Embedly requires authentication on all endpoints.
Need an API Key?
No problem! Sign up for one at app.embed.ly
To authenticate your requests, include
key as a query parameter, it should look like this::
https://api.embedly.com/:version/:endpoint?key=:key&<additional query parameters>
:endpoint depending on the part of the API that you want to access, e.g.
1/oembed for the /1/oembed or
1/extract for the /1/extract. Replace
:key with the unique API key shown in the app dashboard..
By default, Embedly allows requests from anywhere. Tighter security is also an option. You can use the API > Key section of the app dashboard to create a whitelist of referrers and/or IP addresses that Embedly will accept requests from. All other requests will be rejected with a
403 Forbidden response.
We use a simple "globbing" syntax for referrers, where
* is a wildcard that will match any number of characters. To allow all traffic from
yourdomain.com (but not its subdomains), you would enter
yourdomain.com*. To allow subdomains as well, you would make it
*yourdomain.com*. Take note of the wildcard at the end, which means that requests that indicate a path as well as a host (e.g.
yourdomain.com/foo) will be accepted.
Globbing works similarly for IP addresses. If all of your requests come from a cluster of servers with IP addresses in the range
18.104.22.168, then you would set a single rule
Two-legged OAuth is supported as an alternative to key-based authentication.
Your account can only be configured to use either key-based authentication or OAuth, not both. To switch from one form of authentication to the other, visit the API > Key section of the app dashboard.