Solved

Org API for SaaS Security

Forum|Forum|21 days ago
April 20, 2026
7 replies
78 views

Yaniv Blum
New Member

We raised it in the past:

Hi,

We are integrating with Figma as part of our SSPM solution and need access to an API for organization settings and accounts, similar to the one used by the UI. Unfortunately, I couldn’t find documentation for this API. Is it possible to use a PAT (Personal Access Token) of an admin for this purpose? If not, do you have any plans to support this functionality?

Thanks!

Can you please give us some sort of roadmap for it?

Best answer by adamsmasher

Hey @Yaniv Blum! Great question and thanks for bringing it up again!

While it’s not possible to use a Personal Access Token for this, we now have Plan Access Tokens that org admins can create and manage via http://figma.com/developers/tokens. You’ll need to be on the Organization plan or higher to create one, and org-level API endpoints are for Enterprise plan:

GET /v1/activity_logs (scope org:activity_log_read) - Enterprise
POST /v1/developer_logs (scope org:developer_log_read) - Enterprise + Governance add-on
GET /v1/discovery (scope org:discovery_read) - Enterprise (eDiscovery export)

We don’t currently have public REST API for org users, roles, or org settings. Let me know if you have any questions!

adamsmasher
Figmate
Answer
Forum|Forum|16 days ago
April 25, 2026

Hey @Yaniv Blum! Great question and thanks for bringing it up again!

GET /v1/activity_logs (scope org:activity_log_read) - Enterprise
POST /v1/developer_logs (scope org:developer_log_read) - Enterprise + Governance add-on
GET /v1/discovery (scope org:discovery_read) - Enterprise (eDiscovery export)

We don’t currently have public REST API for org users, roles, or org settings. Let me know if you have any questions!

Yaniv Blum
Author
New Member
Forum|Forum|15 days ago
April 26, 2026

@adamsmasher Thanks for your response!

Do you have APIs that are available for customers?

We are also a customer of yours and we’d love to explore more APIs and options to support our use case

djv
Community Support
Forum|Forum|13 days ago
April 28, 2026

Hi @Yaniv Blum, thanks for following up!

Figma provides Plugin API, Widget API, and REST API for users in the Figma Community. Here’s a quick API overview:

The Plugin API enables you to create interactive experiences that extend what Figma can do. For example, you can use plugins to:

Generate content or ideas with AI
Bring outside content like stock photos into Figma
Insert context from other tools, like your project tracker, into Figma

The Widget API enables you to create custom interactive on-canvas nodes with rich user interfaces that can be applied to the Figma or FigJam canvas. For example, you can use widgets to:

Show an alignment scale where all the viewers of a file can vote on how aligned they feel
Stamp the canvas with emojis or custom stickers
Show a snippet of information, like the details of a ticket or work item, from a project tracker

The REST API enables you to access your Figma files from your own script, tool, or app. You can use the REST API to:

Automate syncing your Figma libraries to and from your codebase
Write a custom automation script or app
Bring the best of Figma into your own apps and experiences as one of our integration partners

You can also explore a full comparison and example scenarios in our Compare the Figma APIs resource here.

Yaniv Blum
Author
New Member
Forum|Forum|13 days ago
April 28, 2026

Do you have any plans to add public REST API for org users, roles, or org settings on the near-time roadmap?

djv
Community Support
Forum|Forum|12 days ago
April 28, 2026

Hi @Yaniv Blum,

Right now, the team does not have plans to add public REST API for org users, roles, or org settings on their roadmap. But the team would love to know more! What fields are must haves, and what is your specific use case for this?

With these details, they can better discuss and prioritize this as a possibility for the future.

Yaniv Blum
Author
New Member
Forum|Forum|12 days ago
April 29, 2026

Hi @djv

Thanks for the response! Happy to share more context on our use case.

We're building a **SaaS Security Posture Management (SSPM)** integration with Figma. SSPM platforms connect to a company's SaaS tools to monitor who has access, what permissions they have, and whether security best practices are being followed — helping security teams detect risks like stale accounts, overprivileged users, or misconfigured settings.

For a Figma integration, here's what we'd need:

**Org Users / Members**
- User ID and email address
- Display name
- Role in the org (e.g., viewer, editor, admin)
- Account status (active, deactivated)
- Last login / last active timestamp
- MFA / 2FA enabled status

**Teams & Groups**
- Team/group ID and name
- Member list per team (user ID + role within team)

**Org Security Settings**
- SSO configuration and enforcement status
- MFA policy (enforced vs. optional)
- Domain verification

The core value: security teams want a single pane of glass to see *who* has access to Figma across their entire org, catch accounts that should have been deprovisioned, and ensure security controls like SSO and MFA are properly enforced.

Happy to jump on a call with the team if it helps prioritize — this is a commonly requested integration from our enterprise customers. Thanks!

djv
Community Support
Forum|Forum|12 days ago
April 29, 2026

Thanks, @Yaniv Blum!

I’ll pass this onto the team, so they can better understand your specific use case. Hopefully it will help them potentially get it on their roadmap for the future! 🤞🏽

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded