Configure a CORS rule for Engagement Messenger

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Configure a cross-origin resource sharing (CORS) rule to enable cross-domain requests between Engagement Messenger and your website where you want to deploy the messenger.

    Before you begin

    Role required: admin

    You must complete the following tasks:

    About this task

    Use the Engagement Messenger API and your website URL to create a CORS rule.

    Procedure

    1. Navigate to All > System Web Services > REST > CORS Rules.
    2. Select New.
    3. On the form, fill in the fields.
      Table 1. CORS Rule form
      Field Description
      Name Unique name for the CORS rule.
      Application Application scope for this record.
      REST API

      Engagement Messenger REST API that this CORS rule applies to.

      Set this field to Engagement Center API [sn_csm_ec/engagement_center_api].
      Domain

      Domain that sends the request to this REST API. Set this field value to the URL of the website where you want to deploy the messenger.

      For example, https://www.example.com.
      Max age

      Number of seconds to cache the client session. After an initial CORS request, further requests from the same client within this time do not require a preflight message.

      If you do not specify a value, the default value of 0 indicates that all requests require a preflight message.
      HTTP Methods Allowed HTTP methods. Enable the GET and POST methods.
      HTTP Headers

      Comma-separated list of HTTP headers to send in the response. You can leave this field empty.
    4. Select Submit.

    What to do next

    Create HTTP response headers for Engagement Messenger.