Postman API call

I have registered a test account to see if I can get the API working.
In postman’s Authorization section I am using the “API Key” as the value and “Key Name” as key - but I get the following ( I have Add to Header enabled):

{“error”:“Empty Authorization header”,“type”:“ch:service”}

Set your Authorization type as “Basic Auth” and set your apikey as the username, blank password. Doesn’t make sense but it works.


I am still getting a 401 - “Invalid Authorization” response. See image.
Am I using the correct url to retrieve data on a company (I have inserted a dummy value in url)?

Try this instead -

so for example

why do you guys give wrong answers?What’s wrong with you.

@sachin.vbsllp i’m sorry do you have the correct answer then? I am only giving this answer because i have a full postman api collection and its working and i am using them in a live project.

Here is a screenshot of KPMG LLP (OC301540)


1 Like

I changed
Application environment - test
Application environment - live
it works for me now.


@jeremy where did you do this? I have not had to do set this anywhere?

@berto did you get this working evenutally

for ‘test’
I had received
“error”: “Invalid Authorization”,
“type”: “ch:service”

for ‘live’
response is good

1 Like

thanks @jeremy it looks like this has been recently updated there was no “manage application” section before where you had you had to choose live or test. just create an api key and use.

@jeremy’s answer is the crucial answer here.

Luckily, I guessed this from an almost entirely unrelated post in another thread before reading this one, but not before I’d spent a fruitless hour going back and forth with my code and eventually performing the example curl call with no success.

Sorry for shouting, but…

To access the live you must have a ‘live’ application.

1 Like

This did it for me. Why do they have test API keys if they don’t work…

It worked for me with the live API key:


Authorization: Basic Auth (username: {your api key}, Password: blank)

“undeliverable_registered_office_address”: false,
“type”: “ltd”,
“date_of_creation”: “1982-03-24”,
“has_been_liquidated”: false,
“company_name”: “MICROSOFT LIMITED”,
“jurisdiction”: “england-wales”,
“accounts”: {
“overdue”: false,
“last_accounts”: {
“type”: “full”,
“period_end_on”: “2022-06-30”,
“made_up_to”: “2022-06-30”,
“period_start_on”: “2021-07-01”
“next_accounts”: {
“period_end_on”: “2023-06-30”,
“period_start_on”: “2022-07-01”,
“due_on”: “2024-03-31”,
“overdue”: false
“accounting_reference_date”: {
“day”: “30”,
“month”: “06”
“next_made_up_to”: “2023-06-30”,
“next_due”: “2024-03-31”
“company_number”: “01624297”,
“registered_office_address”: {
“address_line_1”: “Microsoft Campus”,
“region”: “Berkshire”,
“postal_code”: “RG6 1WG”,
“address_line_2”: “Thames Valley Park”,
“locality”: “Reading”
“sic_codes”: [
“last_full_members_list_date”: “2016-06-24”,
“company_status”: “active”,
“has_insolvency_history”: false,
“etag”: “c12dfbc102246d5febcec29bf2718c4beb5e15ab”,
“has_charges”: true,
“previous_company_names”: [
“ceased_on”: “1983-06-16”,
“effective_from”: “1982-05-25”
“ceased_on”: “1982-05-25”,
“effective_from”: “1982-03-24”
“confirmation_statement”: {
“overdue”: false,
“last_made_up_to”: “2022-06-23”,
“next_due”: “2023-07-07”,
“next_made_up_to”: “2023-06-23”
“links”: {
“self”: “/company/01624297”,
“filing_history”: “/company/01624297/filing-history”,
“officers”: “/company/01624297/officers”,
“charges”: “/company/01624297/charges”,
“persons_with_significant_control_statements”: “/company/01624297/persons-with-significant-control-statements”,
“persons_with_significant_control”: “/company/01624297/persons-with-significant-control”
“registered_office_is_in_dispute”: false,
“has_super_secure_pscs”: false,
“can_file”: true

Finally! This worked for me, thanks for the help.
The docs/error messages need a little work.

What’s wrong with my request? I am using key of a live environment! :disappointed_relieved:

I don’t use Postman but the answers above should cover all the pitfalls. The only one I didn’t see was that you have to be calling Companies House from somewhere you’ve informed them about first when registering your app. So either an IP you registered with them (for use on a local server / locahost search the forum for the workaround for this) OR (for javascript / from browser) a hostname you’ve registered with them.

The response means what it says I think - the issue is in the header so the key or the format of the Authorization header aren’t to Companies House’s liking.

Double-check your API key as well, several people have gone a long way then found they weren’t using the key they thought they needed e.g. they’d an old key, or had the non-live key, or extra spaces…

I’d ensure that you’re ONLY sending the Authorization header (you don’t need things like Content-type, Accepts etc. for this request).

Apparently there are some ways to check what you’re actually sending in Postman. See here:

… and check that the value it’s actually sending in the header is per the standards e.g. see here (lots and lots of examples on this site also).

Finally it’s sometimes helpful to try another tool e.g. curl if you’ve got access to that (from your registered server) - it’s really simple and you can turn on a very verbose mode to inspect traffic.

Good luck.

Thanks for your reply @voracityemail , I ended up using collection provided here GitHub - uglyeoin/companies_house_api__postman: JSON Import file for the companies house API. Test the companies house API with no knowledge other than something like your company number. You will need to replace all of the variables within the API to your own variables. and it worked for me.

1 Like