I have developed a token-based authentication system. Utilizing a REST API, I’ve implemented PHP code to execute operations based on a file ID. When the code is executed, it returns data indicating the role of the requester in the project file. If someone other than the owner runs the code, it provides information about their role in the project file, correct? but its giving his role also the owner, is this because of i created the token?
Hey there,
Thanks for reaching out. I’ve checked with our internal team.
If you created a personal access token, that means that any API call made using that token is made on behalf of the user owning the token. So if someone else runs the code using the same token, then Figma will interpret that API call as coming from the user owning the token. If you want Figma to authenticate each person who runs the code, then you’ll need to register an OAuth app that implements OAuth authentication:
https://www.figma.com/developers/api#authentication
I hope it helps.
Thanks,
Toku
Hello @y_toku and support team,
We want to integrate Figma with AEM by using the Figma REST API to pull node files and create content in AEM. We are considering the OAuth App approach for Figma OAuth2, which requires user authentication and a code to generate an access token each time. Does Figma support app-to-app authentication?