Off the Hook
Get an API key
Live on TRON Mainnet, Nile, Shasta

Webhooks for blockchains
everyone else forgot.

Real-time wallet activity notifications for TRON. Native + non-native token transfers, Standard Webhooks-compliant deliveries, signed payloads, and an AI-native API built for agents and MCP servers that need to know the moment a wallet moves.

Get an API keyView source

Free during beta · MIT licensed core · Self-hostable

POST /your-endpoint200 OK
webhook-signaturev1,YvZgRtxc42N…
webhook-idevt_8xN9kP2QbA
x-oth-subscription-idsub_3h6o11D…
{
  "id": "evt_8xN9kP2QbA",
  "kind": "wallet.transfer.broadcasted",
  "date": "2026-05-09T03:14:22Z",
  "data": {
    "chainId": "tron:mainnet",
    "from": "TQrZ9wBxn8...",
    "to": "TR7NHqjeKQ...",
    "amount": "1500000000",
    "asset": {
      "type": "fungible",
      "symbol": "USDT",
      "decimals": 6
    },
    "matchedAddresses": [
      { "address": "TQrZ9wBxn8...", "role": "from" }
    ]
  }
}
The gap

TRON is the world's stablecoin chain.
The webhook tooling never showed up.

Alchemy, Moralis, Blocknative — all pretend TRON doesn't exist. Two multi-chain providers ship a TRON afterthought. None of them are specialized. So every exchange, payment processor, and AI agent watching TRON wallets ends up writing the same polling loop, missing events, dropping reorgs, hand-rolling HMAC verification, and reinventing retries from scratch.

More than Ethereum
$85B
USDT on TRON
9× Ethereum
10M
daily transactions
Until now
0
specialized providers
How it works

Three seconds from on-chain to your inbox.

No nodes to run, no logs to grep, no parsers to write. The full pipeline — from TRON block to a signed POST at your endpoint — is operational in under one curl.

  1. 01

    We watch every block

    Distributed pollers across TRON Mainnet, Nile, and Shasta decode every TransferContract and TRC-20 Transfer log the moment a block produces. ~3 seconds end-to-end.

  2. 02

    Match against your addresses

    An in-process Cuckoo filter + hash map sees every transfer in the chain and fires on the addresses you've subscribed to — `from`, `to`, or both. Up to 50,000 watched addresses per subscription.

  3. 03

    Sign, send, persist

    Standard Webhooks-compliant HMAC-SHA256 signatures, delivery worker with exponential backoff, full audit log per event, manual retry endpoint. Verifiable with any Svix client library.

AI-native by default

Built for the agents about to flood the chain.

Autonomous wallets are no longer a thought experiment. Every payment processor with stablecoin rails and every MCP server worth using will need real-time on-chain awareness. We built the primitive so they don't have to.

MCP server (planned, Q3)

  • MCP servers

    Expose on-chain wallet events as a tool an agent can subscribe to. The webhook becomes the trigger; the agent reasons.

  • Trading agents

    Liquidity bots and arbitrage agents that need to know the millisecond a counterparty wallet moves — not the next time their poller wakes up.

  • Payment processors

    Stablecoin checkouts that confirm deposits in seconds instead of minutes. USDT-on-TRON dominates remittance flows; this is the missing primitive.

  • Compliance + analytics

    Real-time alerting on watchlisted addresses without polling getTransactionsByAccount on a 5-second loop.

DX-first

Two curls and a verify.

The whole API is a single resource — subscription. Standard Webhooks-compliant signatures verify with any Svix client library out of the box.

1. Create a subscriptionbash
curl -X POST https://api.offthehook.dev/v1/subscriptions \
  -H "Authorization: Bearer $OTH_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "destination": {
      "type": "https",
      "url":  "https://your-app.com/webhooks/tron"
    },
    "events": ["wallet.transfer.broadcasted"],
    "status": "enabled"
  }'
2. Add the addresses you care aboutbash
curl -X PATCH \
  https://api.offthehook.dev/v1/subscriptions/$SUB/filters/addresses \
  -H "Authorization: Bearer $OTH_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "add": [
      { "chainId": "tron:mainnet", "address": "TQrZ9wBxn8..." },
      { "chainId": "tron:mainnet", "address": "TR7NHqjeKQ..." }
    ]
  }'

# Atomic + per-item validation:
# {
#   "results": {
#     "added":   [...],
#     "skipped": [{ "input": {...}, "reason": "duplicate" }]
#   }
# }
3. Verify in TypeScript / Next.jstypescript
import { Webhook } from "svix";

const wh = new Webhook(process.env.WEBHOOK_SECRET!);

export async function POST(req: Request) {
  const body = await req.text();
  const headers = Object.fromEntries(req.headers);

  // Throws if signature is invalid.
  const event = wh.verify(body, headers);

  if (event.kind === "wallet.transfer.broadcasted") {
    const { from, to, amount, asset } = event.data;
    await ledger.recordIncoming({ from, to, amount, asset });
  }

  return new Response("ok", { status: 200 });
}
3. Verify in Gogo
import (
    svix "github.com/svix/svix-webhooks/go"
)

func handle(w http.ResponseWriter, r *http.Request) {
    body, _ := io.ReadAll(r.Body)
    wh, _ := svix.NewWebhook(os.Getenv("WEBHOOK_SECRET"))
    if err := wh.Verify(body, r.Header); err != nil {
        http.Error(w, "bad signature", 401)
        return
    }

    var evt struct {
        ID   string `json:"id"`
        Kind string `json:"kind"`
        Data json.RawMessage `json:"data"`
    }
    json.Unmarshal(body, &evt)
    // ... process
    w.WriteHeader(200)
}
Built right

Production-grade primitives, not a hackathon project.

Most "webhook" features ship the easy 80%. The remaining 20% — replay safety, dedup, rotation, SSRF, audit, retry classification — is where bugs live forever. We did them up front.

  • Standard Webhooks compliant

    v1,base64 signature format. Use any Svix verification library — Node, Python, Go, Rust, Ruby, PHP, Java — without changes.

  • Svix-shaped resource model

    subscription · destination · filters. Designed by people who run webhook infrastructure as a product. Adding new destination types or filter dimensions is additive — never a v2.

  • CAIP-2 chain identifiers

    tron:mainnet, tron:nile, tron:shasta. One handler covers every chain you watch.

  • Multi-secret rotation

    Rotate signing secrets with a configurable grace window. We sign with both old and new secrets simultaneously so you can roll out verification changes without downtime.

  • Idempotency, both directions

    Idempotency-Key on POSTs prevents duplicate subscriptions. The webhook-id header lets your handler dedupe receive-side. monotonic deliveryCount tracks all-time delivery success.

  • SSRF + DNS-rebind hardening

    Customer destination URLs are DNS-resolved at register time AND at every connect. Private/loopback/link-local/CGNAT ranges blocked.

  • Full event audit log

    Every delivery attempt persisted. Manual retry endpoint. Filter by status, chain, time range. Customer support is a SQL query, not a code archaeology dig.

  • HA on day one

    Two-machine deployment with Postgres advisory-lock leader election. Postgres-as-queue (SKIP LOCKED) so the delivery pipeline survives any single dependency outage.

Free during private beta.

Sign up, get a key, watch a wallet. Fair-use only — we'll reach out before metering kicks in. Self-host the open-source core whenever you want.

Get an API keyRead the source