| CARVIEW |
Select Language
HTTP/2 200
vary: Accept-Encoding
content-encoding: gzip
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-frame-options: DENY
content-security-policy: default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-1a1VltOd' blob: 'self' connect.facebook.net 'unsafe-eval' https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com https://*.google-analytics.com https://translate.google.com *.google.com gw.conversionsapigateway.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://analytics.google.com https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://stats.g.doubleclick.net gw.conversionsapigateway.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com https://*.google-analytics.com https://*.googletagmanager.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net *.doubleclick.net *.tenor.co *.tenor.com *.giphy.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ dc.ads.linkedin.com analytics.twitter.com t.co;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data: 'unsafe-eval';block-all-mixed-content;upgrade-insecure-requests;
document-policy: force-load-at-top
document-policy: include-js-call-stacks-in-crash-reports
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: unsafe-none
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
origin-agent-cluster: ?1
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: eN5dwH5PLHRbz0b1mjerAwz0jEj3twFHuIZYLBEGNaEBOvwxtmLWKFdKQhX7owtE/Eb/lLwSo90pjj4PtQWDAA==
date: Wed, 23 Jul 2025 07:05:56 GMT
x-fb-connection-quality: UNKNOWN; q=-1, rtt=-1, rtx=0, c=10, mss=1380, tbw=3532, tp=-1, tpl=-1, uplat=1167, ullat=0
alt-svc: h3=":443"; ma=86400
Graph API Reference v23.0: Oembed Post - Documentation - Meta for Developers
If you want to learn how to use the Graph API, read our Using Graph API guide.
Graph API Version
Oembed Post
On April 8, 2025, we introduced a new oEmbed feature, Meta oEmbed Read to replace the existing oEmbed Read feature. The current oEmbed Read feature will be deprecated on October 1, 2025.
- Apps created after April 8, 2025 that implement oEmbed will use the new Meta oEmbed Read feature.
- Existing apps that already use the current oEmbed Read feature will be automatically updated to the new Meta oEmbed Read feature by October 1, 2025.
The following fields are no longer returned and will be fully deprecated on October 1, 2025:
author_nameauthor_urlthumbnail_heightthumbnail_urlthumbnail_width
Read the oEmbed Updates blog post from Meta to learn more.
Reading
OembedPost
Example
GET /v23.0/oembed_post HTTP/1.1
Host: graph.facebook.com/* PHP SDK v5.0.0 */
/* make the API call */
try {
// Returns a `Facebook\FacebookResponse` object
$response = $fb->get(
'/oembed_post',
'{access-token}'
);
} catch(Facebook\Exceptions\FacebookResponseException $e) {
echo 'Graph returned an error: ' . $e->getMessage();
exit;
} catch(Facebook\Exceptions\FacebookSDKException $e) {
echo 'Facebook SDK returned an error: ' . $e->getMessage();
exit;
}
$graphNode = $response->getGraphNode();
/* handle the result *//* make the API call */
FB.api(
"/oembed_post",
function (response) {
if (response && !response.error) {
/* handle the result */
}
}
);/* make the API call */
new GraphRequest(
AccessToken.getCurrentAccessToken(),
"/oembed_post",
null,
HttpMethod.GET,
new GraphRequest.Callback() {
public void onCompleted(GraphResponse response) {
/* handle the result */
}
}
).executeAsync();/* make the API call */
FBSDKGraphRequest *request = [[FBSDKGraphRequest alloc]
initWithGraphPath:@"/oembed_post"
parameters:params
HTTPMethod:@"GET"];
[request startWithCompletionHandler:^(FBSDKGraphRequestConnection *connection,
id result,
NSError *error) {
// Handle the result
}];Parameters
| Parameter | Description |
|---|---|
maxwidthint64 | Maximum width of returned post. |
omitscriptboolean | Default value: falseIf set to true, the returned embed HTML code will not include any javascript. |
sdklocalestring | sdklocale |
urlURI | The post's URL. Required |
useiframeboolean | Default value: falseuseiframe |
Fields
| Field | Description |
|---|---|
author_namestring | The name of the Facebook user that owns the post. |
author_urlstring | A URL for the author/owner of the post. |
heightint32 | The height in pixels required to display the HTML. |
htmlstring | The HTML used to display the post. |
provider_namestring | Name of the provider (Facebook). |
provider_urlstring | URL of the provider (Facebook). |
typestring | The oEmbed resource type. See https://oembed.com/. |
versionstring | Always 1.0. See https://oembed.com/ |
widthint32 | The width in pixels required to display the HTML. |
Error Codes
| Error | Description |
|---|---|
| 100 | Invalid parameter |
| 200 | Permissions error |
| 190 | Invalid OAuth 2.0 Access Token |
Creating
You can't perform this operation on this endpoint.
Updating
You can't perform this operation on this endpoint.
Deleting
You can't perform this operation on this endpoint.