When I access a frame via GET image API I receive a download link like https://figma-alpha-api.s3.us-west-2.amazonaws.com/images/c2a7b935-… .
The Problem is that this URL is public and can be accessed by anyone who knows the url, which is not suitable for confidential files.
- Is there any option to enable security / restricted file access ?
- I also tried to write a plugin however the Plugin api seems not to be suitebal for large amounts of Files as used within a CI / CD pipeline.
Are there plans to enhance security in the future ?
@JochenLeinberger_ESD can you provide more details on what you’re looking to achieve? We’ve touched base with the teams that work on the API, and it would be helpful to have more context + specific example scenarios you’d like to address.
@ksn thnx for your support!
I am working on a system to export assets into our production system as part of our CI/CD pipeline. The assets (images / icons etc.) are confidential and should not be accessibal for anyone without permission. The process looks like that:
- Get a list of all Frames on a Board using the GET File API. This Endpoint is secured via the Figma Access token.
- Export all Frames to images using the GET image endpoint. While this Endpoint is secured the response JSON contains the actual download link to the file. i.e.
While all API Endpoints are secured the download link to the File found in the response JSON itself is unsecured. This is the actual problem.
The reason is everyone who might get to know the image url has access to the confidential assets, which does not comply with my company guidelines to handle confidential data. Therefore I can’t make use of the Get File Image API as of today.
A simple solution would be to restrict downloading the file for authenticated users only. I.e. by requesting the Figma authentication Token as for the other Endpoints, or by a similar mechanism.