API capability pack for bounded Figma REST API operations against https://api.figma.com only. Enroll a figma connection as either OAuth bearer auth or header auth that injects X-Figma-Token for a personal or plan access token; no credential is embedded in this manifest. The pack reads the current user, files, nodes, rendered image URLs, image-fill references, file metadata, team projects, project metadata, project files, file versions, comments, reactions, published components, component sets, styles, organization activity logs, local and published variable inventories, dev resources, library analytics, and oEmbed previews for daily design-to-build workflows. Approval-gated writes are limited to creating/deleting comments, adding/removing comment reactions, applying explicit variable mutations, and creating/updating/deleting dev-resource links. The pack intentionally excludes webhook list/read/create/update/delete because Figma webhook responses include passcode secret material, plus developer-log token filters, AI usage metering, payments, SCIM, file mutation/upload, arbitrary file export downloads, broad admin configuration, OAuth token exchange, and arbitrary API passthrough.
Trust & control
What installing this whole pack would let it do. Recued grants these permissions at install — review them there before approving.
Where it runs
Device + server
Runs on your device (browser) or your server.
What it's allowed to do
Write
Web APIs
figma
external change
Read: file.read · No approvalRead: file.node.read · No approvalRead: image.render · No approvalRead: image_fill.search · No approvalRead: file.meta.read · No approvalRead: team.project.search · No approvalRead: project.meta.read · No approvalRead: project.file.search · No approvalRead: file.version.search · No approvalRead: comment.search · No approvalWrite: comment.create · Asks approvalWrite: comment.delete · Asks approvalRead: comment.reaction.search · No approvalWrite: comment.reaction.create · Asks approvalWrite: comment.reaction.delete · Asks approvalRead: user.current · No approvalRead: component.search_team · No approvalRead: component.search_file · No approvalRead: component.read · No approvalRead: component_set.search_team · No approvalRead: component_set.search_file · No approvalRead: component_set.read · No approvalRead: style.search_team · No approvalRead: style.search_file · No approvalRead: style.read · No approvalRead: activity_log.search · No approvalRead: variable.local.read · No approvalRead: variable.published.read · No approvalWrite: variable.mutate · Asks approvalRead: dev_resource.search · No approvalWrite: dev_resource.create · Asks approvalWrite: dev_resource.update · Asks approvalWrite: dev_resource.delete · Asks approvalRead: library.component_actions.read · No approvalRead: library.component_usages.read · No approvalRead: library.style_actions.read · No approvalRead: library.style_usages.read · No approvalRead: library.variable_actions.read · No approvalRead: library.variable_usages.read · No approvalRead: oembed.read · No approval
Data it touches
SurfacesWeb APIs
Tags
pack:figmafigmadesignfilescommentscomponentsvariablesdev-resourcesanalyticsapiv3composition