This causes so much confusion! If you don’t know what the tool / program you’re using is doing you will also be confused by reading what the http protocol parts are…
(As an extra hurdle Companies House has a live and sandbox thing going on - I joined up before this so am not quite sure about this but the advice is “use the live api key / settings” if that helps - if you’re unsure about that search the forum).
You can either:
a) let a tool - be it Power Automate, curl, javascript etc. create the appropriate authorisation headers for you (in which case you have to follow the conventions for what / where your tool expects the information).
OR
b) if you want to pass headers yourself it’s entirely up to you to do all the encoding
Using curl is a good idea to test this. So you’ve got something base64-encoded there. That’s correct, but if that’s a true reflection of the end of the api key (e.g. …aW5lZA==) then the answer’s simple - you’re missing the “:” on the end. You have to concatenate this to your API key because - in the http Basic protocol - you have a username:password and the whole lot is then base64-encoded and put after “Basic” in the header. Curl can do this for you. Try:
curl -v -u MY_API_KEY_HERE: 'https://api.company-information.service.gove.uk/search/companies?q=tesco'
… you need to replace MY_API_KEY_HERE with your own API key - don’t encode it in any way, just use the plain text. Make sure there is a “:” after it, whatever it is. (-u means “username and password using http Basic” - and they are separated using the “:” and it’s OK to have a blank password. The -v is verbose). That will print out (lots) of information (you can limit this a little bit by eg. adding &items_per_page=2
to the end of the query string - and of course you don’t have to have “tesco”, choose your favourite supermarket - remember this is a URL though so spaces and many other characters will need url-encoding!).
You’ll see something like:
* Trying 18.135.64.196:443...
* Connected to api.company-information.service.gov.uk (18.135.64.196) port 443 (#0)
...
> GET /search/companies?q=tesco HTTP/2
> Host: api.company-information.service.gov.uk
> authorization: Basic BASE64STUFF
>
The “>” characters are being used here to mark (for clearer display) lines that are being sent to the server. The line authorization: Basic BASE64STUFF
(where BASE64STUFF
will actually be the base-64-encoded (your API key + : ) ) is exactly the “header” you want to be sending to the server. To confirm that try copying that into your initial curl statement. You don’t actually need the -X 'GET
’ or -H 'accept: ...'
I think - but no harm in them here:
curl 'https:...' -H 'authorization: Basic BASE64STUFF'
(Obviously the entire authorization parameter is what you’ve copied from the curl verbose output). If that works then you should be off to the races! Good luck.