Non-custodial settlement
Payments go to the merchant wallet you configure. BoltUtil monitors chain activity and does not need to hold user funds.
Verify payment webhook signatures
Every payment webhook should be verified before you credit a customer balance or fulfill an order. BoltUtil signs payloads with your merchant webhook secret.
- Built for
- HMAC-SHA256
- Built for
- Raw body verification
- Built for
- Constant-time compare
Signature verification pattern
payload = raw_request_body
signature = HMAC_SHA256(payload, webhook_secret)
// Compare with the X-Bolt-Signature header by constant-time comparison.Verification flow
Use signature verification on every webhook endpoint that receives payment status updates.
- 01
Read the raw request body exactly as received.
- 02
Calculate HMAC-SHA256 with the webhook secret.
- 03
Compare it to the signature header with constant-time comparison.
- 04
Only then update your local order state.
Three USDT networks
Accept USDT on TRC20, ERC20, and BEP20 with a single order API and unified webhook payload.
Webhook-first automation
Your system receives a signed callback when a transaction is detected and confirmed on-chain.
Questions merchants ask before going live
These answers help developers, founders, and support teams understand the payment lifecycle before accepting real USDT payments.
Does BoltUtil custody merchant funds? +
No. BoltUtil is designed as a non-custodial monitoring and notification layer. The merchant configures their own settlement wallet.
How does BoltUtil match a payment? +
The scanner matches network, destination address, exact USDT amount, order status, and expiration window before updating the order.
Which USDT networks are supported? +
The current production focus is TRC20, ERC20, and BEP20.
Related resources
Launch a cleaner USDT payment flow
Create orders, monitor transfers, and notify your backend without asking customers to send screenshots.
Create free account