Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.methodfi.com/llms.txt

Use this file to discover all available pages before exploring further.

Sensitive is a specially gated product that provides access to full account numbers and other sensitive account data. This is not enabled by default; access requires explicit approval from Method.
Sensitive data requires explicit enablement for your team. Access may require additional review, agreements, and approval from Method. Not all accounts or account types support Sensitive data retrieval.

How It Works

Unlike most Method products, Sensitive requests are synchronous. You’ll get the data back immediately in the response. When creating a Sensitive request, you must specify an expand array indicating which fields you want. Available fields depend on the account’s liability type: Credit Cards:
  • credit_card.number: Full card number (PAN)
  • credit_card.exp_month: Expiration month
  • credit_card.exp_year: Expiration year
  • credit_card.cvv: Card CVV
  • credit_card.billing_zip_code: Billing zip code
All other liability types (auto loan, mortgage, personal loan, collection, student loans, credit builder, BNPL, fintech, loan):
  • {type}.number: Full account number (e.g., auto_loan.number, mortgage.number)

Supported Account Types

Sensitive supports: credit card, auto loan, mortgage, personal loan, collection, student loans, credit builder, BNPL, fintech, and loan accounts.

Quick Start

curl https://production.methodfi.com/accounts/acc_yVf3mkzbhz9tj/sensitive \
  -X POST \
  -H "Method-Version: 2026-03-30" \
  -H "Authorization: Bearer sk_WyZEWVfTcH7GqmPzUPk65Vjc" \
  -H "Content-Type: application/json" \
  -d '{
    "expand": [
      "credit_card.number",
      "credit_card.exp_month",
      "credit_card.exp_year",
      "credit_card.cvv"
    ]
  }'

Security Requirements

If your use case requires full account numbers (for example, to initiate payments through external systems or to populate forms on behalf of users), you’ll need to request Sensitive access from Method. If approved, you’re expected to follow strict security practices:
  • Apply the principle of least privilege, only request sensitive data when needed
  • Store secrets and sensitive data securely using encryption at rest and in transit
  • Maintain audit logging on your side for all access to sensitive data
  • PCI compliance is required

Sensitive API Reference

Full API documentation for Sensitive.