Cross Account KV

We need to be able to share KVs between accounts. Is something like the below possible? Note, the code does work if we use all of our own account info. Just need to know if it will work when using someone else’s account info. Do not have anyone to test with right now. Happy to collaborate with someone else who is interested in doing this.

async get(key,{type="json"}={}) {
        key = encodeURIComponent(key);
        const url = `https://api.cloudflare.com/client/v4/accounts/${#someone_elses_account_id}/storage/kv/namespaces/${someone_elese_namespaceid}/values/${key}`,
            response = await this.fetch(url,{
                headers: {
                    "X-Auth-Email": myEmail,
                    "X-Auth-Key":  myAuthKey,
                    "Content-Type": "application/json",
                    "Authorization": `${someone_elses_bearer_token}"
                }
            }),
            return response.json();
    }

After I posted this, I realized I could just create another Cloudflare account with an alternate email.

The code will only work if the the email associated with the requesting account is added as a member the account owning the KV store.

Unfortunately, except for Enterprise Edition, all members of Cloudflare accounts automatically have Administrator privileges. This will kill our use case since the majority of our prospective customers would be Pro or Business users and I am sure they will not want to provide us with admin access to their Cloudflare account. Note, our use case is providing some data management tools while having the client continue to manage and pay for the actual data storage.

Would be nice if Bearer tokens could provide wider access, e.g. under Account Resources be able to say “Unrestricted” or perhaps “Foreign” with a third field to specify the foreign account id. We would need this capability at the Pro level for it to be really viable. Clients could then enter our account id when creating a bearer token for our use.

Alternatively, Cloudflare could provide an “Unmanaged” Zone capability. Clients could add our zone or zones, e.g. anywhichway.workers.dev or workers.anywhichway.com to their unmanaged zones list, which would appear in the Zones pulldown of Permissions section on the Bearer token edit form.

I will leave this open for now in case someone thinks I am missing something. If someone tells me I have it right, then I will mark this as the solution.