Hi, I have created a Google Calendar plugin and published it to CQ Cloud as private.
Now, I want to get the list of all the plugins I’ve created, but I’m getting a 403 in the API call response.
Feel free to help with the solution, possible reasoning, or any questions that you have around this issue.
Are you using an API key to authenticate your API call?
More information about how to generate an API key can be found here.
You should be able to use the API key as a Bearer auth token to authenticate.
@ben I’m getting the same result on my end as well - we’re passing the API key generated from the team settings page as a bearer token, but any endpoints that are scoped to a single team respond with a 403.
We’re also able to call the ListTeams endpoint, and our team is returned as the only item in the list.
We will take a look and get back to you!
Hi 
We had an access control bug in our backend related to API keys and listing plugins. A fix has been rolled out, can you try again?
Hi @erez,
Thank you for looking into it. The API that I had listed is working now. But the issue still persists in other APIs.
I have attached a couple of screenshots for your reference.
Are you able to list teams (e.g. /teams)? Please note an API key has access only to a single team (the one it was created under). So you shouldn’t be able to create a new team using it or get a specific team.
For cross-team operations, you should use the cloudquery login token.
@first-bullfrog Could you tell us a bit more about what you are trying to achieve with creating a team via API?
Yes, I am able to list teams!
@pilvikala: The idea is to use teams similarly as Airbyte workspaces. Thus creating a logical segmentation for the same set of source and destination syncs for different users. Hope this answers your question.
@first-bullfrog Thank you for the explanation!
@first-bullfrog At the moment, we have a limit of 3 teams per user. If you need more, it would be great if we could meet and discuss your use case a bit more in detail and see how we can support you. Let me know if you’d like to chat and I can send a calendar link.
@pilvikala: Got it!
We surely can get on a call. Let me share a couple of follow-up questions and then we can decide if the call is still required.
@first-bullfrog The CQ Cloud manages team memberships, and when you are running a sync locally, you need to authenticate with the Cloud (for billing purposes). So yes, it is applicable to self-hosted instances.
As for using private plugins in the Cloud, we have decided not to allow that until we actually get some feedback from our customers. This is to prevent the abuse of our infrastructure. We’re happy to discuss this on a case-by-case basis.
@pilvikala: Understood.
Is private plugin usage blocked in the self-hosted instance too? Or can we create syncs, sources, and syncs there?
No, you can use private plugins on your own infrastructure.
Thanks for the clarification.