About rest api token

I have developed a token-based authentication system. Utilizing a REST API, I’ve implemented PHP code to execute operations based on a file ID. When the code is executed, it returns data indicating the role of the requester in the project file. If someone other than the owner runs the code, it provides information about their role in the project file, correct? but its giving his role also the owner, is this because of i created the token?

Hey there,

Thanks for reaching out. I’ve checked with our internal team.

If you created a personal access token, that means that any API call made using that token is made on behalf of the user owning the token. So if someone else runs the code using the same token, then Figma will interpret that API call as coming from the user owning the token. If you want Figma to authenticate each person who runs the code, then you’ll need to register an OAuth app that implements OAuth authentication:
https://www.figma.com/developers/api#authentication

I hope it helps.

Thanks,
Toku