trezor bridge — secure developer integration & API notes. Guide for developers integrating Trezor devices: origin handshake, structured JSON calls, port handling, and migration to Trezor Suite APIs.
origin handshake and local service model
Design your integration to require explicit user interaction for signing. On the client side, the origin prompt must be presented and accepted; only then will the local Bridge/Suite accept structured JSON requests. Never assume automatic connection — always build UX flows that wait for user confirmation and clearly explain operations (amounts, addresses, opcodes) before sending them to the device.
sample request flow
Typical flow: the web wallet detects a connected device (or Bridge/Suite), sends an origin handshake, receives an acknowledgment, and then submits a JSON request describing the transaction or operation. The Trezor device displays the transaction summary and requires a physical confirmation before signing.
developer checklist
Checklist for production integrations: validate origins, sanitize all inputs, do not cache or record sensitive info, implement retry/backoff for connection attempts, provide clear error messages referencing official guides, and test with latest firmware and Suite versions.
example pseudo-request
{
"method":"signTransaction",
"params":{
"input":[...],
"output":[...],
"origin":"wallet.example.com"
}
}
migrating to modern Suite APIs
Where possible, use the modern Suite or official library integrations maintained in the Trezor GitHub ecosystem. These are kept up-to-date with security fixes and improved UX flows; standalone Bridge usage should be minimized for newly written integrations.
resources
Official developer pages and the GitHub repositories provide API references and example integrations. Always cite official docs in your integration and provide upgrade paths for users if Bridge becomes deprecated for your target flows.