I was just wondering the same...
I need to make get/post requests to an API on a server which will accept just https connections.... By using (Please notice that allowedDomains is set in config_template.xml, tried both "https://<externalAPIserver>" and "<externalAPIserver>" as values):
this.sendRequest(requestParams, url, null ,this._callback, false, true)
I think this is due to the fact that I'm not requesting this url via the browser (perfectly working), this leads me to think that I don't have the certificates stored to negotiate the communication on the server as well.
http://<zimbrahostname>/service/proxy?target=https%3A%2F%2F<externalAPIserver>%2Fapi¶m1=1¶m2=45 403 Forbidden
Assuming I'm right, somebody has an idea on how to add certificates for the allowedDomains?!?!