Also getting CORS errors with persons with significant control endpoint.
fetch("https://api.companieshouse.gov.uk/company/10993724/persons-with-significant-control", {
"headers": {
"authorization": "Basic API_KEY",
},
"referrer": "https://b2bfinance.com/",
"referrerPolicy": "strict-origin-when-cross-origin",
"body": null,
"method": "GET",
"mode": "cors",
"credentials": "include"
});
Curl works as expected.
Still investigating sorry.
This is proving difficult to track down.
Hi @MArkWilliams,
Thanks for the last update. Are there any reportable updates on this issue today? Please donāt hesitate to let me know if you require any more information from our side to aid in your investigation.
Regards
No, sorry, nothing reportable. The random nature is proving a problem.
HI @MArkWilliams. Iām not sure if this is any help, but our feed appears to have stabilised over the last few days. Iāll keep monitoring, but others may still be experiencing issues.
Actually, that is very helpful, thank you.
During investigations, we have been restarting parts of the service and that might account for the recent improvement. Investigations still on-going though.
Hi @MArkWilliams, thanks for your continued investigation. Unfortunately, weāre still seeing errors our side, the latest happening @ 2024-07-29 10:36:05,042 BST:
Failed to query [https://api.company-information.service.gov.uk/company/13360403/filing-history?start_index=0&items_per_page=35]. HTTP Status [401]
Regards
Hi @MArkWilliams Weāve also seeing this particular issue, but only when attempting to use this endpoint (Companies House Public Data API: Company profile) - the general search endpoint seems to work fine (Companies House Public Data API: Search companies)
Weāre getting a 403 Forbidden error on the OPTIONS request and a CORS issue on the preflight (Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.).
This is happening when programmatically attempting to fetch data using Javascript. It was fine until recently (although I canāt say exactly the last time this worked, itās been a while since weāve attempted to use the direct company profile GET endpoint, mainly relying on the general search one).
I believe the error, { error: āInvalid Authorization headerā, type: āch:serviceā }, is happening because of the API key encoding. On the companies house dashboard the key is in hex format. When trying to use that key in axios call the url, https://api.companieshouse.gov.uk/search/companies?q=${searchTerm}, have been returning a response with status code 400, Bad request. Inside the response the returned data have the object, {error: āInvalid Authorization headerā, type: āch:serviceā }.
So I have converted the API key to base64 and it start working. Using postman it is possible to get the base64. Use the authorization tab to add Basic Authorization, username - API key and password - blank. Send a get request, then go to Headers tab where you can get the Authorization in base64.
Hi @MArkWilliams, there have not been any updates regarding this issue for 25 days now. Can you please provide an update on this issue. Is this considered resolved on your side or are you still investigating?
Regards
A fix has gone in for this CORS issue.
If you are making CORS requests you will need to ensure the api key that you are using has your site in the js_domains array.