Securing XHR requests from Figma plugins

Thanks for the great platform to build on! Would it be possible for the developers to add in some extra security for XHR requests originating from Figma plugins?

Specifically, I’d like a way to verify that XHR requests (eg. searching our API) is legit coming from a Figma plugin. Whether that’s intercepting requests and sending along headers, or else being able to pass along Figma data from the figma client side API that I can then verify via a server side requests.

Would love some guidance on this :slight_smile: