
Enterprise-grade .NET SDKs for Swish & BankID
Security correctness, predictable integrations, and fewer mistakes — deterministic SDKs designed for high-stakes Swedish payment and identity flows.
$ dotnet add package NordAPI.Swish$ dotnet add package NordAPI.BankIDProducts
Two SDKs, one security-first architecture. Choose the integration you need.
NordAPI.Swish
Available.NET 8 LTSPayment SDK for the Swish ecosystem with mTLS, idempotent operations, and replay-resistant webhook verification.
mTLS by Default
mTLS is required by default. If no client certificate can be resolved, the SDK throws SwishConfigurationException. No silent fallback.
Webhook Verification
HMAC Base64 signature verification for webhook payloads. Optional internal signing layer for edge/test tooling.
Replay Protection
Timestamp validation in seconds and nonce-based replay protection. Fail-closed: invalid or expired requests are rejected.
Idempotent Retries
Idempotency-Key is generated once per operation and reused across retries. Prevents duplicate charges during transient failures.
API Stability
SemVer discipline and guardrails that keep the public surface predictable. Breaking changes are treated as deliberate releases.
Integration Architecture
Every request flows through a deterministic transport layer with fail-closed security. Deterministic transport and fail-closed security for every request.
Transparent pricing for high-stakes integrations
Swish is free in production. BankID includes unlimited sandbox and dev access with no time-limited trial. Go live when your bank agreement is ready.
Community
- NordAPI.Swish is free in production
- Public NuGet package
- Docs and samples
- GitHub community support
Pro
Recommended- Unlimited sandbox and dev access
- Production unlocks appapi2.bankid.com
- Offline gate, no call-home, fail closed
- No proxy and no credential middlemen
Enterprise
- SLA and onboarding
- Security review support
- Contract and invoicing
- Custom terms available
FAQ
Security contact security@nordapi.com