Skip to main content
Question

Extended/No Expiration Personal access tokens


shijia.me
  • before 🤗

Previously, you could generate a [no expire] token

  • now 😔

If users rely on tokens to access the figma open api, forgetting to replace expired tokens can cause serious problems.

The expiration date of the limited period will cause the figma token to no longer have usage value.

 

6 replies

djv
Figmate
  • Community Support
  • 4825 replies
  • May 22, 2025

Hi ​@shijia.me, thanks for reaching out! 

Our team is investing in security improvements to our API, so as a first step, we decided to remove the ability to create non-expiring personal access tokens.


shijia.me
  • Author
  • New Participant
  • 15 replies
  • May 27, 2025
djv wrote:

Hi ​@shijia.me, thanks for reaching out! 

Our team is investing in security improvements to our API, so as a first step, we decided to remove the ability to create non-expiring personal access tokens.


Thanks for your reply.

Please provide alternatives instead of removing this feature.


Dave Rivera

Hi ​@djv!
Thank you for elaborating on the situation.

Could it be possible to have a more extended option? For example, 6 months? The maintenance of updating pipelines and machines every 3 months (90 days) is too high for us. So a longer extended period for us would be great, but ideally a non-expired / yearly period would be a better option


djv
Figmate
  • Community Support
  • 4825 replies
  • June 5, 2025

Hey All, thanks for the additional feedback! 

We’ve updated this topic into a feature request, and we’ve passed this along to the team for future consideration.

While this isn’t on the team’s immediate pipeline, they will be monitoring this topic to collect feedback from the community. 


Robert Willemelis

I value the limitation for security purposes — but:

As I already mentioned on X, I’d really appreciate it if this limitation could be extended or removed for read-only tokens.

Idea 1:
Adjust the restriction based on the file’s visibility status — e.g. whether it’s private, public, or something in between. Introducing a third state like “confidential” or “sensitive” could help better reflect the security context.

Idea 2:
Figma could implement an AI-based check to determine whether a token might pose a security risk, depending on its scope or the sensitivity of the data it grants access to.

Idea 3:
Log the usage of the token and allow users to monitor it — for example, by seeing which hosts or users are making requests. Similar to "known device" features on other platforms, users could then confirm, “yes, that’s me.”

Idea 3a:
Allow passing a label or tag as a second argument when registering the token, to help track its usage more easily.


djv
Figmate
  • Community Support
  • 4825 replies
  • June 19, 2025

Thanks for your feedback, ​@Robert Willemelis

I’ll pass this onto our team for their consideration. 


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings