#shaitan-card-element

Hi there, for this specific function you are referring to in the example [0], it only allows PaymentMethod id to be used along with the payment_method_option to recollect cvc.

[0] https://stripe.com/docs/js/payment_intents/confirm_card_payment

I was wondering what is your use case?

I can't use this api on the frontend because it's in javascript , users can easily see the client secret

I am working on the php platform

that's normal and how it's meant to work. The client_secret is not something you need to protect, all it does is let you pay a single specific payment, nothing else.