Invalid Authorization - returns

hivetechnologies · February 5, 2026, 10:35am

I have a REST API application and key in the Companies House develper portal.
Application name: bdm-enrichment-backend
Key type: REST API key

I am calling:
GET https://api.company-information.service.gov.uk/company/00000006
with an Authorization header in this format:
Authorization: Basic {base64(“MYKEY:”)}

For example, in PowerShell:

powershell
$apiKey = “MYKEY”
$pair = “$($apiKey):”
$bytes = [System.Text.Encoding]::ASCII.GetBytes($pair)
$base64 = [Convert]::ToBase64String($bytes)
$headers = @{ Authorization = “Basic $base64” }
Invoke-WebRequest -Headers $headers -Uri “https://api.company-information.service.gov.uk/company/00000006” -Method Get

Every call returns:
{“error”:“Invalid Authorization”,“type”:“ch:service”}

Could you check my develper account and application configuration and confirm why this REST API key is not being accepted?

georgios · February 9, 2026, 9:50am

Been having the same issue …

voracityemail · February 9, 2026, 4:29pm

There are lots of posts covering this - one should help.

The general checklist is:

Did you register a live application? If not, create a live one (issues have been reported with the test / sandbox environment)
Are you calling the Companies House server from a browser (e.g. via javascript / something that was compiled to javascript)? If so ensure you’ve registered the domain name you’re calling from (in the app set up).
Are you calling calling the Companies House server from a server / cloud-based system / somewhere with a fixed IP? If so register that with Companies House (similar to above)
Are you using a locally hosted server / effectively running this locally on a machine (which doesn’t always present a fixed IP address to the outside world)? If so search the forum for the localhost workaround (basically create yourself a dummy domain).

Then after that, if you have issues, I’d recommend debugging the detail of the connection attempt. I don’t use Powershell but that may have some features to do so. If you can use curl then that can a) dump very detailed information on the connection and transfer and b) there is a parameter to allow you to enter the http Basic username/password without needing to encode this / make a header yourself, so you can check that is working as expected also.

An example of working through debugging is available e.g. here:

Good luck