How It Works
Unlike most Method products, Sensitive requests are synchronous. You’ll get the data back immediately in the response. When creating a Sensitive request, you must specify anexpand array indicating which fields you want. Available fields depend on the account’s liability type:
Credit Cards:
credit_card.number: Full card number (PAN)credit_card.exp_month: Expiration monthcredit_card.exp_year: Expiration yearcredit_card.cvv: Card CVVcredit_card.billing_zip_code: Billing zip code
{type}.number: Full account number (e.g.,auto_loan.number,mortgage.number)
Supported Account Types
Sensitive supports: credit card, auto loan, mortgage, personal loan, collection, student loans, credit builder, BNPL, fintech, and loan accounts.Quick Start
Security Requirements
If your use case requires full account numbers (for example, to initiate payments through external systems or to populate forms on behalf of users), you’ll need to request Sensitive access from Method. If approved, you’re expected to follow strict security practices:- Apply the principle of least privilege, only request sensitive data when needed
- Store secrets and sensitive data securely using encryption at rest and in transit
- Maintain audit logging on your side for all access to sensitive data
- PCI compliance is required
Sensitive API Reference
Full API documentation for Sensitive.