Skip to main content
Question

How to identify my own plugin via API calls?

  • February 19, 2023
  • 1 reply
  • 627 views
Francesco_Bianchi1

Hi,
is there a way to identify my own plugin when making calls to my own server? (e.g. to prevent potential abuse).
I see that the requests that I make from the plugin iFrame have 'Access-Control-Allow-Origin: "*" as header, which means that I need to disable CORS check on my server. Furthermore, if possible I’d like to prevent somebody else’s plugin calling my own APIs. What are some strategies I can adopt here? (I guess making the user authenticate is one option, but seems quite an overkill).

Additionally:
Is the code running in the sandbox visible to a user inspecting the plugin?

Thanks in advance!

This topic has been closed for comments

1 reply

tank666
  • tank666
  • 4870 replies
  • February 19, 2023

Hope this is what you need:

UX/UI designer. Figma expert. Creator and developer of plugins and widgets for Figma and FigJam. Check out my resources in Figma Community: figma.com/@tank666
Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings