2. Transaction Lifecycle (including off-chain signatures)

Create, sign, propose, execute, and verify a Safe transaction end-to-end using the Ledger Enterprise Multisig API.

What you'll learn

Initialize both the Protocol Kit (transaction creation/signing) and the API Kit (proposal/indexing)
Build and sign an ETH transfer as a Safe transaction
Propose the signed transaction to the Ledger Multisig Transaction Service
Execute the transaction on-chain once the signature threshold is met
Verify execution status through the API

Prerequisites

Node.js 18+
A Safe on Sepolia (or another supported chain) where you control at least one owner key
A private key for a Safe owner: use a testnet-only key
Sepolia ETH in the Safe for gas and the transfer amount
viem: used for receipt verification

Install the SDK:

npm install @safe-global/api-kit @safe-global/protocol-kit @safe-global/types-kit viem

Configuration

import SafeApiKitModule from "@safe-global/api-kit";
import SafeModule from "@safe-global/protocol-kit";
import { OperationType } from "@safe-global/types-kit";
import type { MetaTransactionData } from "@safe-global/types-kit";
import { createPublicClient, http } from "viem";
import { sepolia } from "viem/chains";

// ESM interop-safe constructor resolution (required in some runtimes)
const SafeApiKit =
  typeof SafeApiKitModule === "function"
    ? SafeApiKitModule
    : (SafeApiKitModule as unknown as { default: typeof SafeApiKitModule }).default;
const Safe =
  typeof SafeModule === "function"
    ? SafeModule
    : (SafeModule as unknown as { default: typeof SafeModule }).default;

const CHAIN_ID = 11155111n; // Sepolia
const TX_SERVICE_URL = `https://app.multisig.ledger.com/api/safe-transaction-service/${CHAIN_ID}`;
const RPC_URL = "https://ethereum-sepolia-rpc.publicnode.com";
const SAFE_ADDRESS = "0xYourSafeAddress";
const OWNER_PRIVATE_KEY = "your-private-key"; // Testnet only!

import requests

CHAIN_ID = 11155111  # Sepolia
TX_SERVICE_URL = f"https://app.multisig.ledger.com/api/safe-transaction-service/{CHAIN_ID}"
RPC_URL = "https://ethereum-sepolia-rpc.publicnode.com"
SAFE_ADDRESS = "0xYourSafeAddress"
OWNER_PRIVATE_KEY = "your-private-key"  # Testnet only!

session = requests.Session()
session.headers.update({"accept": "application/json"})

export CHAIN_ID=11155111  # Sepolia
export TX_SERVICE_URL="https://app.multisig.ledger.com/api/safe-transaction-service/${CHAIN_ID}"
export RPC_URL="https://ethereum-sepolia-rpc.publicnode.com"
export SAFE_ADDRESS="0xYourSafeAddress"
export OWNER_PRIVATE_KEY="your-private-key"  # Testnet only!

The TX_SERVICE_URL points at the Ledger-hosted Transaction Service. Transactions proposed here appear in the Ledger Enterprise Multisig UI.

Supported chains: Ethereum (1), Optimism (10), BSC (56), Polygon (137), Base (8453), Arbitrum (42161), Sepolia (11155111).

Step-by-step

Initialize the Protocol Kit and API Kit

The Protocol Kit connects to the blockchain and handles transaction creation and signing. The API Kit talks to the Transaction Service for proposal and querying.

const protocolKit = await Safe.init({
  provider: RPC_URL,
  signer: OWNER_PRIVATE_KEY,
  safeAddress: SAFE_ADDRESS,
});

const apiKit = new SafeApiKit({
  chainId: CHAIN_ID,
  txServiceUrl: TX_SERVICE_URL,
});

const signerAddress = await protocolKit.getSafeProvider().getSignerAddress();

// Verify the signer is an owner
const safeInfo = await apiKit.getSafeInfo(SAFE_ADDRESS);
const isOwner = safeInfo.owners
  .map((o) => o.toLowerCase())
  .includes(signerAddress!.toLowerCase());

if (!isOwner) {
  throw new Error(`${signerAddress} is not an owner of this Safe`);
}

from eth_account import Account

# Derive the public address from the private key
signer_address = Account.from_key(OWNER_PRIVATE_KEY).address

# Verify the signer is an owner (via Transaction Service)
resp = session.get(f"{TX_SERVICE_URL}/v1/safes/{SAFE_ADDRESS}/")
resp.raise_for_status()
safe_info = resp.json()

owners = [o.lower() for o in safe_info["owners"]]
if signer_address.lower() not in owners:
    raise ValueError(f"{signer_address} is not an owner of this Safe")

REST API: GET /v1/safes/{address}/ - used internally by getSafeInfo to verify ownership.

Create the transaction

Define the transaction parameters and create a Safe transaction object. For a simple ETH transfer, set data to "0x" and operation to Call.

const txData: MetaTransactionData = {
  to: "0xRecipientAddress",
  value: "100000000000000", // 0.0001 ETH in wei
  data: "0x",
  operation: OperationType.Call,
};

const safeTransaction = await protocolKit.createTransaction({
  transactions: [txData],
});

# For Python transaction building/execution, use safe-eth-py.
from safe_eth.eth import EthereumClient
from safe_eth.safe import Safe
from hexbytes import HexBytes

ethereum_client = EthereumClient(RPC_URL)
safe = Safe(SAFE_ADDRESS, ethereum_client)

safe_tx = safe.build_multisig_tx(
    to="0xRecipientAddress",
    value=100000000000000,  # 0.0001 ETH in wei
    data=HexBytes("0x"),
    operation=0,  # CALL
)

The Protocol Kit automatically sets the nonce, safeTxGas, baseGas, gasPrice, gasToken, and refundReceiver fields based on the current Safe state.

Sign the transaction

Compute the Safe transaction hash and sign it with the owner's private key. This produces an off-chain (EIP-712) signature with no gas is spent.

const safeTxHash = await protocolKit.getTransactionHash(safeTransaction);
const signature = await protocolKit.signHash(safeTxHash);

The safeTxHash is the unique identifier for this transaction within the Safe. It is not an on-chain transaction hash.

Propose the transaction

Submit the signed transaction to the Transaction Service. This stores it off-chain and makes it visible to other owners in the Ledger Multisig UI.

await apiKit.proposeTransaction({
  safeAddress: SAFE_ADDRESS,
  safeTransactionData: safeTransaction.data,
  safeTxHash,
  senderAddress: signerAddress!,
  senderSignature: signature.data,
});

# Propose by calling the REST endpoint directly.
# The service expects the full tx fields plus:
# - contractTransactionHash (safeTxHash)
# - sender
# - signature
payload = {
    "safe": SAFE_ADDRESS,
    "to": safe_tx.to,
    "value": safe_tx.value,
    "data": safe_tx.data.hex(),
    "operation": safe_tx.operation,
    "gasToken": safe_tx.gas_token,
    "safeTxGas": safe_tx.safe_tx_gas,
    "baseGas": safe_tx.base_gas,
    "gasPrice": safe_tx.gas_price,
    "refundReceiver": safe_tx.refund_receiver,
    "nonce": safe_tx.nonce,
    "contractTransactionHash": safe_tx.safe_tx_hash.hex(),
    "sender": signer_address,
    "signature": signature.hex() if hasattr(signature, "hex") else str(signature),
}

resp = session.post(
    f"{TX_SERVICE_URL}/v1/safes/{SAFE_ADDRESS}/multisig-transactions/",
    json=payload,
)
resp.raise_for_status()

curl -sS -X POST \
  "${TX_SERVICE_URL}/v1/safes/${SAFE_ADDRESS}/multisig-transactions/" \
  -H "accept: application/json" \
  -H "content-type: application/json" \
  -d '{
    "safe": "'"${SAFE_ADDRESS}"'",
    "to": "0xRecipientAddress",
    "value": "100000000000000",
    "data": "0x",
    "operation": 0,
    "gasToken": "0x0000000000000000000000000000000000000000",
    "safeTxGas": "0",
    "baseGas": "0",
    "gasPrice": "0",
    "refundReceiver": "0x0000000000000000000000000000000000000000",
    "nonce": "0",
    "contractTransactionHash": "0xYourSafeTxHash",
    "sender": "0xOwnerAddress",
    "signature": "0xOwnerSignature"
  }'

REST API: POST /v1/safes/{address}/multisig-transactions/ - the request body includes the full transaction data, the safeTxHash, the sender address, and the signature.

After proposing, the transaction is visible in the Ledger Enterprise Multisig UI and other owners can sign the transaction.

Check confirmations and execute

Retrieve the pending transaction, check if enough signatures have been collected to meet the threshold, and execute on-chain if ready.

const pendingTx = await apiKit.getTransaction(safeTxHash);
const confirmationCount = pendingTx.confirmations?.length ?? 0;

if (confirmationCount >= pendingTx.confirmationsRequired) {
  const executionResult = await protocolKit.executeTransaction(pendingTx);
  console.log("Transaction hash:", executionResult.hash);
} else {
  console.log(
    `Need ${pendingTx.confirmationsRequired - confirmationCount} more signature(s)`
  );
}

# Fetch the pending tx and inspect confirmations.
resp = session.get(f"{TX_SERVICE_URL}/v1/multisig-transactions/{safe_tx_hash}/")
resp.raise_for_status()
pending = resp.json()

confirmation_count = len(pending.get("confirmations") or [])
required = pending["confirmationsRequired"]

if confirmation_count < required:
    print(f"Need {required - confirmation_count} more signature(s)")
else:
    print("Threshold met. Execute on-chain using a Safe SDK (recommended).")

REST API: GET /v1/multisig-transactions/{safeTxHash}/ - retrieves a single transaction by its Safe transaction hash, including all collected confirmations.

If the threshold is not yet met, other owners can confirm using:

await apiKit.confirmTransaction(safeTxHash, theirSignature.data);

from eth_account import Account
from eth_account.messages import encode_defunct

# "theirSignature" is a signature over the safeTxHash bytes32.
# One common approach is an EIP-191 personal_sign over the hash.
msg = encode_defunct(hexstr=safe_tx_hash)
their_signature = Account.sign_message(msg, private_key="their-private-key").signature.hex()

resp = session.post(
    f"{TX_SERVICE_URL}/v1/multisig-transactions/{safe_tx_hash}/confirmations/",
    json={"signature": their_signature},
)
resp.raise_for_status()

curl -sS -X POST \
  "${TX_SERVICE_URL}/v1/multisig-transactions/0xYourSafeTxHash/confirmations/" \
  -H "accept: application/json" \
  -H "content-type: application/json" \
  -d '{ "signature": "0xOwnerSignature" }'

REST API: POST /v1/multisig-transactions/{safeTxHash}/confirmations/

Verify execution

After execution, query the Transaction Service to confirm the transaction was indexed as executed and successful.

// Wait for the Transaction Service to index the execution
await new Promise((resolve) => setTimeout(resolve, 10_000));

// Re-fetch the exact tx by safeTxHash (safer than "latest tx")
const updated = await apiKit.getTransaction(safeTxHash);
console.log("Executed:", updated.isExecuted);
console.log("Successful:", updated.isSuccessful);
console.log("On-chain hash:", updated.transactionHash);

import time

time.sleep(10)

resp = session.get(f"{TX_SERVICE_URL}/v1/multisig-transactions/{safe_tx_hash}/")
resp.raise_for_status()
updated = resp.json()

print("Executed:", updated.get("isExecuted"))
print("Successful:", updated.get("isSuccessful"))
print("On-chain hash:", updated.get("transactionHash"))

Key concepts

Off-chain signatures, on-chain execution. Safe transactions use a two-phase model:
Propose: The transaction data and an owner's signature are submitted to the Transaction Service (off-chain, no gas).
Execute: Once enough signatures meet the threshold, any account can submit the transaction on-chain (costs gas).
This means a 3-of-5 Safe only pays gas once - when the final executor submits all collected signatures in a single on-chain call.
For the full guide, see Transactions with Off-chain Signatures.

Tips and pitfalls

Indexing lag. After executeTransaction returns, the Transaction Service may take 10–60 seconds to index the receipt. If you query immediately, isExecuted may still be false and isSuccessful may be null. The on-chain transaction is confirmed. The indexer catches up within a minute or two.
executeTransaction can return a hash for a reverted tx. The Protocol Kit returns a transaction hash even if the on-chain transaction reverts. Always check the receipt status independently.

const publicClient = createPublicClient({
  chain: sepolia,
  transport: http(RPC_URL),
});

const receipt = await publicClient.waitForTransactionReceipt({
  hash: executionResult.hash as `0x${string}`,
  timeout: 120_000,
});

if (receipt.status === "reverted") {
  throw new Error("Transaction reverted on-chain");
}

from web3 import Web3

w3 = Web3(Web3.HTTPProvider(RPC_URL))
receipt = w3.eth.wait_for_transaction_receipt(
    execution_tx_hash,
    timeout=120,
)

# web3.py uses status: 1 (success) / 0 (revert)
if receipt["status"] == 0:
    raise RuntimeError("Transaction reverted on-chain")

# Most RPCs support eth_getTransactionReceipt.
curl -sS -X POST "${RPC_URL}" \
  -H "content-type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"eth_getTransactionReceipt","params":["0xOnChainTxHash"]}'

Signer must be an owner. The proposeTransaction call will fail if senderAddress is not a current owner (or delegate) of the Safe. Verify ownership before proposing.
Nonce management. The Protocol Kit automatically picks the next nonce. If you need to queue transactions in a specific order, pass options: { nonce } to createTransaction.

Next steps

3. Batch Transactions

Previous1. Querying Safe Data Next3. Batch Transactions

Last updated 3 hours ago

Good evening

hashtagWhat you'll learn

hashtagPrerequisites

hashtagConfiguration

hashtagStep-by-step

hashtagInitialize the Protocol Kit and API Kit

hashtagCreate the transaction

hashtagSign the transaction

hashtagPropose the transaction

hashtagCheck confirmations and execute

hashtagVerify execution

hashtagKey concepts

hashtagTips and pitfalls

hashtagNext steps