Any call of any API method in Billing is logged.
The data passed to API methods may include user passwords, credit card numbers, credit cards CVV, any other sensitive data that must be stored in a secure storage and never be logged.
To avoid logging of sensitive data during API calls to Billing, the "XXX" prefix should be added to the relevant arguments.
The prefix is case-sensitive: XXX should be in upper case only.
For example, credit card number as 4111111111111111 should be passed as XXX4111111111111111. As a result, credit card numbers will be passed to Billing as plain text with XXX prefix. All the data passed in such a way will be not logged. On Billing side, the data with XXX prefix is recognized, the prefix is dropped, then the further data processing is performed with clear data, without prefix.
The following API methods pass the sensitive data: