Skip to content

Support per-tool-call API key authentication #264

New issue
New issue
Open
Open
Support per-tool-call API key authentication#264
@konard

Description

@konard
konard
opened on Dec 29, 2025

Problem

Currently, the Figma-Context-MCP server requires the API key to be configured at server startup time via:

  • CLI argument: --figma-api-key=YOUR-KEY
  • Environment variable: FIGMA_API_KEY

This approach works well for single-user scenarios, but presents challenges for multi-tenant or multi-user environments where:

  1. Different users need different API keys - In a system where multiple users run AI coding agents on the same machine/server, each user should use their own Figma API key
  2. Security concerns - A global environment variable means all users share the same token, which is a security vulnerability
  3. Dynamic key provisioning - In orchestration systems, different AI sessions may need to use different credentials based on the task context

Proposed Solution

Add an optional figma_api_key parameter to the tool input schemas, allowing the API key to be passed per-tool-call. This would override any server-level configuration for that specific call.

Example:

{
  "name": "get_figma_data",
  "arguments": {
    "fileKey": "abc123xyz",
    "nodeId": "1:2",
    "figma_api_key": "figd_abc123..."
  }
}

Benefits

  1. Multi-user support - Each user can provide their own Figma API key when making requests
  2. Dynamic credential management - Orchestration systems can inject user-specific tokens at call time
  3. Backward compatibility - Server-level configuration still works as fallback when per-call key is not provided
  4. Security - No need to share credentials across different user sessions

Use Case

We're building a system (https://github.com/link-assistant/hive-mind) where AI agents handle requests from multiple users on the same machine. Each user should be able to use their own Figma API key without exposing it to other users' sessions.

Alternatives Considered

  1. Running separate MCP server instances per user - Too resource-intensive and complex to manage
  2. Fork and modify - Creates maintenance burden and diverges from upstream

Thank you for considering this enhancement! Happy to discuss further or contribute a PR if this direction is acceptable.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions