Figma Personal Access Token

Description

General

• Documentation: https://www.figma.com/developers/api

• Summary: Figma allows designers to create and prototype their digital experiences - together in real-time and in one place - helping them turn their ideas and visions into products, faster. This detector finds personal access tokens that allow access to files, images, versions, users, comments and projects through an HTTP API.

• IPs allowlist: This feature is not available

• Scopes: This feature is not available

Revoke the secret

See Revoke a Personal Access Token

Check for suspicious activity

The Settings page shows the most recent use date for every token.

Details for Figma personal access token

• Family: Api

• Category: Collaboration tool

• Company: Figma

• High recall: True

• Validity check available: True

• On-premise instances exist: False

• Only valid secrets raise an alert: False

• Minimum number of matches: 1

• Occurrences found for one million commits: 2.03

• Prefixed: True

• PreValidators:

- type: ContentWhitelistPreValidator
  patterns:
    - figd_

Examples

- text: figd_bD5AlaMmufIHBKTRDZQAiOZme_vCLrrtsvBNlBkz
  apikey: figd_bD5AlaMmufIHBKTRDZQAiOZme_vCLrrtsvBNlBkz

# Fat-fingered secret
- text: Xfigd_bD5AlaMmufIHBKTRDZQAiOZme_vCLrrtsvBNlBkz
  apikey: figd_bD5AlaMmufIHBKTRDZQAiOZme_vCLrrtsvBNlBkz