Hey ​@Rajath Kumar M - I checked in with our team that works on extensibility on this. Do you own the API that you’re using?

Figma plugins use null origin iframes, which is blocked by the ChatID API. In the case you don’t own the API, try hosting your own site and navigating the plugin to it to make the requests: https://www.figma.com/plugin-docs/creating-ui/#non-null-origin-iframes.

Let me know if that doesn’t align with your issue ( ex: you do own the API in question). I can check again to see what other guidance may be helpful.

Thank you ​@ksn for your response.
We do not own API, and it’s a known thing that no server/api should support incoming request with Origin ‘null’. So we urgently need your support to close the issue, currently it is impacting our client delivery.

Appreciate your quick response to resolve this issue.

Hello ​@ksn , 
We tried hosting our plugin UI as a separate static webpage which performs fetch and uses postMessage to send data back to the plugin.
Now the ui.html is still being loaded inside the Figma plugin iframe even though it is externally hosted. That iframe always is isolated and has: Origin: null, CORS-restricted fetch() environment.
Hence to conclude:
1. When we run the ui from the hosted static server the origin is that static server url itself which is correct
2. But figma desktop app does not allow the origin to be set to something other than null. Even when we load the plugin UI from an external hosted static server via figma.showUI().

Please let us know how to proceed further on this issue.
​

Hey ​@Natasha Joshi - from what I understand from engineering, you’ll need to add your domain to  networkAccess.allowedDomains in your  manifest.json 

See here for more guidance and details: https://www.figma.com/plugin-docs/manifest/#networkaccess