Hi Guys ,
We are building a plugin for Figma. In that, we are giving a subscription feature which is from Gumroad. Once a user subscribes successfully the user will get the license key in the mail or any other way.
Now, we are verifying the license key to activate by the Gumroad API. If the response status is 200 then we can go ahead. Now, I have the following concerns.
-
Once the license key is entered first time how can I know if the user has activated the license key already when the user loads the plugin again?
-
Is there any way to store that kay if valid in Figma? and if there then how can I get that stored key when loading a plugin at the front side to make it verify on load?
-
Do we need to do it user vise? If there is a way to store the key in Figma then that stored key can get at anywhere in Figma like web and desktop Figma, etc.
-
And that stored key store only up to file level or whole Figma like any Figma file and how long it would be stored in Figma?
Any help would be appreciated here. It is so important.
Thanks
Hey there!
- Once the license key is entered first time how can I know if the user has activated the license key already when the user loads the plugin again?
What exactly do you mean by “activated the license key already”? If your concern is “not to ask the user for the license twice”, you can store it using the the clientStorage API to store it locally. If not, check the monetization functions of create-figma-plugin npm package.
- Is there any way to store that kay if valid in Figma? and if there then how can I get that stored key when loading a plugin at the front side to make it verify on load?
Ohhh… I guess that was your concern 
The answer is also to use clientStorage
- Do we need to do it user vise? If there is a way to store the key in Figma then that stored key can get at anywhere in Figma like web and desktop Figma, etc.
The API I mentioned is tied to the client (desktop, chrome, safari). The user will have to re-authenticate on each one.
The only way I can think of to prevent that is to have a server that stores the Figma User’s id and whether they have a valid license or not. Every time a user opens your plugin, you check with your server if their license is valid
- And that stored key store only up to file level or whole Figma like any Figma file and how long it would be stored in Figma?
From the docs I linked above…
“The figma.clientStorage API allows you to store data on the user’s local machine. Unlike data stored with the document (such as setPluginData), this data is not synchronized across users. It’s similar to the Window.localStorage API, but is asynchronous, and allows storing objects, arrays, strings, numbers, booleans, null, undefined and Uint8Array.”
@Saulo_Vallory
Thank you for your reply,
Client storage is common for desktop apps and web Figma. Like if the user activates a key in the Figma desktop app then the stored key in the client storage will be accessible to Figma web as well?
If the User log-out the session or changes the machine Or browser then he needs to re-activate the key.
What do you suggest here? What should be the best solution here to store the data in a separate server database?
Another question is If the user logged in from another machine or browser by the same account then the User ID of Figma would remain same?
For ex. the user login with the email abc@gmail.com in the desktop app and then he/she would log in on Figma web with the same email account then the user id of Figma for that user will change or same?
The “client” in clientStorage does not refer to the Figma client, but the web client, in other words, the software accessing the web.
So, for each program where the user accesses Figma, they will have to authenticate to your plugin. Think of it this way… Would it make sense if you logged in to Figma in Chrome and that automatically logged you in on the desktop app you installed but never opened? Or on Safari browser?
I recommend you leave it that way as it is more secure. Unless you implement a lot of checks based on the Figma user’s id on Figma and a license server. That honestly is too long of an explanation for me to write here.
If you want to pursue that I recommend you start by studying authentication processes, JWT, OAuth, and basic cryptographic security measures.
Good luck!