> ## Documentation Index
> Fetch the complete documentation index at: https://docs.methodfi.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Sensitive

> Gated access to full account numbers and sensitive account data.

Sensitive is a specially gated product that provides access to full account numbers and other sensitive account data. This is not enabled by default; access requires explicit approval from Method.

<Warning>
  Sensitive data requires explicit enablement for your team. Access may require additional review, agreements, and approval from Method. Not all accounts or account types support Sensitive data retrieval.
</Warning>

## How It Works

Unlike most Method products, Sensitive requests are *synchronous*. You'll get the data back immediately in the response.

When creating a Sensitive request, you must specify an `expand` array indicating which fields you want. Available fields depend on the account's liability type:

**Credit Cards:**

* `credit_card.number`: Full card number (PAN)
* `credit_card.exp_month`: Expiration month
* `credit_card.exp_year`: Expiration year
* `credit_card.cvv`: Card CVV
* `credit_card.billing_zip_code`: Billing zip code

**All other liability types** (auto loan, mortgage, personal loan, collection, student loans, credit builder, BNPL, fintech, loan):

* `{type}.number`: Full account number (e.g., `auto_loan.number`, `mortgage.number`)

## Supported Account Types

Sensitive supports: credit card, auto loan, mortgage, personal loan, collection, student loans, credit builder, BNPL, fintech, and loan accounts.

## Quick Start

<CodeGroup>
  ```bash cURL theme={null}
  curl https://production.methodfi.com/accounts/acc_yVf3mkzbhz9tj/sensitive \
    -X POST \
    -H "Method-Version: 2026-03-30" \
    -H "Authorization: Bearer sk_WyZEWVfTcH7GqmPzUPk65Vjc" \
    -H "Content-Type: application/json" \
    -d '{
      "expand": [
        "credit_card.number",
        "credit_card.exp_month",
        "credit_card.exp_year",
        "credit_card.cvv"
      ]
    }'
  ```

  ```javascript Node.js theme={null}
  const sensitive = await method
    .accounts('acc_yVf3mkzbhz9tj')
    .sensitive
    .create({
      expand: [
        'credit_card.number',
        'credit_card.exp_month',
        'credit_card.exp_year',
        'credit_card.cvv'
      ],
    });
  ```

  ```python Python theme={null}
  sensitive = method
    .accounts('acc_yVf3mkzbhz9tj')
    .sensitive
    .create({
      'expand': [
        'credit_card.number',
        'credit_card.exp_month',
        'credit_card.exp_year',
        'credit_card.cvv'
      ]
    })
  ```
</CodeGroup>

## Security Requirements

If your use case requires full account numbers (for example, to initiate payments through external systems or to populate forms on behalf of users), you'll need to request Sensitive access from Method. If approved, you're expected to follow strict security practices:

* Apply the principle of least privilege, only request sensitive data when needed
* Store secrets and sensitive data securely using encryption at rest and in transit
* Maintain audit logging on your side for all access to sensitive data
* PCI compliance is required

<Card title="Sensitive API Reference" icon="lock" href="/reference/accounts/sensitive/overview">
  Full API documentation for Sensitive.
</Card>