Skip to main content

Figma

Figma is a QuilrAI-built MCP available in the MCP Store. It exposes design context, comment, and Code Connect tools. The MCP is multi-tenant and does not ship a shared Figma OAuth app, so each connection must use its own Figma OAuth Client ID and Client Secret created at the Figma developer portal.

Use this guide when you install Figma from the MCP Store and the QuilrAI setup screen asks for a Figma Client ID and Client Secret.

See Overview for prerequisites and secret-handling guidance.

What This MCP Can Do

CapabilityToolsAccess
Read account and session infowhoami, get_defaults, set_defaultsRead and write
Read design nodes and layoutsget_design_context, get_metadata, get_screenshotRead only
Read design tokens and librariesget_variable_defs, get_libraries, search_design_systemRead only
Read FigJam boardsget_figjamRead only
Read and manage commentsget_comments, add_comment, delete_commentRead and write
Read and write Code Connect mappingsget_code_connect_map, get_code_connect_suggestions, get_context_for_code_connect, add_code_connect_map, send_code_connect_mappingsRead and write
Upload assetsupload_assetsWrite

delete_comment can only delete comments posted by the connected Figma account. get_variable_defs returns results only on Enterprise workspaces.

Required OAuth Scopes

Enable all of these when creating the app. The MCP rejects tokens that are missing any of them.

ScopeWhy it is needed
current_user:readIdentify the connected Figma account.
file_content:readRead file nodes, layout, fills, typography, and render images.
file_metadata:readRead file and component metadata, including library components and styles.
file_comments:readRead comments on a file.
file_comments:writePost and delete comments.
file_dev_resources:readRead Code Connect mappings.
file_dev_resources:writeCreate and update Code Connect mappings.

Do not request projects:read. It requires Figma's approval and is not available to unapproved third-party OAuth apps.

Create The Figma OAuth App

  1. Open the Figma developer portal and click Create new app. Give it a name and choose the organization that should own the integration.
  2. Under Redirect URIs, click Add URI and paste the QuilrAI callback URL shown on the Figma MCP setup screen. It must match exactly.
  3. Enable the seven scopes from Required OAuth Scopes.
  4. Click Save, then copy the Client ID and Client Secret.
  5. Paste the Client ID and Client Secret into the QuilrAI manual OAuth setup screen, click Connect, and authorize Figma. Grant all requested scopes at the Figma consent screen.
  6. On first use, the assistant will ask you to paste a Figma file URL (for example, https://www.figma.com/design/aBcDeFgHiJkL/My-Design-System). The assistant saves it as your default for all future sessions. To switch files, tell it "use this file: [URL]".

Keep In Mind

  • projects:read is not available to third-party OAuth apps. Figma restricts this scope — the assistant cannot browse projects or list files. Users must paste a Figma file URL directly; the assistant extracts the file key from the URL automatically.
  • Design variables require an Enterprise workspace. get_variable_defs returns design tokens only when the Figma workspace is on the Enterprise plan. On Free and Professional workspaces the tool returns an empty result.
  • Node IDs use : not -. Figma URLs encode node IDs with hyphens (for example ?node-id=1-23). When passing a node ID to get_design_context or get_screenshot, replace - with : (for example 1:23).
  • FigJam boards use a different tool. For FigJam files, use get_figjam instead of get_design_context. The design context tools do not work on FigJam boards.
  • Redirect URI must match exactly. Figma rejects the OAuth flow if the redirect URI in the app does not match the QuilrAI callback URL character-for-character. Create a separate Figma OAuth app for each QuilrAI environment whose callback URL differs.
  • Each tenant brings its own credentials. This MCP is multi-tenant by design. There is no shared QuilrAI-owned Figma app, so isolation comes from each connection using its own Figma OAuth app.

Troubleshooting

ErrorLikely causeFix
redirect_uri_mismatchThe redirect URI in the Figma app does not match the QuilrAI callback URL.Copy the callback URL from the MCP setup screen again, update the Figma app's redirect URI, save, and retry.
invalid_clientWrong Client ID, wrong secret, or a deleted secret.Copy the Figma Client ID and Client Secret again, update QuilrAI, and retry.
client_id and redirect_uri are required or Figma OAuth client_id and client_secret are requiredThe gateway was not supplied OAuth credentials.Confirm the Figma Client ID and Client Secret are configured in the QuilrAI MCP setup screen and retry.
OAuth app with client id X doesn't existClient ID is invalid, or the Figma app is scoped to a specific organization.Verify the app exists at figma.com/developers/apps and that the signing-in user belongs to the same Figma organization.
403 Forbidden on team endpointsFree or Professional plan restriction.Upgrade the Figma workspace, or use file-scoped tools instead of team-scoped ones.
404 Not Found on project filesprojects:read is not available to unapproved third-party OAuth apps.Provide a direct Figma file URL instead of browsing by project.

References