Note: the following is dangerous, and will allow API content to be intercepted and modified between the client and the server.

This also worked

process.env['NODE_TLS_REJECT_UNAUTHORIZED'] = '0';

It's not an issue with the application, but with the certificate which is signed by an intermediary CA.If you accept that fact and still want to proceed, add the following to request options:

rejectUnauthorized: false

Full request:

request({    "rejectUnauthorized": false,    "url": domain+"/api/orders/originator/"+id,    "method": "GET",    "headers":{        "X-API-VERSION": 1,        "X-API-KEY": key    },}, function(err, response, body){    console.log(err);    console.log(response);    console.log(body);});

The Secure Solution

Rather than turning off security you can add the necessary certificates to the chain. First install ssl-root-cas package from npm:

npm install ssl-root-cas

This package contains many intermediary certificates that browsers trust but node doesn't.

var sslRootCAs = require('ssl-root-cas/latest')sslRootCAs.inject()

Will add the missing certificates. See here for more info:

https://git.coolaj86.com/coolaj86/ssl-root-cas.js