Authentication
All OpenGraph.io API requests require authentication using your App ID. Learn how to get your key and keep it secure.
Getting Your App ID
- Sign up at dashboard.opengraph.io
- Navigate to your dashboard after logging in
- Copy your App ID from the dashboard
Free accounts include 100 API credits per month—enough to test and build small projects.
Using Your App ID
Pass your App ID as the app_id query parameter on every request:
curl "https://opengraph.io/api/1.1/site/https%3A%2F%2Fgithub.com?app_id=YOUR_APP_ID"const appId = process.env.OPENGRAPH_APP_ID;
const url = encodeURIComponent('https://github.com');
const response = await fetch(
`https://opengraph.io/api/1.1/site/${url}?app_id=${appId}`
);Security Best Practices
Never expose your App ID in client-side code. Anyone with your App ID can make requests that count against your quota.
Server-Side Applications
Store your App ID in environment variables:
OPENGRAPH_APP_ID=your_app_id_hereFrontend Applications
Create a backend proxy to make OpenGraph.io requests on behalf of your frontend. Never include the App ID in JavaScript that runs in the browser.
// pages/api/unfurl.ts
export default async function handler(req, res) {
const { url } = req.query;
const appId = process.env.OPENGRAPH_APP_ID;
const response = await fetch(
`https://opengraph.io/api/1.1/site/${encodeURIComponent(url)}?app_id=${appId}`
);
const data = await response.json();
res.json(data);
}MCP Integration
When using MCP, your App ID is stored in your local config file and never sent to the AI model. This is secure by design.
Rotating Your App ID
If you believe your App ID has been compromised:
- Log into the dashboard
- Generate a new App ID
- Delete the old App ID
- Update your applications with the new ID
- The old ID will be invalidated
Tip: Set up monitoring in the dashboard to track unusual usage patterns that might indicate a compromised key.