Trezor Bridge® | Connect Your Trezor to Web Browsers
Trezor Bridge® — Connect Your Trezor to Web Browsers
A small background bridge that creates a secure, local connection between your Trezor hardware wallet and browser-based apps. Fast, minimal, and privacy-first — built for interacting with the web while your device stays offline and safe.
What is Trezor Bridge?
Why you need it
Browser security models intentionally isolate web pages from direct hardware access. Trezor Bridge creates a deliberate, permissioned pathway so that dapps and wallets can open a channel to your Trezor device — but only after your explicit consent. This preserves the security model of the hardware wallet while enabling modern, convenient web integrations.
How it works — short version
When installed, Bridge listens on a local endpoint (localhost / native messaging) and accepts strictly typed requests from authorized browser clients. When a request requires a user action (e.g., sign transaction), the Trezor device prompts for physical confirmation. Private keys never leave the Trezor.
// Example: a browser wallet calls Bridge
fetch('http://localhost:21324/x/trezor-connect', {method:'POST', body: JSON.stringify({path: 'm/44\'/0\'/0\'/0/0'})})
// Bridge forwards to Trezor device via USB and returns the result to the browser.
Supported platforms
Installation — detailed
Windows
Download the .exe installer. If you see a SmartScreen or driver prompt, confirm the action — Bridge needs to register a local service and may require driver installation for older devices. After install, Bridge runs as a background process and registers the native messaging host for supported browsers.
macOS
Mount the .dmg, drag Bridge to Applications, and open it. On first start macOS will ask for permission to run an app downloaded from the internet — confirm. For Apple Silicon, use the universal binary or Homebrew formula where available.
Linux
Most distributions can use a .deb or .rpm package. AppImage provides a portable option. After installation, you may need to add a udev rule to allow non-root access to USB devices (the package usually installs this for you). If your browser supports native messaging, Bridge will register the host automatically.
Troubleshooting & common issues
Security & privacy
Bridge is intentionally minimal: it forwards typed requests between browser and device and does not collect or transmit your keys, transaction data, or personal information to external servers. When you approve an action on-device, the device signs locally and returns only the necessary public payloads to the requesting app. Always download Bridge from the official Trezor website and verify checksums/signatures when possible.
Best practices
- Only install Bridge from the official site or verified package repositories.
- Keep firmware and Bridge up to date.
- Use verified browser wallets and double-check origin URLs before approving requests on the device.
- When not in use, unplug your Trezor and close Bridge if you prefer an extra layer of physical isolation.
Developer notes
Developers building browser integrations should use the Trezor Connect library or call Bridge's local API following the published JSON-RPC schema. Bridge enforces CORS-like checks and origin validation — requests from unknown origins will be rejected until the user grants permission via a browser prompt.
{
"type": "call",
"method": "getAddress",
"payload": {"path":"m/44'\/0'\/0'\/0/0"}
}
Test with the official Trezor Suite and example wallets to verify behavior across browsers. When distributing a dapp, include clear instructions for users about Bridge installation and permissions.
FAQ
Change log (high level)
- v2.0 — Modernized native messaging, improved multi-OS packaging, performance improvements.
- v1.x — Initial cross-platform support and USB stability fixes.
For detailed release notes and binary checksums, always consult the official Trezor releases page.