Introduction
PayWarden is an open-source, non-custodial USDT-TRC20 payment gateway built for developers and merchants who want to accept crypto payments without giving up control of their funds.
What it does
- Generates unique payment addresses for each order using HD wallet derivation (BIP44)
- Monitors the TRON blockchain for incoming USDT transfers
- Confirms payments after a configurable number of block confirmations
- Notifies your backend via HMAC-signed webhooks when payments are confirmed
What makes it different
Non-custodial architecture
Your seed phrase is encrypted with AES-256-GCM and stored locally. PayWarden derives payment addresses from your extended public key (xpub) only — no private key access is ever needed to receive funds.
Private keys are loaded into memory only during fund sweeping (moving confirmed funds to your hot wallet), and are immediately wiped afterward with Buffer.fill(0).
Zero fees
PayWarden takes 0% of your transactions. You pay only for the infrastructure you run.
Open source
Every line of code is public on GitHub under BSL 1.1 — the same license used by MariaDB, HashiCorp Vault, and Sentry. You can read, audit, and self-host it freely. The only restriction is offering it as a hosted service to third parties without a commercial license.
Architecture overview
Your Backend
│
│ POST /api/v1/payments
▼
PayWarden API (Fastify)
│
├── Order Engine ──── PostgreSQL (orders + events)
│
├── HD Wallet ──────── vault.enc (AES-256-GCM seed)
│ xpub → unique address per order
│
├── Chain Watcher ─── TronGrid API (polls every 3s)
│ detects TRC-20 Transfer events
│
└── Webhook Notifier ─ HMAC-SHA256 signed callbacks
exponential backoff, 10 retriesTech stack
| Layer | Technology |
|---|---|
| Runtime | Node.js 20 + TypeScript 5 (ESM) |
| HTTP | Fastify 5 |
| Database | PostgreSQL 16 + Drizzle ORM |
| Queue | Redis 7 + BullMQ |
| Blockchain | TronWeb 6 + TronGrid API |
| HD Wallet | bip39 + bip32 (BIP44 path) |
| Container | Docker Compose |
Next steps
- Quick Start — up and running in 3 minutes
- Non-custodial Architecture — how your keys stay safe
- API Reference — integrate with your backend