Ledger® Wallet  —  Getting Started™ Developer Portal

A concise developer onboarding guide: SDKs, integration patterns, Ledger Live connectivity, security recommendations, testing, and publishing your Ledger® app or integration.

Overview

Ledger® provides hardware security for private keys and cryptographic operations. As a developer, you can build integrations that interact with Ledger® Wallet devices via SDKs, the WebUSB/WebHID bridge, or Ledger Live. This portal summarizes how to get started quickly and securely.

Note: Use only official Ledger® documentation and SDKs when building integrations. Signing operations should always occur on the device to ensure keys never leave secure hardware.

1. Environment Setup

  1. Install prerequisites: Node.js (LTS), Python (for some tools), and your preferred package manager.
  2. Get a Ledger® device: Use a test device with a fresh firmware where possible. Ensure the device firmware is up to date via Ledger Live.
  3. Developer tools: Install npm/yarn, ledgerctl (if applicable), and configure USB permissions on Linux/macOS for WebHID/WebUSB testing.

2. SDKs & Tools

Ledger® provides several SDKs and libraries to help you integrate device functionality into apps:

  • ledgerjs: JavaScript libraries for APDU transport, Ledger device communication, and common app helpers.
  • Speculos: Device emulator for testing your app without hardware.
  • BOLOS SDK: The low-level SDK for building Ledger® native apps (C-based); use for firmware-level development.
  • Ledger Live SDK: If integrating into Ledger Live, follow Ledger's partner guidelines and API contracts.
Tip: Use Speculos for CI testing to validate flows automatically before accessing physical devices.

3. Common Integration Patterns

  1. Web apps: Use ledgerjs with WebUSB/WebHID to request user signature prompts. Always display transaction details in clear human-readable form before requesting signatures.
  2. Backend signing: Avoid storing keys on servers. Instead, orchestrate unsigned transactions server-side and prompt the Ledger® device for signing on the client.
  3. Native apps: Use platform-specific transports (HID/USB) and the Ledger® SDK to interface with devices from desktop/mobile applications.

4. Integrating with Ledger Live

Ledger Live is Ledger's official desktop and mobile portfolio manager. Partner integrations require following Ledger's guidelines and approval process. If you plan to add support for a coin or feature through Ledger Live, follow the contributor and app review workflows in the official docs.

Important: Ledger Live may require additional security and UX checks. Coordinate with Ledger's integrations team when targeting Live integration.

5. Security Best Practices

  • Never export private keys from the device. All signing must occur on-device.
  • Validate user-facing transaction details twice: in your app UI and on the device screen.
  • Use secure transport channels and avoid logging sensitive APDU payloads in production logs.
  • Audit third-party dependencies and minimize privilege scope for integrations and API keys.
Security note: If a user reports unexpected signatures or prompts, advise them to stop and verify the transaction details on the device. Compromised hosts or browser extensions may attempt to trick users.

6. Testing, Continuous Integration & Publishing

Testing and reproducible builds are crucial for Ledger® integrations. Recommended steps:

  1. Unit & integration tests: Cover APDU flows with mocked transports and Speculos.
  2. CI pipelines: Run emulator tests in CI and restrict access to hardware devices in build environments.
  3. Security review: Perform internal security reviews and coordinate with Ledger if requesting Ledger Live inclusion.
  4. Documentation: Publish clear integration docs, example code, and step-by-step onboarding for developers and end users.