Skip to main content
Question

REST API: How can I access a "Password Protected" file using a Figma API by passing Password?

  • December 26, 2025
  • 3 replies
  • 94 views
Shivprasad Roul

Hi everyone,

I am building an integration using the Figma REST API. I have a scenario where I need to fetch data (GET /v1/files/:key) from a file that has Password Protection enabled (Shared via "Anyone with the link + Password").

Currently, when my script attempts to access these files using a valid X-Figma-Token, I receive a 403 Forbidden error.

I have looked through the REST API documentation but cannot find a parameter or header to pass the file password.

I noticed that when accessing via the browser, the client makes a request to an internal endpoint (https://www.figma.com/api/files/:key/check_password) which sets a session cookie. However, since the REST API relies on stateless tokens rather than cookies, this internal method doesn't seem compatible with standard API automation.

My Questions:

  1. Is there an undocumented header (e.g., X-Figma-Password) or query parameter supported by the public v1 API to access password-protected files?

  2. If not, is the only supported workaround to explicitly invite the email address associated with my Personal Access Token to the file?

Any guidance on handling this auth flow programmatically would be appreciated.

3 replies

writvan
  • writvan
  • New Member
  • April 14, 2026

Hi everyone,

I am building an integration using the Figma REST API. I have a scenario where I need to fetch data (GET /v1/files/:key) from a file that has Password Protection enabled (Shared via "Anyone with the link + Password").

Currently, when my script attempts to access these files using a valid X-Figma-Token, I receive a 403 Forbidden error.

I have looked through the REST API documentation but cannot find a parameter or header to pass the file password.

I noticed that when accessing via the browser, the client makes a request to an internal endpoint (https://www.figma.com/api/files/:key/check_password) which sets a session cookie. However, since the REST API relies on stateless tokens rather than cookies, this internal method doesn't seem compatible with standard API automation.

My Questions:

  1. Is there an undocumented header (e.g., X-Figma-Password) or query parameter supported by the public v1 API to access password-protected files?

  2. If not, is the only supported workaround to explicitly invite the email address associated with my Personal Access Token to the file?

Any guidance on handling this auth flow programmatically would be appreciated.

any updates on this we are experiencing the same issue here as well 

 

AskDave
Figmate
  • AskDave
  • Figmate
  • April 14, 2026

Hi Shivprasad,

 

Dave here from Figma’s community support team 🙂

 

Really appreciate you digging into this and sharing the detail, super helpful. Right now, password-protected files can’t be accessed via the public REST API. There isn’t a way to pass the password in a header or query param. That password flow you found is part of the browser experience, where a session cookie gets set after the check, and it doesn’t carry over to the API since it uses token-based auth.

To access the file via the API, the user tied to your Personal Access Token needs to have direct permission. The best way to handle this is to invite that user to the file or make sure they already have access through the project or team.

 

More info here:
https://help.figma.com/hc/en-us/articles/5726720100247-Add-password-protection-to-files-and-prototypes

 

writvan
  • writvan
  • New Member
  • April 14, 2026

Hi Shivprasad,

 

Dave here from Figma’s community support team 🙂

 

Really appreciate you digging into this and sharing the detail, super helpful. Right now, password-protected files can’t be accessed via the public REST API. There isn’t a way to pass the password in a header or query param. That password flow you found is part of the browser experience, where a session cookie gets set after the check, and it doesn’t carry over to the API since it uses token-based auth.

To access the file via the API, the user tied to your Personal Access Token needs to have direct permission. The best way to handle this is to invite that user to the file or make sure they already have access through the project or team.

 

More info here:
https://help.figma.com/hc/en-us/articles/5726720100247-Add-password-protection-to-files-and-prototypes

 

could you add this as a feature request ?

Terms & ConditionsCookie settingsAccessibility statement