Ok, I got this to work without too much trouble on the public oracle APEX demo page, I think it might be a newer version of the framework than what you are using, but it gives you an idea how to do it.
step: Get login page
verifyresponsecode: 302
parseresponseREDIRECT: Location: ([^\n]+)
step: (redirect) Get login page
url: {REDIRECT}
parseresponseSALT: value="([^"]+)" id="pSalt"
parseresponsePROTECTED: id="pPageItemsProtected" value="([^"]+)"
parseresponseCK: data-for="P1_RESET_PASSWORD_LABEL" value="([^"]+)"
parseresponsePAGE_ID: name="p_page_submission_id" value="([^"]+)"
parseresponseINSTANCE: value="([^"]+)" id="pInstance"
verifypositive: Remember workspace and username
step: Build JSON
varP_JSON: {"salt":"{SALT}","pageItems":{"itemsToSubmit":[{"n":"P1_RESET_PASSWORD_LABEL","v":"Reset Password","ck":"{CK}"},{"n":"F4550_P1_COMPANY","v":"__REMOVED__"},{"n":"F4550_P1_USERNAME","v":"__REMOVED__"},{"n":"F4550_P1_PASSWORD","v":"__REMOVED__"},{"n":"F4550_P1_REMEMBER","v":[]},{"n":"P1_NEXT_APP","v":""},{"n":"P1_NEXT_PAGE","v":""},{"n":"P1_NEXT_ITEMS","v":""},{"n":"P1_NEXT_VALUES","v":""}],"protected":"{PROTECTED}","rowVersion":""}}
step: Debug - examine JSON
shell: echo {P_JSON}
step: Post username and password
postbody: p_json={P_JSON}&p_flow_id=4550&p_flow_step_id=1&p_instance={INSTANCE}&p_page_submission_id={PAGE_ID}&p_request=LOGIN_BUTTON&p_reload_on_submit=A
parseresponseREDIRECT: Location: ([^\n]+)
verifyresponsecode: 302
step: Get logged in home page
url: {REDIRECT}
verifypositive: News and Messages