API Olist - access blocked by CORS policy

I need to use the Olist API, through a callback, but I’m getting error when performing the POST request that would return the access_token.

The flow would be:

1. Use callback/getlink to send client_id via GET to https://id-sandbox.olist.com/openid/authorize
2. To https://id-sandbox.olist.com/openid/authorize automatically opens callback/Olist? code=codereturned&&secret=secretreturned
3. The callback/Olist requests via POST the access_token, sending the secret and code returned in step 2
4. With the return of step 3, the callback/Olist saves the access_token in the database to use

However, in step 3, I cannot send the POST request through the browser, returning the previous image error. Using POSTMAN and sending the data directly to the API I can, but it is necessary to go through the callback/Olist to save the token. In the GET request, I used dataType: 'jsonp', thus avoiding CORS, but in the POST request it is not possible to use it.

The code for the request is:

    $.ajax({
        url: url,
        method: 'post',
        dataType: 'json',
        processData: false,
        data: function(){
            var formDataAuth = new FormData();
            configJson = JSON.parse('<?= $configJson ?>');
            formDataAuth = new FormData();
            formDataAuth.append('client_id', configJson.code);
            formDataAuth.append('grant_type', 'authorization_code');
            formDataAuth.append('client_secret', configJson.secret);
            formDataAuth.append('redirect_uri', configJson.callback);
            formDataAuth.append('code', configJson.key);
            return formDataAuth;
        }(),
        success: function(data) {
            savetoken(data);
            console.log(data);
        },
        error: function(data) {
            console.log('erro', data);
        },
    });

Does the error occur because some information is missing from the request? Can it occur because you do not have an SSL? Or for another reason?