Problem: some methods returns 403 Forbidden when HTTP request contains “Origin” Header.
For example methods /company/company/{companyNumber} and /advanced-search/companies have this issue
However, for example, https://api.company-information.service.gov.uk/search/companies method works well even in this case.
Details:
We use Company House API from Microsoft Power Platform (custom connector).
Last week the functionality stopped working.
Investigation are a bit difficult, due to Microsoft provides us with the service/platform, but we don`t have access to their infrastructure.
Currently, we have found that, it seems, that the Microsoft Power Platform sends a requests to Company House API with “Origin” http Header (Origin:https://make.powerautomate.com) that cause that some Company House API methods return 403 Forbidden.
It is hard to say, why the problem started last week (either MS did update or some changes or some changes were done in Company House API side)…
Any case, is it possible to allow requests to Company House API with “Origin” http Header?