Put Bitculator's live crypto tools straight onto your own site with a single <iframe> — a real-time price chart, a converter, a marketcap flipper, and six calculators. No SDK, no build step.
9 widgetsEmbed key + domainAnonymous mode
Every widget is a self-contained page under /{locale}/embed/… that you drop into your site with an <iframe>. It renders Bitculator's live market data — the same feed the app uses — and needs no JavaScript on your side.
Add your embed key as a query parameter and register the domain you'll embed on (both in your developer console). Keyless embeds also work in anonymous mode — handy for a quick test — but are limited per visitor IP. Every widget honours the {locale} in the URL and follows the theme cookie (or ?theme=dark).
Content-Security-Policy
Serving a Content-Security-Policy on your site? Add https://bitculator.com to your frame-src (and child-src for older browsers) so the widget can load. Nothing to change on our side — Bitculator already allows embedding on any domain.
An embed key is a token with the api ability, minted in your developer console. Unlike Data API keys, it rides in the iframe URL as a query parameter — never a header — so it is public by design. It carries the api ability only; the Bearer-only data-api keys are rejected here so they can't leak into referers or logs.
Pass it as ?embed_key=… (or the alias ?api_key=…). A keyed request must also come from an allow-listed domain (see below). If you're logged into Bitculator in the same browser, the key check is skipped for your own session.
Domains
A keyed embed only renders on domains you've registered. Bitculator reads the embedding page's Referer (falling back to Origin), normalises it (lower-cased, www. and any trailing dot removed) and matches it exactly against your allow-list. An unregistered or unreadable host returns 403.
Manage domains in your developer console; each plan allows a set number (below). Because Referer/Origin is set by the visitor's browser and can be spoofed, the allow-list is a guard against casual key reuse, not cryptographic proof — treat the key as public either way. Anonymous (keyless) embeds are not domain-gated; they're limited per IP instead.
Quota & limits
Embeds draw from a monthly pool that is entirely separate from the Data API — its own plan, its own counter. Anonymous loads count per visitor IP (1,000/month); keyed loads count against your plan's monthly limit. Free plans reset on the calendar month; paid plans reset on your billing day.
*Embed responses carry no `X-Quota-headers** — deliberately, so quota numbers never leak into your visitors' pages. Watch your usage in the [developer console](/user/developer/api) instead. (TheX-Quota-*` headers you may have seen are on the Data API only.)
Over the limit
When a widget is over quota it returns 429. In a browser iframe that's a small styled "usage limit reached" page (so your layout doesn't break); a JSON caller gets {"message", "limit", "used"}. Add a key, or upgrade your plan, for more.
Plans
Embed plans are separate from your Data API plan. Every account starts on Free; keyless visitors get the anonymous tier.
Plan
Loads / month
Domains
Keys
Free
10,000
1
2
Starter
50,000
3
5
Pro
500,000
10
10
Anonymous
1,000 per IP
—
—
Anonymous is the keyless tier — no domains or keys, limited per visitor IP. Upgrade in the developer console.
Widgets
Nine drop-in widgets. Copy a snippet, swap in your key, register your domain — done. Path segments (like a coin slug) resolve by the asset's slug and must be an active market; every widget also accepts the shared query parameters below.
GET
Currency converter
/{locale}/embed/converter/bitcoin/usd
Convert an amount between any two crypto or fiat assets at live market rates, with an optional comparison table.