get https://www.virustotal.com/ui/widget/html/
This endpoint returns the actual HTML content of the widget report for a given observable. It is a URL that will have been previously returned by a call to the /widget/url endpoint. It does not require authentication but it is only valid for three days. This endpoint will be typically called from your application's front-end/client-side, as a result of embedding it in an iframe.
Example HTML response visualized in a browser.
You might find the VT Augment client library helpful when building the flow to display the widget in your own product. Its usage is not mandatory, a couple of lines of JavaScript will also do the job.