Issue with company filing history download API

We have tried to download company filing history using the API provided by CH. However, we are getting the below issue when we try to download.


<?xml version="1.0" encoding="UTF-8"?> InvalidArgument Only one auth mechanism allowed; only the X-Amz-Algorithm query parameter, Signature query string parameter or the Authorization header should be specified Authorization Basic YXVQRUNWRmJ5YWlVdFlZbkxIR1MyN2JydFJfdDdvQVladHptVVZPUDo= GQXGB51DZSPDTJPW o4BSWFEp3hmx1bIsZTd2AqvP1IdQ3RZnDT9PUPZupsWxXPr6k2rTz6jybdXYKHdMGuoLtnqh0vA=

Below is the code for your reference

c# code

var client = new RestClient(“”); var request = new RestRequest(Method.GET); request.AddHeader(“postman-token”, “59e4ac5d-446c-9367-d0ac-2841d6a4a15a”); request.AddHeader(“cache-control”, “no-cache”); request.AddHeader(“authorization”, “Basic YXVQRUNWRmJ5YWlVdFlZbkxIR1MyN2JydFJfdDdvQVladHptVVZPUDo=”); request.AddHeader(“accept”, “application/pdf”); IRestResponse response = client.Execute(request);

Please find the below attachment form postman

Please look into this issue and let us know the reason for the above error.

This gets pretty confusing and I don’t know Postman, but you don’t need the basic authorization header when downloading the document as AWS (where the documents are stored) has authorization is part of the URL.

I think that’s why you get the “Signature query string parameter or the Authorization header should be specified Authorization Basic” error, you can only have one or the other and not both.

I’m assuming you can just remove the authentication altogether in Postman? If that doesn’t work I’d just search “Postman” in this forum as there are quite a few threads on the topic, including some with similar errors to yours that were resolved.

Hi Team,

Thanks for the reply

As you mentioned above we have tried by removing the authorization from post man now we are the unauthorized issue

and also tried with by passing the authorization as query string parameter in URL

facing same
Unauthorized issue

please look into the above issue and help us to resolve

Did you have any luck with all the other threads on the topic? There are a several specifically about downloading documents through Postman.

Tried in all possible scenarios but unable to get the exact solution how to pass the authorization in query string parameter and what is the key and in which way we need to pass the authorization in header

As @ash says Postman is clearly passing your Companies House API key / http Basic authorization details on to Amazon and that is confusing it. Amazon has its own token-based authorisation system.

UPDATE - in fact i think a very recent post by me covers this all. The original question is about Python use but its exactly the same issue / process you need to understand:

Your images and post show you’re calling the Companies House Document API. You do need to pass the normal Companies House http Basic Authorization there (the API key).
Companies House respond with a http redirect to the Amazon AWS site.
If Postman is following this and passing the Companies House API key that’s (a) incorrect (as this is a different site) and (b) will confuse Amazon AWS.
There may be some settings in Postman which either:
a) stop it sending authorization details after the first call
b) allow you to choose whether it follows redirects or not. If you have problems with (a) you’ll have to stop Postman following the redirect response from Companies House. You’ll then need to trigger a second request with the link returned in the redirect response without passing the Companies House authorization.

This topic has been covered fairly frequently on this forum. This forum has a good search facility - you can search for this information. If you’re stuck try my post here and links from there:

I recommend working this through step-by-step with a tool like curl if you have trouble understanding what’s going on.

Good luck.

PS it is maybe not obvious but although Companies House support staff do look on here the majority of the posts come from other ordinary users of the system. So for example neither @ash or myself are Companies House employees or members. Just helpful individuals (or we try to be).

1 Like