. No setup required — register, connect, and start testing.

Connect

Register at the sandbox, get MQTT credentials, connect via TLS on port 8883. Code snippets provided for Python, C, and JavaScript.

Test

Send BootNotification, Heartbeat, StatusNotification. Receive commands: StartService, Reset, UpdateFirmware, and 11 more. All validated against JSON schemas.

Verify

Conformance dashboard shows pass/fail per action with 14 behavior rules. Export reports as PDF or JSON. Live monitor shows messages in real time.

Register for Free Quick Start Guide

What OSPP covers

  • Device onboarding and authentication
  • Session management (start, stop, meter values)
  • Reservations and cancellations
  • Remote commands (reset, firmware, diagnostics)
  • Configuration management
  • Offline mode and reconciliation
  • Certificate lifecycle
  • Bay state machine (7 states, 17 transitions)

What OSPP is not

OSPP is not a product or a cloud platform. It is a protocol specification. Implementations may differ as long as they remain interoperable and compliant with the spec.

OSPP does not prescribe payment processing, user authentication flows, or business logic. It handles the communication layer between devices and management systems.

Design goals

  • Security-first (mTLS, HMAC signing, replay protection)
  • Interoperability across vendors
  • IoT-friendly transport (MQTT 5.0)
  • Offline resilience
  • Clear versioning and profiles
  • Machine-readable schemas (JSON Schema)

Use Cases

Car Wash Stations

Multi-bay self-service car wash with payment, session management, and meter values tracking.

Vending Machines

Remote inventory monitoring, service catalog updates, and transactional reporting.

Kiosks & Terminals

Self-checkout, ticketing, and access control with remote diagnostics and firmware management.

Security

OSPP is designed with a security-first posture: mutual TLS for all connections, HMAC-SHA256 message signing, replay protection via monotonic counters, and certificate lifecycle management. Security guidance is maintained in the spec repository.

For responsible disclosure of security vulnerabilities: security@ospp-standard.org

Contact

General inquiries, partnerships, and contributions: contact@ospp-standard.org

For specification discussions and proposals, use GitHub Issues in the spec repository.