Figma Personal Access Token

Description

General

• Documentation: https://www.figma.com/developers/api
• Summary: Figma allows designers to create and prototype their digital experiences - together in real-time and in one place - helping them turn their ideas and visions into products, faster. This detector finds personal access tokens that allow access to files, images, versions, users, comments and projects through an HTTP API.

Revoke the secret

See Revoke a Personal Access Token

Details for Figma Personal Access Token

• Family: token

• Category: collaboration_tool

• Company: Figma

• High recall: True

• Validity check available: True

• Analyzer available: True

• Revoker available: False

• On-premise instances exist: False

• Only valid secrets raise an alert: False

• Occurrences found for one million commits: 2.03

• Prefixed: True

Secret Analyzer

Analysis Method

• Provider allows scopes enumeration: False
• Total network call count: 15
• Total call count may vary: False

HTTP Calls

Requests are designed to capture metadata and not to function effectively.

• DELETE: https://api.figma.com/v1/files/\*/comments/\*
• DELETE: https://api.figma.com/v1/files/\*/dev_resources/\*
• DELETE: https://api.figma.com/v2/webhooks/\*
• GET: https://api.figma.com/v1/components/\*
• GET: https://api.figma.com/v1/files/\*/comments
• GET: https://api.figma.com/v1/files/\*/components
• GET: https://api.figma.com/v1/files/\*/dev_resources
• GET: https://api.figma.com/v1/files/\*/images
• GET: https://api.figma.com/v1/files/\*/nodes
• GET: https://api.figma.com/v1/files/\*/versions
• GET: https://api.figma.com/v1/me
• GET: https://api.figma.com/v1/teams/\*/components
• GET: https://api.figma.com/v1/teams/\*/projects
• GET: https://api.figma.com/v2/webhooks/\*

Other Calls

Non-HTTP queries or HTTP calls made through a third-party app (e.g., Python package). No other calls for this analyzer.