Getting Unauthorized/401 error

I’m encountering authentication issues with the Companies House API and would appreciate your assistance.

Details:

  • API Key: …971
  • Endpoint: GET /company/00926862
  • Error: {“error”:“Invalid Authorization”,“type”:“ch:service”}

Troubleshooting steps taken:
✓ Verified API key is correctly formatted (no spaces/special characters)
✓ Tested both raw key and base64 encoded versions
✓ Confirmed environment variables are properly set

The authentication fails consistently through all programmatic access methods.

Could you please:

  1. Verify if my API key (…971) is active and properly configured?
  2. Confirm if there are any known authentication issues?

Thank you for your time and support. I look forward to your response.

Lots of things can give you a 401.

Registering a test / sandbox rather than a live application may cause issues apparently?

Did you register you IP with Companies House when setting up (or a javascript domain if using js)?

If you’re using a localhost server, you’ll need the workaround for that (search this forum).

Companies House uses http Basic authorization. This seems to be a major stumbling block for people - perhaps it’s no longer very common, or exactly how you do that within different languages / tools / environments varies. (e.g. curl expects a plaintext username:password string, some systems may require you “roll your own” http Authorization header including base64 encoding etc.

The other source of issues may be that the API key is in fact the username part of this - the password is blank. if using something like e.g. curl or creating your own http Authorization header you need to include the separator character (“:”) - even though you supply no password after that!

Search this the forum (magnifying glass icon) - you’ll find guidance for how to do this in a large range of languages / tools / environments.

As always if you can I highly recommend using curl or some other simple tool which allows you to see exactly what data is being sent to the server and what is being received.

The form with curl would be e.g. -v flag for verbose, -u to supply the username (API key), separator (“:”) and password (empty):

curl -v -u YOUR_API_KEY_HERE: https://api.company-information.service.gov.uk/company/00926862

You will be able to see the http Authorization header there, and also the exact response.

Good luck.

I have created api key with live mode, and that api key is working