There are several ways to debug requests, or even apk code.
For monitoring requests sent and received through the APK the simplest way to debug is through other APKs that perform this monitoring. You can use for example the Packet Capture, or Shark Native, or derivatives.
There is also the possibility to inspect requests through adb logcat.
However, the most efficient way to make sense is to read and understand the APK source code to handle requests. Since it is not a simple POST. You will need to format a SOAP, generate the Token according to how the application asks for this SOAP to be validated.
For this, you can download APK from sinesp-citizen through an external website, for example apk pure. And use a tool like dex2jar to perform reverse engineering by generating a .jar and to view the content you can use a tool like JD-GUI, for example, to decompile the jar.