NordAPI Developer Portal for Swish and BankID documentation

Developer documentation for Swish & BankID

Implementation guides, security checklists, and technical documentation for the NordAPI SDK suite.
Build secure financial integrations with deterministic, fail-closed behavior and security-first guidance.

Deterministic security • Fail-closed defaults • mTLS • HMAC verification • Anti-replay • Spec-locked RP flow

Get the SDK View on GitHub
GitHub NuGet Downloads
License: MIT
.NET 8+ SDK & Webhooks

Swish API for C# and BankID API for .NET documentation

NordAPI is a developer portal for teams building Swedish financial integrations in .NET. It brings together technical documentation, security checklists, SDK entry points, and practical guidance for Swish and upcoming BankID flows.

The homepage is the entry point for documentation, setup guidance, and SDK navigation. Product-specific implementation details should live on dedicated pages, while this page remains the broad developer hub for the NordAPI platform.

Explore the docs, review the checklist, or continue to NuGet & GitHub.

Quickstart

Install package

dotnet add package NordAPI.Swish

NuGet package contains client, models and helpers for Swish.

Basic payment

var swish = app.Services.GetRequiredService<ISwishClient>();

var request = new CreatePaymentRequest(
  PayerAlias: "46712345678",
  PayeeAlias: "1231181189",
  Amount: "100.00",
  Currency: "SEK",
  Message: "Order #123",
  CallbackUrl: "https://example.com/webhook/swish"
);

var payment = await swish.CreatePaymentAsync(request);

Uses Swish Sandbox endpoints. See checklist for prod mTLS.

Webhook verification

app.MapPost("/webhook/swish", (
  HttpRequest req,
  SwishWebhookVerifier verifier) =>
{
  // Verify the request (see sample app)
  return Results.Ok(new { received = true });
});

HMAC validation and nonce-replay protection built-in.

Install package

dotnet add package NordAPI.BankID

BankID is in progress. Package name reserved.

Auth flow

BankID module - Target Q2 2026..

Examples will be published once the RP flow is spec-locked.

Verify

BankID module - Target Q2 2026..

Verification helpers land with the first public BankID release.

Open repository Read the integration & security checklist →
TRUST GUARANTEES

Deterministic security without a proxy layer

NordAPI keeps certificates, keys, and verification logic in your environment — with fail-closed defaults and no proxy required for normal operation.

🛡️

Zero-Proxy Architecture

No vendor-controlled relays. Certificates and secrets stay in your environment.

🚫

Fail-Closed Defaults

Missing security prerequisites trigger explicit failure, not silent downgrade.

⚙️

Deterministic Verification

Canonical byte verification, Base64 HMAC validation, and nonce replay protection.

🔄

Retry-Safe Operations

One Idempotency-Key per logical operation, reused across retries.

BOUNDARY CLARITY

Swish provides transport security. NordAPI adds deterministic application-level verification.

Why NordAPI?

Security first

Swish – mTLS • HMAC-signed webhooks • anti-replay defaults. BankID – mTLS • spec-locked RP flow • fail-closed defaults.

Fast integration

Production-ready client, minimal plumbing and sane defaults for .NET.

Webhooks & SDK

End-to-end flow — create payments, receive callbacks, and verify webhooks.

Observability

Structured logging and IDs that make troubleshooting straightforward.

Production-grade Swish & BankID SDKs

Deploy robust Swedish payment and identity integrations in days. Spec-locked .NET APIs with native mTLS support, deterministic flows, and security-first defaults designed for production.

Final Production Audit

Ensure your integration meets enterprise standards. Verify your mTLS configuration, secret hygiene, and fail-closed security defaults before going live.

Open checklist Read docs on GitHub