Trustnex for Developers
Home Request Access

Trustnex for Developers

Make your IoT data independently verifiable. Any device. Any language.

Trustnex adds a cryptographic integrity layer to your telemetry data. Every measurement your device produces gets signed, aggregated into a Merkle tree, and anchored to a public blockchain. The result: anyone can verify that your data hasn't been tampered with — without trusting you or us.

You don't need to understand cryptography or blockchain to integrate. We handle all of that. Your code just sends data.

How It Works

Three stages, fully automated after initial setup:

StageWhat HappensWhere
1. SignEach measurement is cryptographically signed with Ed25519 the moment it's producedOn your device
2. AggregateSigned packets are verified and grouped into Merkle trees every hourTrustnex cloud
3. AnchorThe Merkle root is permanently recorded on a public blockchain (Hedera)Public ledger

Verification works in reverse: given any data point, check the device signature, prove it's in the Merkle tree, confirm the tree root is on the blockchain. Three independent checks, all public.

What You Get

Integration Approach

The integration is minimal by design. Your existing application stays unchanged — you add one HTTP call where your data is produced.

// Your existing code produces data
// Add one call to the local Trustnex agent:

sendToTrustnex({ temperature: 23.5, sensor_id: "S1" })

// The agent handles:
//   → Ed25519 signing
//   → Buffering if offline
//   → Forwarding to Trustnex cloud
//   → Blockchain anchoring (automatic)

The agent runs as a separate process alongside your application. If the agent stops — your application keeps working normally. If the network is down — data is buffered and sent later. Your core logic is never affected.

Supported Devices

Trustnex works with any device that can produce data. The integration pattern depends on your hardware capabilities.

Linux Devices

Raspberry Pi, industrial gateways, edge servers — the agent runs directly on the device. Your application sends data via a local HTTP call. This is the simplest integration path.

DeviceArchitectureIntegration
Raspberry Pi 4/5ARM64Agent on device
Raspberry Pi 3 / ZeroARM32Agent on device
BeagleBone, Jetson NanoARM64Agent on device
Industrial gateway (x86)AMD64Agent on device

Microcontrollers

STM32, ESP32, Arduino, and other MCUs typically don't run the agent directly. Instead, they send data to a gateway or cloud where signing happens.

SetupHow It Works
MCU → GatewayMCU sends data via UART/SPI/WiFi to a Linux gateway that runs the agent. No changes to MCU firmware.
MCU → Cloud → APIMCU sends data to your cloud backend. Your backend signs and forwards to Trustnex. Good when MCU already has WiFi/LTE.
MCU with cryptoSTM32 with hardware crypto (PKA) or ESP32 can sign Ed25519 on-device and call the API directly. Most secure option.

PLC & Industrial Systems

For PLCs and SCADA systems, a collector script on an edge PC reads values via Modbus, OPC-UA, or Profinet and forwards to the local agent. No changes to the PLC program.

Language Support

The agent accepts data via HTTP — any language that can make a POST request works out of the box.

await fetch('http://localhost:8082/sign', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({ temperature: 23.5, sensor: 'S1' })
});
requests.post('http://localhost:8082/sign', json={
    'temperature': 23.5,
    'sensor': 'S1'
})
body := strings.NewReader(`{"temperature": 23.5, "sensor": "S1"}`)
http.Post("http://localhost:8082/sign", "application/json", body)
await client.PostAsJsonAsync("http://localhost:8082/sign", new {
    temperature = 23.5,
    sensor = "S1"
});
// ESP32 / STM32 — sign on-device or forward to gateway
char json[] = "{\"temperature\": 23.5, \"sensor\": \"S1\"}";
http_post("http://gateway:8082/sign", json);
curl -X POST http://localhost:8082/sign \
  -H "Content-Type: application/json" \
  -d '{"temperature": 23.5, "sensor": "S1"}'
No SDK library to install. No key management in your code. No blockchain interaction. The agent handles everything — your code just sends JSON.

Public Verification

Every data point can be verified independently through three checks:

CheckWhat It Proves
Device SignatureData was signed by the registered device key (Ed25519)
Merkle ProofData is included in an audited batch — not added or removed after the fact
Blockchain AnchorThe batch root is recorded on a public ledger with a timestamp — immutable

The verification API is public — no authentication, no account needed. An auditor can verify your data by opening a single URL. If all three checks pass, the data is proven to be unaltered since it left the device.

Security Model

LayerApproach
Device keysEd25519 generated on-device. Private key never leaves the device.
TransportHTTPS with TLS. Optional MQTT with TLS for broker-based architectures.
Server verificationEvery signature verified independently. Invalid packets rejected.
AggregationMerkle tree with deterministic ordering. Proof path stored for every packet.
BlockchainHedera Consensus Service. Public, immutable, ~5 second finality.
DurabilityAnchored records remain verifiable even if Trustnex goes offline.

Hardware security modules (ATECC608B, TPM) are supported for environments requiring tamper-resistant key storage.

Get Started

Trustnex is currently onboarding select partners. Integration typically takes less than a day for Linux devices and a few days for MCU-based systems.

Ready to make your data tamper-proof? Request API access and we'll help you integrate.

Request Access