How to enable HTTPS for api calls made from localhost

Question

Question: How may I successfully execute the Rest API call via localhost on https to return a valid 200 response?

Details of what I've attempted:

I'm trying to consume the API services of Changehealthcare via my web application and experiencing 403 error every time I call the API. On the other hand, the same call works fine when executed via any of the online API testing tools like postman, reqbin etc.

URL: https://sandbox.apigw.changehealthcare.com/apip/auth/v2/token

Request body:

{
    "client_id": "xxxxxxxxxxxxxxxxxxxx",
    "client_secret": "xxxxxxxxxxxxxxxx",
    "grant_type": "client_credentials"
}

This request is returning a valid response, if executed through web based postman or reqbin tool:

{
    "access_token": "xxxx......xx",
    "token_type": "bearer",
    "expires_in": 3600
}

However, the same request returns the 403 response every single time when made through desktop app of postman OR my web application:

<html style="height:100%">

<head>
    <META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
    <meta name="format-detection" content="telephone=no">
    <meta name="viewport" content="initial-scale=1.0">
    <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
    <script type="text/javascript" src="/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3"></script>
</head>

<body style="margin:0px;height:100%"><iframe id="main-iframe"
        src="/_Incapsula_Resource?CWUDNSAI=23&xinfo=6-4291557-0%200NNN%20RT%281643787964298%20120%29%20q%280%20-1%20-1%202%29%20r%280%20-1%29%20B16%20U5&incident_id=961000570025644831-18540613670604358&edet=16&cinfo=ffffffff&rpinfo=0&mth=POST"
        frameborder=0 width="100%" height="100%" marginheight="0px" marginwidth="0px">Request unsuccessful. Incapsula
        incident ID: 961000570025644831-18540613670604358</iframe></body>

</html>

Here's the relevant code in my .net core application:

var client = new HttpClient();
var request = new HttpRequestMessage
            {
                Method = HttpMethod.Post,
                RequestUri = new Uri(targetUri),
                Headers =
                {
                    { "Accept", "application/json" },
                    { "Accept-Encoding", "gzip, deflate, br" },
                    { "Connection", "keep-alive" },
                    { "Cache-Control", "no-cache" }
                },
                
                Content = new FormUrlEncodedContent(new[]
                {
                    new KeyValuePair<string, string>("client_id", clientId),
                    new KeyValuePair<string, string>("client_secret", clientSecret),
                    new KeyValuePair<string, string>("grant_type", "client_credentials")
                })
                {
                Headers =
                {
                    ContentType = new MediaTypeHeaderValue("*/*")
                }
                }
            };

            using (var response = await client.SendAsync(request))
            {
                response.EnsureSuccessStatusCode();
                body = await response.Content.ReadAsStringAsync();
                Console.WriteLine(body);
            }
            var token = result.access_token;
    return token;



        

When I have closely gone through their documentation here, here's one of the guidelines:

Security via TLS All calls to Change Healthcare APIs are encrypted over HTTPS. Our APIs support connections using TLS version 1.2 or higher.

Does this mean that I need to add some way to make the local host calls secure before I can successfully return the results in my application?