Figma PAT
Service Name: Figma
Service Description: Figma is a collaborative web application for interface design, with additional offline features enabled by desktop applications for macOS and Windows.
Service Address: https://www.figma.com/
Validation Type: API Auth
IP Allow list: Does not exist
Secret Access Scope: Grants access to Figma API resources including files, projects, and user information.
Secret Revokement URL: https://www.figma.com/settings/user-profile/personal-access-tokens
Secret Example: figd_1a2b3c4d5e6f7g8h9i0j_1a2b3c4d5e6f7g8h9i0j1a2b3c4d5e6f7g8h
Suspicious Activity Investigation Instructions:
- Review Figma account activity logs for unauthorized file access or modifications
- Check for unknown collaborators added to your Figma projects
- Verify recent file exports or downloads from your Figma account
- Look for unexpected changes to team permissions or project settings
Mitigation Instructions:
- Immediately revoke the compromised token from Figma settings
- Generate a new token with appropriate permissions
- Review and update access permissions for all files and projects
- Enable two-factor authentication for your Figma account
- Review team member access and remove any unauthorized users