I’m integrating the BMC Helix ITSM SDIM service desk with SailPoint Identity Security Cloud. I’ve filled in the JWT authentication, but I need to add the Ocp-Apim-Subscription-Key attribute to the request header. How can I do this?
with a before rule?
with some attribute on the json object?
Has anyone done this before?
Hello Ricardo, haven’t set this one up myself, but I checked the docs and this looks like the path. The UI doesn’t expose custom headers, so Ocp-Apim-Subscription-Key needs to be patched into the integration object via the Service Desk Integration APIs (troubleshooting doc): The flow would be:
-
GET the SDIM by ID
-
Add the header under
provision.headers -
Also add it under
generic.checkStatus.headers
"provision": {
"headers": {
"Ocp-Apim-Subscription-Key": "<your-key>"
}
}
Setting it on checkStatus.headers too should keep status sync working, since Helix routes status calls through the same APIM gateway. JWT auth can stay configured in the UI as-is.
Thanks Harish but this is to Generic SDIM and we are using BMC Helix. We dont have this option here 
I already tried “adapt” this solution on our object on Visual Studio but dont work
Got it, thank you. Just wanted to follow up on this, did you find a solution? In the meantime, I checked some documentation and here is what I found that might help.
I noticed that the provision.headers / generic.checkStatus.headers approach is documented for the Generic Service Desk connector, not specifically for BMC Helix ITSM SDIM. That might explain why adapting it to the BMC Helix object did not work, those fields are not documented for the BMC Helix SDIM schema.
On the BMC Helix SDIM side, the documented auth options are AR-JWT and OAuth2. The Ticket Creation advanced properties cover Request Root Element, Resource, and Response Element, not request headers. I do not see a documented field for injecting a static header like Ocp-Apim-Subscription-Key.
The BMC Helix SDIM intro page also notes this connector requires SailPoint Services hours or Partner involvement to configure, so Support/Services might be the documented path to confirm whether there is any supported or undocumented header field.
You could try these three possible options:
-
Confirm with SailPoint Support/Services whether BMC Helix SDIM supports custom headers on the object.
-
Inject
Ocp-Apim-Subscription-Keyoutside SailPoint, at your APIM/gateway or a reverse proxy in front of Helix, so SailPoint only sends JWT/OAuth as configured. -
Use the Generic Service Desk connector if custom header control is non-negotiable, since that one has the documented
provision.headers/generic.checkStatus.headersinjection path.
Yes, use a Before Operation Rule and add the Ocp-Apim-Subscription-Key as an HTTP header. Don’t add it in the JSON body.
requestEndPoint.getHeader().put("Ocp-Apim-Subscription-Key", apiKey);