Full credit card data should never go through your server.
Do not send the credit card data to Omise from your servers
directly. You must send the card data from the client browser via
only be used with fake data in test mode (e.g.: quickly creating
some fake data, testing our API from a terminal, etc.). If you are
PCI-DSS compliant, sending card data from server requires a valid
You can learn more about this in Security Best Practices.