I think the issue on the subsequent calls, the session isn't getting set properly. I have got similar things to work by setting the session value of the subsequent calls to the session variable of the Authentication call. Here is an example:
Try that and let me know if that works.
The first request is to BMC Remedy ITSM to request a token using http://<Mid-Tier>/api/jwt/login/
I store this in a variable I have called AuthToken, and am using it in both the Session for the request, as well as adding it in the header for the request. Do I need it in one or the other?
After a bunch of troubleshooting, I was able to get the request to go through. I removed all global variables, simplifying my request down to just a Build Input Set and Send HTTP Request. In the Input Set, I defined the required headers for creating the Incident. I had to use Postman to issue me a Remedy token, as whenever I tried to have DWP make a REST call to Remedy to issue me a token, I kept receiving a generic error. I then created the request body manually, properly escaping all double quotes.
Be aware. The rest interface implemented by BMC is pretty stupid. Guys don't transfer real error description so a generic error can be really any tiny error or typo in your definition or even a wrong password.