Sounds like you’re still having issues. The exact details depend on exactly what Postman expects in its fields and what you’re doing within it. That’s why I use something simple e.g. curl where you can see exactly what data is being passed to and fro. (Postman may do this also, I just don’t know it). I highly recommend you try this to confirm that your API key / registered IP address / local host setup (if relevant) etc. all works - outside of whatever tool you’re using (e.g. Postman
So I can assure you that http Basic is being used by Companies House and it does work as it should. You refer to “taking my API key as providing by companies house appending a colon and then encoding to Base 64” - that is indeed what is actually sent in a http header field but that’s not necessarily what you need to put in to Postman though. Note that this is both username and password (the colon separates the two). So if you’ve got a space for a username and a password in the tool you’re using that would suggest that it (Postman) expects your API key - with no encoding and without a colon appended, plus a blank in password box (if that’s allowed!) It would suggest to me that (like in the curl example below) Postman will do the encoding part for you. I don’t know for sure though!
Again just for illustration here’s a trace of what you get when doing this via curl so you can see what’s actually sent. I’ve replaced our real API key with a fake one. Note that in curl - and this may differ for other tools - the syntax for supplying details for http Basic is:
-u username:password
… and this is automatically turned into what is actually sent, the base64-encoded string e.g. base64(username + “:” + password). In the curl trace (turned on using the -v
flag) - I’ve highlighted this and I’ve also omitted some details for clarity - marked “[…]” in 3 places. The lines marked with “>” are being sent to the server and those with “<” received from the server. (I’ve left in the rate limiting headers as these may be of interest at some later point.)
curl -v -u YOUR_API_KEY: "https://api.company-information.service.gov.uk/company/NF004299"
* About to connect() to api.company-information.service.gov.uk port 443 (#0)
[...]
* Server auth using Basic with user 'YOUR_API_KEY'
> GET /company/NF004299 HTTP/1.1
> Authorization: Basic WU9VUl9BUElfS0VZOg==
> User-Agent: curl/7.29.0
> Host: api.company-information.service.gov.uk
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Mon, 28 Feb 2022 09:47:31 GMT
< Content-Type: application/json
[...]
< X-Ratelimit-Limit: 600
< X-Ratelimit-Remain: 596
< X-Ratelimit-Reset: 1646041881
< X-Ratelimit-Window: 5m
< Server: CompaniesHouse
<
{"date_of_creation":"2008-11-18","company_name":"PLATTS DRIEVAP ENGINEERING LIMITED", [...] }
Hope this helps.