NordAPINordAPI
NordAPI logo

Enterprise-grade .NET SDKs for Swish & BankID

NO PROXY
NO GATEWAY
DIRECT mTLS

Security correctness, predictable integrations, and fewer mistakes — deterministic SDKs designed for high-stakes Swedish payment and identity flows.

Install via NuGetRead docs
SwishAvailable
$ dotnet add package NordAPI.Swish
BankIDQ2 2026
$ dotnet add package NordAPI.BankID
.NET 8+NuGetC#

Products

Two SDKs, one security-first architecture. Choose the integration you need.

NordAPI.Swish

Available.NET 8 LTS

Payment SDK for the Swish ecosystem with mTLS, idempotent operations, and replay-resistant webhook verification.

mTLS by Default

mTLS is required by default. If no client certificate can be resolved, the SDK throws SwishConfigurationException. No silent fallback.

Webhook Verification

HMAC Base64 signature verification for webhook payloads. Optional internal signing layer for edge/test tooling.

Replay Protection

Timestamp validation in seconds and nonce-based replay protection. Fail-closed: invalid or expired requests are rejected.

Idempotent Retries

Idempotency-Key is generated once per operation and reused across retries. Prevents duplicate charges during transient failures.

API Stability

SemVer discipline and guardrails that keep the public surface predictable. Breaking changes are treated as deliberate releases.

Why NordAPI

Enterprise-grade SDKs for teams that cannot afford ambiguity

NordAPI is designed for production trust: security correctness, deterministic behavior, and implementation patterns that hold up in real operational environments.

Security-first by design

Spec-locked behavior, fail-closed defaults, and explicit transport security reduce ambiguity in high-trust payment and identity integrations.

Deterministic integration flows

NordAPI is built for predictable runtime behavior under retries, misconfiguration, and operational edge cases — not just happy-path demos.

Your certificates stay with you

No proxy model. No credential handoff. Sensitive material remains inside your own environment and operational boundary.

Built for enterprise trust

Clear contracts, production-oriented defaults, and documentation that aligns with implementation help teams move faster without lowering the bar.

Integration Architecture

Deterministic transport and fail-closed security for every request.

Zero-proxy architecture

Direct mTLS connections from your infrastructure — no gateway, no proxy, no call-home licensing.

Loading diagram...
Trust Guarantees

Engineering for financial integrity

NordAPI is designed for high-trust payment and identity integrations. We provide deterministic guarantees that reduce common integration risk without introducing a proxy layer into the critical path.

Data Sovereignty

Certificates and secrets remain inside your infrastructure. No third-party relays in the transaction path.

Deterministic Risk Mitigation

Fail-closed defaults prevent operations under insecure or misconfigured states.

Protocol Integrity

Hardened verification with canonical byte matching, HMAC-SHA256, and replay protection.

Transaction Consistency

Idempotency discipline helps ensure stable payment behavior during retries and transient faults.

Boundary clarity: Swish provides the transport baseline. NordAPI adds application-layer hardening such as deterministic verification, replay protection, and retry-safe idempotency discipline.

Transparent pricing for high-stakes integrations

Swish is free in production. BankID includes unlimited sandbox and dev access with no time-limited trial. Go live when your bank agreement is ready.

Community

  • NordAPI.Swish is free in production
  • Public NuGet package
  • Docs and samples
  • GitHub community support
Get started

Pro

Recommended
  • Unlimited sandbox and dev access
  • Production unlocks appapi2.bankid.com
  • Offline gate, no call-home, fail closed
  • No proxy and no credential middlemen
Contact

Enterprise

  • SLA and onboarding
  • Security review support
  • Contract and invoicing
  • Custom terms available
Contact

FAQ

Is NordAPI.Swish free for production use?
Yes. NordAPI.Swish is free for production use and published as a public NuGet package with no licensing.
Do I need a license to start developing with BankID?
No. NordAPI.BankID includes unlimited sandbox and development access with no time-limited trial.
Do you require a proxy or credential middleman?
No. Our SDKs are direct integrations with no proxy, no credential middlemen, and no call-home licensing.
How do I move my BankID integration to production?
When your bank agreement is ready, a production license unlocks the official appapi2.bankid.com endpoint.
What happens on security failures?
We use security-first design with fail-closed defaults so errors result in a safe and predictable state.
How do you handle certificates and private keys?
We don’t. NordAPI is SDK-only — your mTLS certificates and keys stay in your own KeyVault/HSM or secret store. NordAPI never stores or proxies your secrets.

Security contact security@nordapi.com