Security considerations when deploying plugin

Hi guys, I’m trying to publicly distribute a plug-in I’ve developed with my friends, and I’ve had some questions. If you know what to consider when publicly distributing a plug-in, or where to find a guide for deploying it, please advise.

Security considerations when deploying plug-ins:
Can you please let me know if there are any security issues or things that need attention when deploying the plug-in publicly? Our service flow is as follows.

  1. OAuth2.0 login issues tokens and stores client storage
  2. It receives the project url from the user and extracts the fileKey.
  3. Request a subtree for the user’s version information, version with fileKey and token
  4. The subtree difference between the versions selected by the user is internally analyzed and logic is performed.
  5. Rendering the highlighted rectangle in the node area where changes were detected from earlier versions
  6. Display changes text in the plug-in UI when you click rectangle

Plug-in deployment guide and time required:
Where can I find a guide for plug-in deployment?
Please recommend distribution-related materials or documents provided by Figma.

Can you please let me know how long it usually takes to publicly deploy the plug-in?
I wonder how much it would cost if it does! Thank you! Any information would be very helpful.

from south korea

Looks fine.

You go to Figma Community in the Desktop App, click large blue Publish button at the top right, then find the plugin you want to publish and click Publish. Enter all the details and you are done.


Publishing takes a couple of days when you publish first time as the plugin is reviewed by the Figma team. After that when your plugin is already public you can publish updates instantly.

1 Like

thanx :slight_smile:
have a nice day!

I didn’t expect such a quick answer, and I was surprised by the quick answer even I asked in English for the first time.

Thank you for the kind response even during the weekend. Have a great weekend, Greg!

1 Like