diff --git a/openedx/core/djangoapps/xblock/rest_api/urls.py b/openedx/core/djangoapps/xblock/rest_api/urls.py
index 2d88b1531f22..7ebcd4d65738 100644
--- a/openedx/core/djangoapps/xblock/rest_api/urls.py
+++ b/openedx/core/djangoapps/xblock/rest_api/urls.py
@@ -2,6 +2,7 @@
 URL configuration for the new XBlock API
 """
 from django.urls import include, path, re_path
+
 from . import views
 
 # Note that the exact same API URLs are used in Studio and the LMS, but the API
@@ -31,6 +32,7 @@
     ])),
     path('xblocks/v2/<str:usage_key_str>/', include([
         # render one of this XBlock's views (e.g. student_view) for embedding in an iframe
+        # NOTE: this endpoint is **unstable** and subject to changes after Sumac
         re_path(r'^embed/(?P<view_name>[\w\-]+)/$', views.embed_block_view),
     ])),
 ]
diff --git a/openedx/core/djangoapps/xblock/rest_api/views.py b/openedx/core/djangoapps/xblock/rest_api/views.py
index c6fc9f42ec1f..9d1bff22cf3d 100644
--- a/openedx/core/djangoapps/xblock/rest_api/views.py
+++ b/openedx/core/djangoapps/xblock/rest_api/views.py
@@ -4,7 +4,6 @@
 import itertools
 import json
 
-from common.djangoapps.util.json_request import JsonResponse
 from corsheaders.signals import check_request_enabled
 from django.conf import settings
 from django.contrib.auth import get_user_model
@@ -14,27 +13,26 @@
 from django.utils.translation import gettext as _
 from django.views.decorators.clickjacking import xframe_options_exempt
 from django.views.decorators.csrf import csrf_exempt
+from opaque_keys import InvalidKeyError
+from opaque_keys.edx.keys import UsageKey
 from rest_framework import permissions
 from rest_framework.decorators import api_view, permission_classes  # lint-amnesty, pylint: disable=unused-import
-from rest_framework.exceptions import PermissionDenied, AuthenticationFailed, NotFound
+from rest_framework.exceptions import AuthenticationFailed, NotFound, PermissionDenied
 from rest_framework.response import Response
 from rest_framework.views import APIView
 from xblock.django.request import DjangoWebobRequest, webob_to_django_response
 from xblock.exceptions import NoSuchUsage
 from xblock.fields import Scope
 
-from opaque_keys import InvalidKeyError
-from opaque_keys.edx.keys import UsageKey
 import openedx.core.djangoapps.site_configuration.helpers as configuration_helpers
+from common.djangoapps.util.json_request import JsonResponse
 from openedx.core.djangoapps.xblock.learning_context.manager import get_learning_context_impl
 from openedx.core.lib.api.view_utils import view_auth_classes
-from ..api import (
-    get_block_metadata,
-    get_block_display_name,
-    get_handler_url as _get_handler_url,
-    load_block,
-    render_block_view as _render_block_view,
-)
+
+from ..api import get_block_display_name, get_block_metadata
+from ..api import get_handler_url as _get_handler_url
+from ..api import load_block
+from ..api import render_block_view as _render_block_view
 from ..utils import validate_secure_token_for_xblock_handler
 
 User = get_user_model()
@@ -99,6 +97,8 @@ def render_block_view(request, usage_key_str, view_name):
 def embed_block_view(request, usage_key_str, view_name):
     """
     Render the given XBlock in an <iframe>
+
+    Unstable - may change after Sumac
     """
     try:
         usage_key = UsageKey.from_string(usage_key_str)