Ok, please first read this text visible on the widgets page:
If you want your widgets to be viewable by everybody, you first have to set the ‘view’ permissions to the anonymous user in the Users Management section.
Alternatively, if you are publishing widgets on a password protected or private page, you don’t necessarily have to allow ‘anonymous’ to view your reports. In this case, you can add the secret token_auth parameter (found in the API page) in the widget URL.
First option: Setting view permission for anonymous user is a good and easy choice if have not websites that should not be public viewable. Just go to System -> Users and set the role for the anonymous user to view.
Second option: Use this option if you do not want everybody to be able to see all you sites in Matomo. First create a new user, name it like websitename_view and choose the website you want to widgetize as his first website. Than login as this user and go to Personal -> Settings and copy the API key you find there. This API key can than be added to the widget URL
&token_auth=yourapikey. Afterwards the widget will work without authentication and if someone steals the API key he can not break you site.