API usage and website beta 403 Forbidden


I work for a large organisation that requires to undertake a significant number of checks on companies house each day (I believe it is thousands per day).

From time to time we have issues on the website where a 403 Forbidden HTML response is received. Out IT teams are having dialogue with companies house about this - I believe there is a restriction on our IP address making calls to the website.

I have created a simple application to check companies status which due to volumes I am utilising the companies house API. I have set up the call so it stops if it breaches the 600 limit per 5 minutes of API calls and can then be ran again a few minutes later to continue from where it stopped. When running this I found that the beta search website was returning a 403 restricted response to all users in our organisation (single IP address I assume).

What I wanted to get confirmation on is would putting volumes through the API impact 403 restrictions on the website? The calls will be originating from our same API but obviously calling slightly different address for the companies house service.



In your “simple application” (and your main one) you should be handling this using the rate limit headers CH send (on the http responses) rather than just counting up to 600. You may well be doing this already of course! Some info in and linked from this thread:

Not from Companies House myself but if I recall they certainly do take IP address into consideration (including requests to both the API and website access). I can’t find the specific item on this that I remember but from a couple of years ago this thread has a response:

Slightly more recently there’s a note about the API and more general (AWS) limits:

Good luck!

1 Like

Thanks @voracityemail
I am not counting I am using the header file rather than counting to 600 - I did initially put in a counter then very quickly realised it was a really bad approach!!!

Hopefully someone from companies house can confirm the limits point, to be explicit about the 2 different things I was talking about
My “simple application” calls https://api.company-information.service.gov.uk
The website used by most in my company is https://find-and-update.company-information.service.gov.uk
So what I am trying to understand is that if we already have high volumes via the website could calling the api from the same IP impact users in our organisation using the website. I appreciate the 600 / 5 min limit would be specific to the API key, but unclear about any high level limits which were referred to in the link voracityemail provided “API Limit Reached?”.

Thank you.

The API limit is a separate limit to the web site.

1 Like

Thank you @MArkWilliams