Power Automate Custom Connector Authorization

Has anyone managed, recently, to create a custom connector in Power Automate?
If I use the “BASIC” method and look to putting my API_Key: into username and blank password AND I try to put “Authorization” as a header, I get the following error:

‘Authorization’ header is not allowed. Use ‘API Key’ authentication type in the Security tab to set this header.


Not personally, I don’t use that - but if you search on this forum you’ll find several threads.

Here’s the latest one (mention of “Azure Synapse” but it may be a similar / the same dialog box):

I also recommend Google! Google reveals the following question and answers on Power Automate from a couple of years ago - apparently covering your situation:

I would not expect putting in something which suggests the program will do the authorization for you (the BASIC method) AND an Authorization header would work. That sounds like you’ll end up repeating the header - and it seems the program you’re using is detecting this hence the complaint.

I would imagine either just using the BASIC method would work OR manually filling in the appropriate details in an Authorization header. If you do the latter I imagine you’ll have to fill in what comes after the “Authorization:” part including encoding the values per the http basic specifications. So if your API key is “API_KEY” you’d encode that and the password (blank) - separated by “:” - in base-64:

Base 64 ( API_KEY: ) = “QVBJX0tFWTo=”

and put the following in the “authorization header contents” box (or whatever it’s called in your program):

Basic QVBJX0tFWTo=

Which will end up being sent as the header line:

Authorization: Basic QVBJX0tFWTo=

Thanks for your response.
I have been through all of these posts, before and again after your response, but for the life of me I cannot make sense of the way gov.uk wants this formatted. I have used several other API’s using Custom Connectors without these issues.
I have manually Base 64 encoded my API Key and checked against the encoded API key when used in the connector and they match, so I am happy that part is right.
When I run a test from the swagger editor, using the unencoded API Key this is the result:

Encoded API Key looks OK, header looks ok but returns the error code.

This causes so much confusion! If you don’t know what the tool / program you’re using is doing you will also be confused by reading what the http protocol parts are…

(As an extra hurdle Companies House has a live and sandbox thing going on - I joined up before this so am not quite sure about this but the advice is “use the live api key / settings” if that helps - if you’re unsure about that search the forum).

You can either:
a) let a tool - be it Power Automate, curl, javascript etc. create the appropriate authorisation headers for you (in which case you have to follow the conventions for what / where your tool expects the information).
b) if you want to pass headers yourself it’s entirely up to you to do all the encoding

Using curl is a good idea to test this. So you’ve got something base64-encoded there. That’s correct, but if that’s a true reflection of the end of the api key (e.g. …aW5lZA==) then the answer’s simple - you’re missing the “:” on the end. You have to concatenate this to your API key because - in the http Basic protocol - you have a username:password and the whole lot is then base64-encoded and put after “Basic” in the header. Curl can do this for you. Try:

curl -v -u MY_API_KEY_HERE: 'https://api.company-information.service.gove.uk/search/companies?q=tesco'

… you need to replace MY_API_KEY_HERE with your own API key - don’t encode it in any way, just use the plain text. Make sure there is a “:” after it, whatever it is. (-u means “username and password using http Basic” - and they are separated using the “:” and it’s OK to have a blank password. The -v is verbose). That will print out (lots) of information (you can limit this a little bit by eg. adding &items_per_page=2 to the end of the query string - and of course you don’t have to have “tesco”, choose your favourite supermarket - remember this is a URL though so spaces and many other characters will need url-encoding!).

You’ll see something like:

*   Trying
* Connected to api.company-information.service.gov.uk ( port 443 (#0)
> GET /search/companies?q=tesco HTTP/2
> Host: api.company-information.service.gov.uk
> authorization: Basic BASE64STUFF

The “>” characters are being used here to mark (for clearer display) lines that are being sent to the server. The line authorization: Basic BASE64STUFF (where BASE64STUFF will actually be the base-64-encoded (your API key + : ) ) is exactly the “header” you want to be sending to the server. To confirm that try copying that into your initial curl statement. You don’t actually need the -X 'GET’ or -H 'accept: ...' I think - but no harm in them here:

curl 'https:...' -H 'authorization: Basic BASE64STUFF'

(Obviously the entire authorization parameter is what you’ve copied from the curl verbose output). If that works then you should be off to the races! Good luck.

Appreciate the help here, tried your suggestion and the error returned looks very much like the error in the Power Automate tool:

So in that case the error means what it says - Companies House don’t recognise this.
This could be because:

  1. You’re using an incorrect API key

  2. You’re trying to access the live service with a non-live key

  3. You’re trying to use an OAuth token / secret where you need a Rest API key

  4. You’re trying to access the service from an IP / domain that you’ve not registered.

For the second point - this is the live / sandbox part I mentioned in a previous reply. You can check this by signing in to your applications:

You should see something like:

Given the urls you’re using if your app is in the test section it won’t work I think. You need to use the API key for a live app.

For the second / third / fourth points - select the application name for further details. The top shows whether it’s live or not, the lower section has some more info:

The key type - for access to the API you’re trying to use - should be “Rest API key”.
Along with your API key itself the key parts here are the Restricted IPs and Javascript domains. You can only use the API from an IP address you’ve registered with Companies House here OR - for use via javascript - a domain name listed here. So the machine where you’re running e.g. curl from via the command line needs to be have an external IP address listed here. You can use a “localhost” server but you need a workaround to do so currently. Search for “localhost” on this forum to see how to do that if you need.

So that’s a few things to check!

While I still can’t get this to work myself, totally failed, it was pointed out to me that there is now an official connector for Companies House that provides the data I need.

Glad you got round the problem even if you didn’t create it yourself.

For anyone else arriving here looking for Power Connector stuff a quick Google reveals:


(I’ve no connection with that - and don’t know if it’s free etc.)

You can find various instructional videos with Google for how to set up Custom Connectors yourself - I can’t vouch for any of these as I don’t use Power Automate or Microsoft solutions here.

That’s the connector I have used, only thing it lacks is a Search by name that returns a list, it requires Company Number first - it is free and works well.