Hi Guys ,
We are building a plugin for Figma. In that, we are giving a subscription feature which is from Gumroad. Once a user subscribes successfully the user will get the license key in the mail or any other way.
Now, we are verifying the license key to activate by the Gumroad API. If the response status is 200 then we can go ahead. Now, I have the following concerns.
Once the license key is entered first time how can I know if the user has activated the license key already when the user loads the plugin again?
Is there any way to store that kay if valid in Figma? and if there then how can I get that stored key when loading a plugin at the front side to make it verify on load?
Do we need to do it user vise? If there is a way to store the key in Figma then that stored key can get at anywhere in Figma like web and desktop Figma, etc.
And that stored key store only up to file level or whole Figma like any Figma file and how long it would be stored in Figma?
Any help would be appreciated here. It is so important.
- Once the license key is entered first time how can I know if the user has activated the license key already when the user loads the plugin again?
What exactly do you mean by “activated the license key already”? If your concern is “not to ask the user for the license twice”, you can store it using the the
clientStorage API to store it locally. If not, check the monetization functions of
create-figma-plugin npm package.
- Is there any way to store that kay if valid in Figma? and if there then how can I get that stored key when loading a plugin at the front side to make it verify on load?
Ohhh… I guess that was your concern The answer is also to use
- Do we need to do it user vise? If there is a way to store the key in Figma then that stored key can get at anywhere in Figma like web and desktop Figma, etc.
The API I mentioned is tied to the client (desktop, chrome, safari). The user will have to re-authenticate on each one.
The only way I can think of to prevent that is to have a server that stores the Figma
User’s id and whether they have a valid license or not. Every time a user opens your plugin, you check with your server if their license is valid
- And that stored key store only up to file level or whole Figma like any Figma file and how long it would be stored in Figma?
From the docs I linked above…
figma.clientStorage API allows you to store data on the user’s local machine. Unlike data stored with the document (such as
setPluginData), this data is not synchronized across users. It’s similar to the Window.localStorage API, but is asynchronous, and allows storing objects, arrays, strings, numbers, booleans, null, undefined and
Thank you for your reply,
Client storage is common for desktop apps and web Figma. Like if the user activates a key in the Figma desktop app then the stored key in the client storage will be accessible to Figma web as well?
If the User log-out the session or changes the machine Or browser then he needs to re-activate the key.
What do you suggest here? What should be the best solution here to store the data in a separate server database?
Another question is If the user logged in from another machine or browser by the same account then the User ID of Figma would remain same?
For ex. the user login with the email email@example.com in the desktop app and then he/she would log in on Figma web with the same email account then the user id of Figma for that user will change or same?
The “client” in
clientStorage does not refer to the Figma client, but the web client, in other words, the software accessing the web.
So, for each program where the user accesses Figma, they will have to authenticate to your plugin. Think of it this way… Would it make sense if you logged in to Figma in Chrome and that automatically logged you in on the desktop app you installed but never opened? Or on Safari browser?
I recommend you leave it that way as it is more secure. Unless you implement a lot of checks based on the Figma user’s id on Figma and a license server. That honestly is too long of an explanation for me to write here.
If you want to pursue that I recommend you start by studying authentication processes, JWT, OAuth, and basic cryptographic security measures.