Feature request for product/service
Cursor Web
Describe the request
Summary
Team marketplaces are a strong step for internal plugin distribution, but today everything flows through Dashboard → Settings → Plugins (docs). The forum thread shows recurring needs: private / enterprise Git sources, faster iteration without widening admin access, and clearer update paths than “ask an admin to click through the UI.”
A documented Admin API for team marketplace operations would match the direction of other enterprise automation (member usage, audit logs, groups) and address friction raised by community members who want to ship plugin updates without turning more people into full team admins or relying on manual dashboard steps even when Auto Refresh exists, teams still want API-driven refresh, validation, and delegation.
Problem / motivation (from community themes)
-
Admin bottleneck
Several users described friction publishing or refreshing plugins: needing org admin intervention for changes that could be owned by a platform or internal tools team, and reluctance to grant broad admin just to refresh a marketplace (e.g. posts in the 2.6 thread about updates and “notify admin” workflows). -
Automation and governance
Organizations want marketplaces to fit IaC, CI pipelines (refresh after merge to a release branch), and separation of duties: who can edit the Git repo vs who can attach that repo to Cursor vs who can force a refresh. -
Multi-repo / multi-tool workflows
There is interest in richer marketplace definitions (e.g. multiple sources or layouts in one repo) and alignment with other tools; an API makes it easier to validate and sync state from the same source of truth without dashboard-only operations (discussion of consolidated marketplace definitions and limitations). -
Parity with Cursor’s own API story
The dashboard already documents Cursor Admin API keys and REST endpoints for other admin tasks. Marketplace management is a gap for teams that already automate membership, usage, and compliance via API.
Proposed solution
Add documented, authenticated REST endpoints (same auth model as existing Admin API) for Team / Enterprise plans, for example:
| Capability | Purpose |
|---|---|
| List team marketplaces | Inventory for automation scripts |
| Create / update marketplace binding (GitHub URL, name, description, access groups IDs) | IaC and repeatable envs |
| Trigger refresh(Optional since Auto refresh already exists) | CI on main, release tags, without dashboard |
| Read status | Last successful sync, commit SHA, parse errors, refresh in progress |
| Optional: webhook or outbound event | “Marketplace refreshed” for internal notifications |
Scope suggestion: Start with refresh + create/update apis (highest impact for enterprise users who want to enable teams shipping private marketplaces with CI and least surface area), then status apis for full automation.
Auth: Scoped keys (e.g. admin:marketplaces or similar) so platform engineers can manage marketplaces without full billing/user-admin rights directly addressing the “don’t hand out Admin to everyone” concern (Nice to have)
Alternatives considered
- Rely on Auto Refresh only — Helps when it works, but does not support pipeline-gated rollouts, dry-run validation, or delegation without dashboard access.
- Document unofficial APIs — Fragile and risky for enterprises.
- Only GitHub App + dashboard — Does not solve programmatic operations or audit-friendly automation.
Notes
- This complements (does not replace) requests for GitLab, self-hosted GitHub Enterprise nuances, and richer marketplace manifests - those are product scope; APIs make any supported backend easier to operate at scale.
Operating System (if it applies)
Linux