Hello everyone,

I am new to this forum but I just want to clear some things up and maybe my finding is beneficial after all.

So I checked my e-mails and found a peculiar e-mail that is supposedly from Figma. Like the topic states, it is from “support+api@figma.com” and the title reads “Action required: Update to Figma API tokens”. I am pretty sure that this e-mail is malignant, perhaps someone can tell me if the e-mail is legitimate, just to make sure?

The e-mail’s content is the following:

Hi there,

In order to improve the security of Figma’s REST API, we are migrating personal access tokens to use a new format. To ensure any previously created personal access tokens (and the applications that rely on them) continue to work without disruption, you just need to use the tokens listed in your account settings before September 15, 2022 and Figma will automatically migrate them to our new format for you.

(Then there is this button that is supposed to be clicked on)

If you haven’t used these tokens by September 15, 2022, you will need to register new tokens following the instructions in our API documentation.

Thanks,

The Figma Team

I am looking forward to your answers.

Best wishes

Niko