Swish is a mobile payment solution backed by several Swedish banks. To support this in your application, you need a special agreement with your bank - but they offer a Swish simulator useful for development purposes.

Go to Swish for merchants at [[1]] and download the Simulator guide (zip file) containing both a PDF with instructions and a number of certificates.

In principle, the payment (for merchants) is started by a PUT operation using a Json PAYMENT OBJECT using a certificate. The user pays using a mobile and the Swish server issues a callback to your server with the result using a POST containing the result.

Using a web app on Azure, install the .pfx certificates (in the zip) for merchants as Private Key Certificates. Also, install the corresponding Public Key Certificates. I did this by importing the .pfx to the Windows key store on my developer machine and then exporting the public key (for import to Azure).

Gotchas: When importing the cert to the local machine, use double-click on the certificate to start the import. I had some issues with getting it to work locally before I did that.

The certificate should be installed in the machine initiating the call, server, or others. Run it using the debugger - your machine will log if the certificate thumbprint is found in the logging part of the debugger.

Also, I added the application setting: WEBSITE_LOAD_CERTIFICATES with the value "*" to ensure that the web app has access to the certificate.

The SWISH-server callback is a POST using a JSON raw body as described here [[2]] Receive string content