We are successful in accessing the figma remote MCP exposed at "https://mcp.figma.com/mcp" via OAuth based access via browser SSO login. We are exploring ways to automate figma MCP access in a headless mode so would like to understand passing PAT token for remote MCP authentication. We tried passing PAT in Auth headers and X-Figma-Token header but get unauthorized for remote MCP at this endpoint "https://mcp.figma.com/mcp". We are able to use the dev mode and local MCP with the figma desktop app as explained above we need to access these tools in a headless mode and would understand if there are any settings that needs to be enabled at the admin level to support PAT for remote MCP auth.
❯ curl --location 'https://mcp.figma.com/mcp' \
--header 'Content-Type: application/json' \
--header 'X-Figma-Token: figd_xxxx' \
--header 'Accept: application/json' \
--data '{
"jsonrpc": "2.0",
"method": "tools/list",
"params": {},
"id": "1"
}'
Unauthorized
❯ curl --location 'https://mcp.figma.com/mcp' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer figd_xxxx' \
--header 'Accept: application/json' \
--data '{
"jsonrpc": "2.0",
"method": "tools/list",
"params": {},
"id": "1"
}'
Unauthorized
