I don’t know about Postman specifically but sounds like you’re trying to submit an http request to Amazon with the Companies House http authentication. Getting the document involves:
- Your request to CH, providing your http authentication to them.
- A response from CH which is a redirect to the Amazon server location which includes Amazon’s authentication as part of the URL.
- You “following” the redirect above e.g. making a request to Amazon without the CH http authentication but just using the URL provided. (I think it’s valid for a minute or something - I’ve seen this reported on this forum in a sub-post.)
Below is an example of the http header CH send in step 2. This is a redirect (http 302) to the document - note this is an old example and this may have changed:
HTTP/1.1 302 Found
Content-Type: text/plain; charset=utf-8
Date: Fri, 02 Feb 2018 10:20:19 GMT
Location: https://s3-eu-west-1.amazonaws.com/document-api-images-prod/docs/rhGzkJTFYsHvVaxfCKoULRDeOJnASnQjIXBnLTTdWSU/application-pdf?AWSAccessKeyId=ASIAJNZNPGQ75DNEHQBA&Expires=1517566879&Signature=NaMBDQUJwMToQhmir5pP8NUV9jg%3D&x-amz-security-token=[..snipped this bit as it's long..]
Server: nginx/1.8.0
X-Ratelimit-Limit: 600
X-Ratelimit-Remaining: 599
X-Ratelimit-Reset: 1517567119
Content-Length: 0
Connection: keep-alive
I’ve also noted the whole process as I understand it in the following post: