Swish & BankID SDK by NordAPI • mTLS • HMAC • Anti-replay
NordAPI provides a production-ready .NET SDK for Swish and BankID. It handles payments, webhook verification and mTLS out of the box.
Built for .NET 8+
it reduces integration time from weeks to hours.
dotnet add package NordAPI.SwishNuGet package contains client, models and helpers for Swish.
var swish = app.Services.GetRequiredService<ISwishClient>();
var request = new CreatePaymentRequest(
PayerAlias: "46712345678",
PayeeAlias: "1231181189",
Amount: "100.00",
Currency: "SEK",
Message: "Order #123",
CallbackUrl: "https://example.com/webhook/swish"
);
var payment = await swish.CreatePaymentAsync(request);
Configure certs + mTLS for prod. See checklist below.
app.MapPost("/webhook/swish", (
HttpRequest req,
SwishWebhookVerifier verifier) =>
{
// Verify the request (see sample app)
return Results.Ok(new { received = true });
});
HMAC validation and nonce-replay protection built-in.
mTLS, HMAC, nonce/replay protection and request signing out-of-the-box.
Production-ready client, minimal plumbing and sane defaults for .NET.
End-to-end flow: create payments, receive callbacks, verify and persist.
Structured logging and IDs that make troubleshooting straightforward.
Go from zero to sandbox in minutes. Verified webhooks, mTLS helpers, and clean .NET APIs — designed for production from day one.
Follow the checklist for timestamp strictness (±5 min), persistent nonces, HTTPS only, and secrets via KeyVault/env.