Skip to content

Figma PAT

Service Name: Figma

Service Description: Figma is a collaborative web application for interface design, with additional offline features enabled by desktop applications for macOS and Windows.

Service Address: https://www.figma.com/

Validation Type: API Auth

IP Allow list: Does not exist

Secret Access Scope: Grants access to Figma API resources including files, projects, and user information.

Secret Revokement URL: https://www.figma.com/settings/user-profile/personal-access-tokens

Secret Example: figd_1a2b3c4d5e6f7g8h9i0j_1a2b3c4d5e6f7g8h9i0j1a2b3c4d5e6f7g8h

Suspicious Activity Investigation Instructions:

  • Review Figma account activity logs for unauthorized file access or modifications
  • Check for unknown collaborators added to your Figma projects
  • Verify recent file exports or downloads from your Figma account
  • Look for unexpected changes to team permissions or project settings

Mitigation Instructions:

  • Immediately revoke the compromised token from Figma settings
  • Generate a new token with appropriate permissions
  • Review and update access permissions for all files and projects
  • Enable two-factor authentication for your Figma account
  • Review team member access and remove any unauthorized users