To allow the identity provider to make POST requests to a site running on your Commerce Cloud instance, you must add the identity provider’s domain to the list of domains for which the site supports CORS. To do this, add the domain to the allowedOriginMethods
property of the corresponding site object. For example:
PUT /ccadmin/v1/sites/siteUS HTTP/1.1 Authorization: Bearer <access_token> x-ccasset-language: en { "properties": { "allowedOriginMethods": { "http://www.myIdentityProvider.com": "POST" } } }
See CORS support for more information about CORS.