Figma Security Basics Overview Secure your Figma API integration: store tokens safely, apply least-privilege scopes, rotate credentials, and verify webhook signatures. Prerequisites - Figma PAT or OAuth app configured - Understanding of environment variables - configured for secret files Instructions Step 1: Token Storage Step 2: Least-Privilege Scopes Assign the minimum scopes needed for each use case: | Use Case | Required Scopes | |----------|----------------| | Read file structure | | | Export images | | | Post comments | | | Read variables (Enterprise) | | | Manage webhooks | | | Read te…