Full credit card data should never go through your server.
The endpoints described on this page should only be used with test data. In production, tokens should be created and sent directly to our servers from the client using Omise.js, or, if on mobile, the iOS or Android SDKs.
Sending card data from server requires a valid PCI-DSS certification in order to be compliant.
You can learn more about this in Security Best Practices.