I am getting below error when calling API ‘https://api.company-information.service.gov.uk/company/01234567/persons-with-significant-control’
{
“error”: “Invalid Authorization”,
“type”: “ch:service”
}
I have passed api key in ‘Authorization’ key as 'Bearer ’ + [API Key]
I have also tried to do base 64 encoding then passed api key and also tried by selecting basic authentication and provided username and password still getting same error.
Is that the streaming API and did you remember to place the colon before base64 encoding?
Refer to the documentation (Using basic Authentication towards the bottom) Streaming API: (company-information.service.gov.uk)
Hi,
It took me a while to get past this too!
I called the API via postman and VBA code and for both found:
In the authorization
In the header send “Authorization”: “Basic xxxxxxx”, where xxxxxxx is the converted from HEX.
Postman created the automatically after I entered the details on the authorisation tab, so I would recommend getting the call working there first and then you can copy the value to which ever tool you use.
For info here is the vba code I use, which may give you an idea for wherever you plan to implement:
Dim AuthKey As String, URL As String, Response As String
AuthKey = "KEY_IN_HEX_FORMAT_PROVIDED"
URL = “https://api.company-information.service.gov.uk/company/” & strCompanyNumber
' call to API and get response
With CreateObject("Microsoft.XMLHTTP")
.Open "GET", URL, False, AuthKey
.SetRequestHeader "Authorization", "Basic *KEY_TRANSFORMED_FROM_HEX_FORMAT*”
.SetRequestHeader "Content-Type", "application/json"
.SetRequestHeader "Accept", "application/json"
.Send
Response = .ResponseText
Remaining = .getResponseHeader("X-Ratelimit-Remain")Can you please tell me anywhere at all that mentions HEX in the API dpc?
I think chrisW is referring to manually creating the http Basic Authorization header. This is covered (briefly) here:
https://developer.company-information.service.gov.uk/authentication
See Wikipedia or MDN for details.
(Or search this forum…)
There used to be more extensive help on this at Companies House. That disappeared in their last revision. However http Basic Authorization is (or should be…) a well-known and simple protocol.
This does cause confusion and trouble, and I think this is due to 3 factors.
a) Companies House operate a collection of freely accessible APIs to access important government information. People from all kinds of organisations and backgrounds will be interested in this.
b) This means that there are widely differing levels of expertise - especially people being unfamiliar with http Basic authentication. Many will be trying to access data with tools which can make http requests but where they’ve never done authentication / dealt with more complex http communication. So people can request data from a URL but haven’t done much more (REST API / other client/server interaction). Indeed a substantial minority of users appear not to be coming from e.g. programming backgrounds.
c) The wide range of languages / libraries / tools being used means that it wouldn’t be feasible to cover how to achieve this in each (even assuming it’s possible). Luckily there’s this forum! Many languages / tools have their own quirks and some may make this process less clear or harder than it might be.
Hi Mike,
I am just sharing what I found to work from trial and error - I could not get it working from the instructions provided either! The user name provided is already in hex format so that is just a copy and paste - no need to worry about formats. It was after frustration and just trying anything I could think of that I converted it from hex for the authorization line in the header - voracityemail is correct that this is for creating the Authroization Basic header manually.
I hope this helps gets you up and running!
Chris
Hi Chris,
Thanks for your reply. I’m obviously not converting my API Key correctly… I am currently converting the Hex key provided by CH (including 3 dash characters) into Bas64 and it isn’t working. I have used a working key and my key is longer… Am I supposed to be converting the Hex key provided into Base64 or into another format first? I know the key is the problem as the key in Eoin’s script works… Thanks, Mike
I am using the Restful API. I am taking my API key as providing by companies house appending a colon and then encoding to Base 64…when I pass as user name in Basic Authentication with no password it is rejected 401. When I use someone else’s key in postman it works. I noticed that they have a colon at the end of their key??? OS they’ve clearer appended a plain text Ascii colon to teh end of their key in Postman… none of this is contracted behaviour…
Sounds like you’re still having issues. The exact details depend on exactly what Postman expects in its fields and what you’re doing within it. That’s why I use something simple e.g. curl where you can see exactly what data is being passed to and fro. (Postman may do this also, I just don’t know it). I highly recommend you try this to confirm that your API key / registered IP address / local host setup (if relevant) etc. all works - outside of whatever tool you’re using (e.g. Postman
So I can assure you that http Basic is being used by Companies House and it does work as it should. You refer to “taking my API key as providing by companies house appending a colon and then encoding to Base 64” - that is indeed what is actually sent in a http header field but that’s not necessarily what you need to put in to Postman though. Note that this is both username and password (the colon separates the two). So if you’ve got a space for a username and a password in the tool you’re using that would suggest that it (Postman) expects your API key - with no encoding and without a colon appended, plus a blank in password box (if that’s allowed!) It would suggest to me that (like in the curl example below) Postman will do the encoding part for you. I don’t know for sure though!
Again just for illustration here’s a trace of what you get when doing this via curl so you can see what’s actually sent. I’ve replaced our real API key with a fake one. Note that in curl - and this may differ for other tools - the syntax for supplying details for http Basic is:
-u username:password
… and this is automatically turned into what is actually sent, the base64-encoded string e.g. base64(username + “:” + password). In the curl trace (turned on using the -v flag) - I’ve highlighted this and I’ve also omitted some details for clarity - marked “[…]” in 3 places. The lines marked with “>” are being sent to the server and those with “<” received from the server. (I’ve left in the rate limiting headers as these may be of interest at some later point.)
curl -v -u YOUR_API_KEY: "https://api.company-information.service.gov.uk/company/NF004299"
* About to connect() to api.company-information.service.gov.uk port 443 (#0)
[...]
* Server auth using Basic with user 'YOUR_API_KEY'
> GET /company/NF004299 HTTP/1.1
> Authorization: Basic WU9VUl9BUElfS0VZOg==
> User-Agent: curl/7.29.0
> Host: api.company-information.service.gov.uk
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Mon, 28 Feb 2022 09:47:31 GMT
< Content-Type: application/json
[...]
< X-Ratelimit-Limit: 600
< X-Ratelimit-Remain: 596
< X-Ratelimit-Reset: 1646041881
< X-Ratelimit-Window: 5m
< Server: CompaniesHouse
<
{"date_of_creation":"2008-11-18","company_name":"PLATTS DRIEVAP ENGINEERING LIMITED", [...] }
Hope this helps.
Hi Mike,
I suggest trying postman.
On the “Authorization” tab ensure you select Basic Auth, and then copy the username / key exactly as provided by the CH - do not add anything. Password is left blank.
When you then go to headers tab it should have automatically added the Authorization line. this will "Basic " followed by the username / key (already been converted from Hex).
I did not do anything beyond this, to test in postman. I then used the values from postman in the application I created.
Hope this helps, not sure I can add much more to be honest!
Chris