Any updates/restriction for access_token?

REST API
1

I’m currently developing a web application, and I’m setting up the web to communicate through REST API once Figma is connected, storing the access token in each user’s database.

Recently, the usage period of the access token has become very short(Like 5 minutes), so the role of the access token integrated through our app with Figma has become almost meaningless.

It was written that the default access token validity period is 90 days on your document, and until recently, I could use the REST API for a long time with the access token stored in the database. Is there any update regarding access token?

My same please access token :

GET FIGMA TOKEN {
...
  iat: 1714080594,
  exp: 1716672594,
...
}

1716672594 which means exp date can be converted to Saturday, May 25, 2024 5:29:54 PM GMT-04:00 DST

But I got this 403 message : {"status":403,"err":"Invalid token"}

The test API events are

  • POST COMMENT
  • GET COMMENT

Those events seems work as soon as the token is generated but it doesn’t work with access token after 5 mins. Especially, regarding GET comment event, it worked partially which means the comments generated after 5 mins since the access token was generated are not retrieved with the API calling. Please take a look at it

2

@Mijin_Kim, Have you heard anything on this? I have now tried five tokens, and all are coming back 403 invalid.

3

Hi, I have contacted the Figma team about this issue, but I haven’t followed up with them as I got busy. However, after raising the issue, it seems that the usage period of the Figma token has returned to normal. But, some endpoints still return a 403 error, just like you experienced.

The endpoints I tested are:

  • POST COMMENT
  • GET COMMENT

For the POST COMMENT endpoint, it was returning a 403 error for about a day after issuing the token (when I posted this forum), but now an older key is working again. However, I’m still testing, so I need to confirm this.

For the GET COMMENT endpoint, I plan to test it this weekend.

Could you please explain the endpoint or feature you are working on? If it’s okay with you, I can include you in the support ticket by cc-ing you. Please send me your email address in a message.