New Features
Forwarding Requests API
The Forwarding Requests API allows you to securely proxy sensitive data (such as card details) to third-party services without your system ever handling the raw data. This enables use cases like payment processing, tokenization, and partner integrations while maintaining the PCI compliance of existing solutions. Key capabilities:- Secure data transmission: Send templated HTTP requests to whitelisted third-party endpoints.
- Dynamic data injection: Use template placeholders (e.g.,
{{my_binding.card.number}}) instead of raw values. - Binding resolution: Bind placeholders to Method resources (currently Payment Instruments), allowing Method to securely append the underlying data without ever touching your company database.
- Destination whitelisting: Requests can only be sent to pre-approved URLs to prevent data exfiltration.
- Transparent responses: The third-party response is forwarded directly back to your application without requiring you to make changes to the way you ingest third-party response data.
Secrets API
The Secrets API allows you to securely store sensitive configuration values (such as API keys or credentials) for use within Method. Secrets are encrypted at rest and never exposed back to client applications. Key capabilities:- Encrypted storage: Store sensitive values and receive a Secret ID (
sec_...) in return. - No client exposure: Secret values are never returned in API responses.
- Forwarding integration: Secrets can be inserted into Forwarding Requests for authenticating with third-party services.
Opal Appearance Customization
You can now customize the visual appearance of Opal, Method’s embeddable UI, to better match your application’s branding or autofit to your users’ devices. When opening Opal with the client SDK, specify anappearance option with one of the following values:
light: Standard light theme (default)dark: Dark theme for low-light environmentssystem: Automatically matches the user’s device settings
light theme.
For more information, visit the Opal Libraries documentation.
Improvements
Payment Instruments API
This release introduces several improvements to the Payment Instruments product, focused on lifecycle management and subscription control. Lifecycle Management for Inbound ACH/Wire A new endpoint allows you to close inbound ACH/Wire payment instruments when they are no longer needed. This is useful for decommissioning payment routes after a refinance completes or when a funding relationship ends.- New endpoint:
DELETE /accounts/:accountId/payment_instruments/:pmtInsId - Behavior: Supported only for
inbound_achwire_paymentinstruments. Updates instrument status toclosedand setschargeabletofalse.
payment_instrument subscription has been split into two more specific subscription types, giving you more flexibility in determining which webhook events you receive:
payment_instrument.card: Triggered for card-level updates (e.g., PAN changed, expiration updated)payment_instrument.network_token: Triggered for network token updates (e.g., token provisioned, status changed)
For API version
2025-12-01+, clients must use the new specific subscription names.Accounts API
Collection Account Support The Account Sensitive product now supports thecollection account type. This enables you to retrieve sensitive account details (such as account numbers) for accounts that have been sent to collections, expanding coverage for debt management and recovery workflows.