Token API

Full credit card data should never go through your server.
Do not send the credit card data to Omise from your servers directly.
You must send the card data from the client browser via Javascript (Omise-JS).
The methods described on this page should only be used with fake data in test mode (e.g.: quickly creating some fake data, testing our API from a terminal, etc.). If you are PCI-DSS compliant, sending card data from server requires a valid PCI-DSS certification. You can learn more about this in Security Best Practices


Name Type Description
object string

The string token.

id string


livemode boolean

Whether this is a live (true) or test (false) token.

location string

Path to retrieve the token.

used boolean

Whether the token has been used or not. Tokens can be used only once to make a charge on their card or to associate the card to a customer.

card card

A card object.

created datetime

Creation date of the token in ISO 8601 format.


  • Json Response

Create a token


Request Parameter

Name Type Description
card[name] string

The cardholder name as printed on the card.

card[number] string

The card number. Note that the number you pass can contains spaces and dashes but will be stripped from the response.

card[expiration_month] integer

The expiration month printed on the card in the format M or MM.

card[expiration_year] integer

The expiration year printed on the card in the format YYYY.

card[security_code] string

The security code (CVV, CVC, etc) printed on the back of the card.

card[city] string

The city where the card was issued.

card[postal_code] string

The postal code from the city where the card was issued.


  • Create a token

Retrieve a token



  • Retrieve a token