Company Officers API 401 CORS Issue

jamie · April 12, 2024, 5:21pm

Hi,

Calling the company officers API we are getting a 401 CORS error returned. Last week this was working but we are now seeing the following (where 123456 would be a valid company id):

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.companieshouse.gov.uk/company/123456/officers?items_per_page=100. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 401.

Here is how we are calling the API:

$.ajax({
  url: "https://api.companieshouse.gov.uk/company/" + companyNumber + "/officers?items_per_page=100",
  dataType: "json",
  async: false,
  headers: {
    "Authorization": "Basic XXXXXXXXX" ,
    "Content-Type": "application/json"
  },
  success: function (data) {}
});

Calling other APIs are working as expected - for example the companies API:

var encoded = encodeURIComponent(search); 
$.ajax({
  url: "https://api.companieshouse.gov.uk/search/companies?q=" + encoded + "+&items_per_page=100",
  dataType: "json",
  async: false,
  headers: {
    "Authorization": "Basic XXXXXXXXX" ,
    "Content-Type": "application/json"
  },
  success: function (data) {}
});

We have checked the allowed IP/domains which are correct (and haven’t changed) and they are correct. With other API calls going through successfully just the one for company officers not working.

Have there been any changes recently or known issues we should be aware of?

Thank you.

andrew2 · April 14, 2024, 6:13pm

Ahh it’s not just me! This was driving me crazy and then your post suggested it was just the officer filings - confirmed true. Can get everything else. Def CH side then as I’ve not changed anything either.

george.morriss · April 14, 2024, 7:06pm

@MArkWilliams tagging you in as I’ve seen you reply on other matters to do with companies house issues, are you able to help with this at all?

development.uk · April 16, 2024, 3:15pm

Hi, when calling the officers API we have also been getting a 401 CORS error, starting from last week Tuesday 9th April. All other API calls (such as for filing history) are working fine, it’s specifically officers with the issue.

Error returned (where 123456 would be a valid company id):
Access to fetch at 'https://api.companieshouse.gov.uk/company/123456/officers?items_per_page=100&start_index=0' from origin (origin) has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

API call:
fetch( 'https://api.companieshouse.gov.uk/company/${companyNumber}/officers?items_per_page=100start_index=0', { headers: { Authorization: 'Basic ' + 'XXXXXXXXXXXXX' } } )

There’s been no changes on our side, and all other API calls (constructed in the same way, with same auth) work aside from company officers.
We would also like to know if there’s been changes to the officers API, or any currently known issues with the officers API. Thank you

george.morriss · April 17, 2024, 11:45am

Hi @MArkWilliams, are you able to help with this? we are also receiving the same error

jamie · April 22, 2024, 9:59am

Hi,

Are we able to get an update if this is expected behaviour now or if this is a confirmed issue?

Thanks!

MArkWilliams · April 24, 2024, 9:39am

We are not able to reproduce this, but we are investigating.
For clarity, are you only having issues with one of our API’s, officers? All others are ok?
If anyone has any other details that may help, please feel free to add here.
If there is anyone who does not have issues, also please shout…

jamie · April 24, 2024, 10:08am

Hi @MArkWilliams,

Thanks for the response. Yes we are only having issues with the officers API - which is giving the CORS error. As far as i’m aware the others are working fine (we also use the company search/company profile and they work fine). We use the same API key calling both with one working and one not so domains are correct.

Thanks!

ed.reid · April 24, 2024, 3:44pm

Hi @MArkWilliams ,

We are experiencing this same problem. As others have mentioned, all other request areas that we use are working okay with the same API Key, it is just the requests to the Officers API that are returning a 401 code where it wasn’t previously. This is causing significant issues for us so we appreciate you taking the time to look into this!

Thank you,
Ed

MArkWilliams · April 24, 2024, 4:38pm

We are still unable to reproduce this, but are still investigating. We are now looking at all deployments and changes. We have 2 dates from this forum post here of 9th April and 12th April. Does anyone have a more accurate date or time when they first experienced this?

srshankirth · April 25, 2024, 9:31am

@MArkWilliams ,

We see the same problem specifically with officers API and the issue is consistently occurring.
The successfull request, response from my end on 27-March-2024.
Please note we have not received request after 27th March until 12th Apr on my app end.

Hence, I would suggest you to check the deployments or any change which was done from company house between 28th Mar “To” 12th Apr.

srshankirth · April 29, 2024, 7:32am

Hi @MArkWilliams ,
could you please let us know if the problem is identified and for fix.

andrew2 · April 30, 2024, 10:18am

@MarkWilliams If you want a demo of the problem, use the refresh icon on this page with the F12 del tools window open:
https://www.myeventflo.com/crisp/compare.aspx
(green circle arrow buttons)
If I remove the fetch_officer_data() function I get company and PSC data just fine. All three fetch functions use the same requester function sendRequest() which has
var headers = new Headers({
‘Authorization’: 'Basic ’ + apikey64,
‘Content-Type’: ‘text/json’,
‘Origin’: ‘https://www.myeventflo.com/’
});
const options = {
method: method,
headers: headers,
mode: ‘cors’
};

srshankirth · April 30, 2024, 1:44pm

Hi @MArkWilliams ,

Could you please check if the change implemented as per below link causing an problem on this current ongoing issue.