Welcome to the Trezor Suite® – Getting Started™ Developer Portal, your comprehensive guide designed to empower developers integrating or extending the Trezor Suite ecosystem.
This portal helps developers navigate the practical steps, best practices, and workflows required to create secure and efficient tools ranging from small plugins to full production-grade integrations.
You will need a Trezor device (Model T or Model One) and a verified developer account for access to the developer portal. While emulators and testnets can simulate many flows, hardware testing on an actual device is strongly recommended for production-ready apps.
Ensure Node.js (LTS), a modern browser (such as Chrome, Firefox, or Brave), and Git are installed. Familiarity with terminal commands will streamline your setup process.
mkdir trezor-dev-portal
cd trezor-dev-portal
npm init -y
npm install axios express dotenv
Create a .env file to securely store environment variables and API keys. Never commit your secrets to version control.
PORT=3000
TREZOR_API_URL=https://developer.trezor.io/api
TREZOR_CLIENT_ID=your-client-id
TREZOR_CLIENT_SECRET=your-secret
Use a dedicated local profile or Docker container for isolation and enhanced security. Tools like ngrok can expose your local server through a secure public URL, useful for webhooks.
The OAuth 2.0 authorization code flow with PKCE is the most secure option for browser-based apps, minimizing client secret exposure risks.
Backend services should utilize short-lived service keys, storing them securely with secrets managers such as HashiCorp Vault, AWS Secrets Manager, or Azure Key Vault, and implement automatic rotation.
Accessible API endpoints provide structured interactions for device management, transactions, user profiles, webhooks, and emulators:
/v1/devices — Query device metadata and capabilities/v1/transactions — Create, sign, and broadcast wallet transactions/v1/users — Access user profiles and developer account information/v1/webhooks — Register callbacks for device and transaction events/v1/simulators — Manage emulated devices for automated testingAll API communication uses JSON over HTTPS, with these headers:
Accept: application/jsonContent-Type: application/jsonAuthorization: Bearer <token> (when required)const axios = require('axios');
async function fetchDevices(token) {
const res = await axios.get(process.env.TREZOR_API_URL + '/v1/devices', {
headers: { Authorization: `Bearer ${token}` }
});
return res.data;
}
Never expose the full unsigned payload to untrusted clients. Keep sensitive operations server-side, and use the device as the final trusted signing step.
Check USB permissions, update firmware, verify USB cable and ports, and ensure firewall or bridge process isn’t blocking communication.
Verify client ID and secret, check server clock synchronization, and confirm tokens are valid and not revoked.
Below are placeholder links to internal documents that you may customize:
The portal provides APIs and developer tools to build integrations and interact securely with Trezor hardware wallets and the Trezor Suite ecosystem.
While emulators allow simulated testing, it is strongly recommended to test on a physical device before production deployment.
Store keys securely using secrets management systems and rotate them regularly to minimize risk.
Yes. OAuth 2.0 with PKCE is recommended for web apps, while API key/secret pairs are suitable for server-to-server communication.
Check USB permissions, firmware versions, try different cables or ports, and ensure no firewall or bridge issues block communication.