Allowing HTTPS Traffic in my Mendix Custom Typescript Widget

0
Hi hoping someone can help.   I've built a Mendix Custom Widget for my native app.  Within the widget I have button that calls one of our on premise APIs (GET).  The API returns some JSON data which is then shown within the widget.   Whilst the internal API runs as HTTP I can get the JSON data with no issues.  If I make the API HTTPS the widget reports a "Network Request Failed" error.   I'm assuming this is down to the mobile app and the server not able to perform the required handshake / certificate check.   Reading online it seems to suggest I need to implement SSL Pinning?    Does this sound right or is there a different method I should be looking into?
asked
1 answers
0

hi,


When your custom widget reports “Network request failed” only when calling HTTPS, this is a connectivity/SSL trust issue at the native app level, not something wrong with Mendix itself. In web browsers HTTPS works fine because browsers trust certificates differently than native mobile apps.

Why this happens (documented behavior)

In Mendix Native apps, HTTPS calls are made using the mobile platform’s networking layer (React Native’s fetch). Native apps do strict SSL validation and do not trust internal/self-signed certificates by default. This is why your HTTP request succeeds but HTTPS fails in the app. Native platforms require a certificate that the device trusts.

First thing to check (most common cause)

If your HTTPS endpoint uses:

  • a self-signed certificate
  • a certificate from an internal custom CA
  • an incomplete certificate chain

then the native app will refuse the connection with Network request failed. Web browsers may still show the API because they use a different trust chain, but the native runtime does not.

Correct way to fix it

1) Use a properly trusted SSL certificate

  • Obtain a certificate from a public trusted CA (e.g., Let’s Encrypt, DigiCert, etc.)
  • Ensure the full chain (intermediate certificates) is installed
  • Check the endpoint with an SSL checker (online tools)

This usually resolves the error without code changes.

Alternative (only if you must trust an internal CA)

Native Android will block custom CA certificates unless you allow them explicitly in the network security config. For example, you can generate a network_security_config.xml that adds:


<network-security-config>
  <base-config cleartextTrafficPermitted="false">
    <trust-anchors>
      <certificates src="system"/>
      <certificates src="user"/>
    </trust-anchors>
  </base-config>
</network-security-config>

Then set this in your AndroidManifest — this allows the app to trust custom CAs.

Do you need SSL pinning?

No — SSL pinning is not required by default.

Pinning is an optional advanced security measure, not a requirement to make HTTPS work. Normal HTTPS apps rely on the device’s trusted CA store. The Mendix documentation notes that certificate pinning bypasses normal trust chains and is generally not recommended unless you have a strict security policy requiring it.

Summary (short and correct)

1.When calling HTTPS inside a native Mendix widget, the certificate must be trusted by the device.

2.If the API uses self-signed or internal CA certificates, the native app will fail with “Network request failed.”

3.The fix is to use a publicly trusted SSL certificate with a complete chain.

4.SSL pinning is not required and is only used for specialized security policies.

answered