You haven’t said exactly how you put in the “API KEY” part but I’m guessing this is just your plain text API key. If so, that’s the first issue - solution below.
2nd point - you mentioned you’ve “no restricted IP’s or specified my own IP/added a host and Javascript access disabled for the Application”. You need to either:
a) to be running the PHP on a server that you’ve registered with Companies House or
b) (special case of above restriction) you can run on a “localhost” server if you follow the workaround in the following thread:
https://forum.aws.chdev.org/t/allow-localhost-javascript-domain/83
So just running your PHP code on some computer that Companies House doesn’t know won’t work - you’ll likely get a 403 Forbidden.
Back to point 1 - since this is http basic authorization you need to supply a) a username and password and b) this needs to be base64 encoded. In this case the “username” is your API key, the password is blank. You can do this yourself of course but there’s a CURLOPT in PHP exactly for this - CURLOPT_USERPWD.
Other things to make it simpler - since you’re not actually passing any JSON to Companies House you can skip the header for this, and you don’t need the content-length either. If you really wanted to spell things out you could pass an “Accept:” header with the mime types that you can accept. PHP also provides curl_setopt_array() to make this simpler too. I don’t know which version of PHP you have but since about PHP 5.4 there’s the shorter array syntax. So a final assumption that you’re on an older version of PHP suggests you might need to spell out that you’re actually checking certificates with https. Note that this needs up-to-date certificates to be present - you can use CURLOPT_CAPATH / CURLOPT_CAINFO options to point the system to these if required.
So that would give you something like (not tested):
$URL = "https://api.company-information.service.gov.uk/company/01234567/persons-with-significant-control";
$apikey = "the ch api key here";
$acceptTypes = [ "application/json" ]; // any types you support - not strictly necessary here
$ch = curl_init();
$headers = [ 'Accept:' . implode(', ', $acceptTypes) ];
curl_setopt_array($ch, [
CURLOPT_POST => true,
CURLOPT_URL => $URL,
// Our API key is the username - we need username:password
CURLOPT_USERPWD => $apikey . ":",
CURLOPT_HTTPHEADER => $headers,
// Make security explicit!
CURLOPT_SSL_VERIFYPEER => true, // default true per cURL 7.1
CURLOPT_SSL_VERIFYHOST => 2, // Should be the default e.g. secure.
]);
$request = curl_exec($ch);
if (!curl_errno($ch)) {
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
echo "Response code $http_code\n";
var_dump($request);
}
else {
echo curl_error($ch);
}
curl_close($ch);