Unfortunately, I am stuck at the second API call.
I am using postman to just access the API before integrating with my code, but I don’t know how to fill out the body.
I think I must be calling the API incorrectly, but this is what I have tried:
POST https://www.figma.com/api/oauth/token?
client_id=[my client ID from the "My Apps" Page]&
client_secret=[the original token I got when I made the new app]&
redirect_uri=https://internalsitename.com/&
code=code&
grant_type=authorization_code
{
"user_id": [My email that I use with figma],
"access_token": [HOW WOULD I KNOW THIS????],
"expires_in": [OR THIS???],
"refresh_token": [OR THIS???]
}
I have also tried without the body, since I was struggling to fill that part in, but no matter what I do, it yields the error:
I suspect the “Parameter client_id is required” is not the true error since I had also seen that in the first GET call, when I messed up something unrelated to the client_id. Does anyone know how to fill in the body of this POST request?
But what code am I supposed to have gotten? I went to the URL where it has the big blue “Allow access” button, and it took me back to my app. Was something else supposed to happen here?
Where would I find the “code” you are mentioning?
Like I see in the documentation that it says
Please check that the state parameter passed back to you is the same as the one originally generated.
But I have not even opened a code editor, how could there be code passed back to me? I checked the console and cookies, but I don’t see anything. And isn’t the state parameter just the word “state”?
After you click allow, you will be redirected to your callback url with these parameters. This way your website will have access to these parameters through processing this request. You can do it either on the server side or client side.
OH IT’S IN THE LITERAL URL; THANK YOU! I never would have even thought to check there.
Ok but I am still confused about what to fill in for the post request?
So now I have changed it be:
POST https://www.figma.com/api/oauth/token?
client_id=[my client ID from the "My Apps" Page]&
client_secret=[the original token I got when I made the new app]&
redirect_uri=https://internalsitename.com/&
code=[thing that code was equal to in the callback URL]&
grant_type=authorization_code
{
"user_id": [My email that I use with figma],
"access_token": [HOW WOULD I KNOW THIS????],
"expires_in": [OR THIS???],
"refresh_token": [OR THIS???]
}
But what do I put in the body of the request? Where is that information? Is there a secret GET request to get that information ahead of this step?
I have tried running the POST request without a body at all, but I am still getting the same “Parameter client_id is required” error.
I also notice the documentation says
and code must match the authentication code provided to your callback
For the definition of the redirect_url, so I tried putting in the callback URL to that argument, but it made no difference.
