You can create a mutable URLRequest and set the httpBody. But you should also percent escape the values for username and, more importantly, for password.

So, imagine your request being created like so:

let config = URLSessionConfiguration.default
config.httpAdditionalHeaders = ["Accept" : "application/json", "X-Application" : "<AppKey>", "Content-Type" : "application/x-www-form-urlencoded"]

let session = URLSession(configuration: config)

let url = URL(string: "https://identitysso.betfair.com/api/login")!

var request = URLRequest(url: url)
request.setBodyContent(["username": username, "password": password])

let task = session.dataTask(with: request) { data, response, error in
    // make sure there wasn't a fundamental networking error

    guard let data = data, let response = response as? HTTPURLResponse, error == nil else {
        print(error ?? "Unknown error")
        return
    }

    // if you're going to check for NSHTTPURLResponse, then do something useful
    // with it, e.g. see if server status code indicates that everything is OK

    guard 200 ..< 300 ~= response.statusCode else {
        print("statusCode not 2xx; was \(response.statusCode)")
        return
    }

    // since you set `Accept` to JSON, I'd assume you'd want to parse it;
    // In Swift 4 and later, use JSONDecoder; in Swift 3 use JSONSerialization

    do {
        if let responseObject = try JSONSerialization.jsonObject(with: data) as? [String: AnyObject] {
            print(responseObject)
        }
    } catch let parseError {
        print(parseError)
        print(String(data: data, encoding: .utf8) ?? data as NSData)
    }
}

task.resume()

So the question is how setBodyContent builds the request body given a dictionary. Yes, you want to percent-escape anything not in the unreserved character set, but sadly CharacterSet.urlQueryAllowed is not up to the job. So you might do something like:

extension URLRequest {

    /// Populate the HTTPBody of `application/x-www-form-urlencoded` request
    ///
    /// - parameter parameters:   A dictionary of keys and values to be added to the request

    mutating func setBodyContent(_ parameters: [String : String]) {
        let parameterArray = parameters.map { (key, value) -> String in
            let encodedKey   = key.addingPercentEncoding(withAllowedCharacters: .urlQueryValueAllowed)!
            let encodedValue = value.addingPercentEncoding(withAllowedCharacters: .urlQueryValueAllowed)!
            return "\(encodedKey)=\(encodedValue)"
        }
        httpBody = parameterArray
            .joined(separator: "&")
            .data(using: .utf8)
    }
}

extension CharacterSet {

    /// Character set containing characters allowed in query value as outlined in RFC 3986.
    ///
    /// RFC 3986 states that the following characters are "reserved" characters.
    ///
    /// - General Delimiters: ":", "#", "[", "]", "@", "?", "/"
    /// - Sub-Delimiters: "!", "$", "&", "'", "(", ")", "*", "+", ",", ";", "="
    ///
    /// In RFC 3986 - Section 3.4, it states that the "?" and "/" characters should not be escaped to allow
    /// query strings to include a URL. Therefore, all "reserved" characters with the exception of "?" and "/"
    /// should be percent-escaped in the query string.
    ///
    /// - parameter string: The string to be percent-escaped.
    ///
    /// - returns: The percent-escaped string.

    static let urlQueryValueAllowed: CharacterSet = {
        let generalDelimitersToEncode = ":#[]@" // does not include "?" or "/" due to RFC 3986 - Section 3.4
        let subDelimitersToEncode = "!$&'()*+,;="

        var allowed = CharacterSet.urlQueryAllowed
        allowed.remove(charactersIn: generalDelimitersToEncode + subDelimitersToEncode)

        return allowed
    }()

}

Furthermore, I generally use a more complicated setBodyContent that also accepts numeric, boolean, and date types, but I didn't want to digress too far from your core question, how to properly build request for two string key/values pairs.

For Swift 2 rendition, see previous revision of this answer.

maybe this help, i use it to send post data:

var paramString = ""
var request:NSMutableURLRequest = NSMutableURLRequest(URL:url)
request.HTTPMethod = "POST"
var user = "MyUsername".stringByAddingPercentEscapesUsingEncoding(NSUTF8StringEncoding)
var pass = "MyPassword".stringByAddingPercentEscapesUsingEncoding(NSUTF8StringEncoding)
paramString = "username="+user!+"&password="+pass!
request.HTTPBody = paramString.dataUsingEncoding(NSUTF8StringEncoding)
let conf: NSURLSessionConfiguration = NSURLSession.sharedSession().configuration
let session = NSURLSession(configuration: conf)
session.dataTaskWithRequest(request) {
    data, response, error in
    let resp = NSString(data: data, encoding: NSUTF8StringEncoding)
    }.resume()

NSUTF8StringEncoding can be replaced with whatever you need