Videos with embed privacy set to “Specific domains," also known as domain-level privacy, will need to take additional steps to use oEmbed for embed code retrieval.
In short, oEmbed requests for domain-level private videos will need to specify the domain in the request header to get the full oEmbed response returned. Requests that lack the whitelisted domain in the request header will be returned a truncated oEmbed response that omits private metadata (such as the video’s name, description, video ownership details, etc.)
Videos that are embeddable (i.e. embed privacy set to “Anywhere” or “Specific domains”) but have viewing privacy set to “password” will only receive a truncated oEmbed response that omits private metadata.
Embeddable videos with viewing privacy set to “Unlisted” must make an oEmbed request with the full unlisted video link to receive the full oEmbed response. Requests that lack the unlisted “hash” value at the end of the unlisted link will receive a 404 response.
An overview of Vimeo video privacy settings can be found at 'Overview of video privacy settings'. Technical documentation for our oEmbed implementation can be found on the Developer Site: Working with oEmbed.