Filemaker SSL out of the box development

Filemaker 18 comes with an out of the box SSL certificate (non verifiable). Postman provides a preference option/setting to not verify certificates, and this enables testing with the out of the box Filemaker SSL cert using the Filemaker Data API.

Question: what is it that Postman does in order to receive the resulting content in the body of the response, as when I take the Javascript CODE that is generated by Postman to either server side or client side xmlHttpRequest() calls, the results are an empty response and console messages (client side) that the SSL cert could not be verified.

We are obtaining a verifiable certificate; however, I would like to learn what Postman actually does in order to successfully receive the results back from Filemaker, given the intentional design of the xmlHttpRequest() api to avoid security vulnerabilities. How do you get the successful response?