Error: Invalid Authorization header, type: ch:service

Hey Everyone,

I’ve search this forum and most answers on Google for a solution to this but struggling. Based on this guide Python Data Interface to Companies House which is pretty recent and the Company House + resource solutions from on here I cannot get this simple Python script to work.

I’ve registered my app and got a REST API key. My script is below but I always seem to get auth error and cannot get passed it.

    r = requests.get('', auth=('xxxxx-xxxxx-xxxxx- 
   xxx', ''))

{"error":"Invalid Authorization header","type":"ch:service"}

I have tried a lot of stuff, any help or guidance would be greatly appreciated.

SOLVED: Hopefully this helps someone else.

I tried every answer on this forum using the error message but the issue was with the application I’d setup…

Re-created my app in ‘LIVE’ mode and everything works as expected.

I did get my script working with a sandbox url? But the data returned was always empty. If anyone can explain where I was going wrong with my script on a test account please feel free.

But for now I will create my application using live mode.

Hi I also encountered the same authorisation problem using my API Key created, and followed the instructions on this authentication docs page.

I think the issue is the service against which your authenticating isn’t clear in the docs. I had created a test application, and, following the documentation, was testing it against This was resulting in the same error as the other posters described above
{"error":"Invalid Authorization","type":"ch:service"}

Whereas if you create a test account, it looks like you should be hitting api-sandbox. When I issue a curl request against that url, I get a 404 response rather than a 401 (which means my requests are being successfully authorised, but there’s no data matching my request )

This indicates that ‘Test’ application API keys are to be used against api-sandbox It looks like they don’t work against live services.

If this is correct, It’s not that clear from the docs which urls to target based on the type of Application you have created. An explanatory note here would probably help here.