{"__v":3,"_id":"564e53f5c3553e0d003e53c3","category":{"__v":5,"_id":"564de2ddfe07a81700b5c3a9","pages":["564de2ddfe07a81700b5c3ab","564df4ab5eab6e0d0069ca13","564e53f5c3553e0d003e53c3","564e556e2b223c2b00496a37","56a7b36ecf6d771700baeefb"],"project":"564de2dbfe07a81700b5c3a5","version":"564de2dbfe07a81700b5c3a8","sync":{"url":"","isSync":false},"reference":false,"createdAt":"2015-11-19T14:55:25.130Z","from_sync":false,"order":0,"slug":"documentation","title":"Documentation"},"parentDoc":null,"project":"564de2dbfe07a81700b5c3a5","user":"564de2b4fe07a81700b5c3a4","version":{"__v":8,"_id":"564de2dbfe07a81700b5c3a8","project":"564de2dbfe07a81700b5c3a5","createdAt":"2015-11-19T14:55:23.838Z","releaseDate":"2015-11-19T14:55:23.837Z","categories":["564de2ddfe07a81700b5c3a9","564df317826645210097a890","564df3217c8f372b00b934df","564e5227c3553e0d003e53ba","5666dac5d784a70d00397bcb","56cd08ddd98d851d00c0c3bd","56e9a50946bfd60e008840a7","5718e37bf8f7de1900683fad"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"updates":[],"next":{"pages":[],"description":""},"createdAt":"2015-11-19T22:57:57.594Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":1,"body":"[block:callout]\n{\n  \"type\": \"success\",\n  \"title\": \"Need an API Key?\",\n  \"body\": \"No problem! Sign up for one at [app.embed.ly](https://app.embed.ly/signup)\"\n}\n[/block]\nTo authenticate your requests, include ``key`` as a query parameter, it should look like this::\n\n``https://api.embedly.com/:version/:endpoint?key=:key&<additional query parameters>``\n\nChoose ``:version`` and ``:endpoint`` depending on the part of the API that you want to access, e.g. ``1/oembed`` for the [/1/oembed](doc:oembed)  or ``1/extract`` for the [/1/extract](doc:extract). Replace ``:key`` with the unique API key shown in [the app dashboard](https://app.embed.ly)..\n\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Restricting Access\"\n}\n[/block]\nBy default, Embedly allows requests from anywhere. Tighter security is also an option. You can use the **API > Key** section of [the app dashboard](https://app.embed.ly) to create a whitelist of referrers and/or IP addresses that Embedly will accept requests from. All other requests will be rejected with a ``403 Forbidden`` response.\n\nWe use a simple \"globbing\" syntax for referrers, where ``*`` is a wildcard that will match any number of characters. To allow all traffic from ``yourdomain.com`` (but not its subdomains), you would enter ``yourdomain.com*``. To allow subdomains as well, you would make it ``*yourdomain.com*``. Take note of the wildcard at the end, which means that requests that indicate a path as well as a host (e.g. ``yourdomain.com/foo``) will be accepted.\n\nGlobbing works similarly for IP addresses. If all of your requests come from a cluster of servers with IP addresses in the range ``1.1.1.1`` to ``1.1.1.255``, then you would set a single rule ``1.1.1.*``.\n\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"OAuth\"\n}\n[/block]\nTwo-legged OAuth is supported as an alternative to key-based authentication.\n\nYour account can only be configured to use either key-based authentication or OAuth, not both. To switch from one form of authentication to the other, visit the **API > Key** section of [the app dashboard](https://app.embed.ly).","excerpt":"Embedly requires authentication on all endpoints.","slug":"authentication","type":"basic","title":"Authentication"}

Authentication

Embedly requires authentication on all endpoints.

[block:callout] { "type": "success", "title": "Need an API Key?", "body": "No problem! Sign up for one at [app.embed.ly](https://app.embed.ly/signup)" } [/block] To authenticate your requests, include ``key`` as a query parameter, it should look like this:: ``https://api.embedly.com/:version/:endpoint?key=:key&<additional query parameters>`` Choose ``:version`` and ``:endpoint`` depending on the part of the API that you want to access, e.g. ``1/oembed`` for the [/1/oembed](doc:oembed) or ``1/extract`` for the [/1/extract](doc:extract). Replace ``:key`` with the unique API key shown in [the app dashboard](https://app.embed.ly).. [block:api-header] { "type": "basic", "title": "Restricting Access" } [/block] By default, Embedly allows requests from anywhere. Tighter security is also an option. You can use the **API > Key** section of [the app dashboard](https://app.embed.ly) to create a whitelist of referrers and/or IP addresses that Embedly will accept requests from. All other requests will be rejected with a ``403 Forbidden`` response. We use a simple "globbing" syntax for referrers, where ``*`` is a wildcard that will match any number of characters. To allow all traffic from ``yourdomain.com`` (but not its subdomains), you would enter ``yourdomain.com*``. To allow subdomains as well, you would make it ``*yourdomain.com*``. Take note of the wildcard at the end, which means that requests that indicate a path as well as a host (e.g. ``yourdomain.com/foo``) will be accepted. Globbing works similarly for IP addresses. If all of your requests come from a cluster of servers with IP addresses in the range ``1.1.1.1`` to ``1.1.1.255``, then you would set a single rule ``1.1.1.*``. [block:api-header] { "type": "basic", "title": "OAuth" } [/block] Two-legged OAuth is supported as an alternative to key-based authentication. Your account can only be configured to use either key-based authentication or OAuth, not both. To switch from one form of authentication to the other, visit the **API > Key** section of [the app dashboard](https://app.embed.ly).