Hi everyone,
I am building an integration using the Figma REST API. I have a scenario where I need to fetch data (GET /v1/files/:key) from a file that has Password Protection enabled (Shared via "Anyone with the link + Password").
Currently, when my script attempts to access these files using a valid X-Figma-Token, I receive a 403 Forbidden error.
I have looked through the REST API documentation but cannot find a parameter or header to pass the file password.
I noticed that when accessing via the browser, the client makes a request to an internal endpoint (https://www.figma.com/api/files/:key/check_password) which sets a session cookie. However, since the REST API relies on stateless tokens rather than cookies, this internal method doesn't seem compatible with standard API automation.
My Questions:
-
Is there an undocumented header (e.g.,
X-Figma-Password) or query parameter supported by the public v1 API to access password-protected files? -
If not, is the only supported workaround to explicitly invite the email address associated with my Personal Access Token to the file?
Any guidance on handling this auth flow programmatically would be appreciated.