diff --git a/server/api/api.go b/server/api/api.go
index ef97e3d9c..e7d9b0eb7 100644
--- a/server/api/api.go
+++ b/server/api/api.go
@@ -1799,6 +1799,9 @@ func (a *API) handlePostTeamRegenerateSignupToken(w http.ResponseWriter, r *http
 	//     description: internal error
 	//     schema:
 	//       "$ref": "#/definitions/ErrorResponse"
+	if a.MattermostAuth {
+		a.errorResponse(w, r.URL.Path, http.StatusNotImplemented, "not permitted in plugin mode", nil)
+	}
 
 	team, err := a.app.GetRootTeam()
 	if err != nil {
diff --git a/server/api/archive.go b/server/api/archive.go
index 372da3d09..dd5e25bf3 100644
--- a/server/api/archive.go
+++ b/server/api/archive.go
@@ -105,6 +105,9 @@ func (a *API) handleArchiveExportTeam(w http.ResponseWriter, r *http.Request) {
 	//     description: internal error
 	//     schema:
 	//       "$ref": "#/definitions/ErrorResponse"
+	if a.MattermostAuth {
+		a.errorResponse(w, r.URL.Path, http.StatusNotImplemented, "not permitted in plugin mode", nil)
+	}
 
 	vars := mux.Vars(r)
 	teamID := vars["teamID"]
diff --git a/server/api/auth.go b/server/api/auth.go
index b5fa26789..5b60584f6 100644
--- a/server/api/auth.go
+++ b/server/api/auth.go
@@ -166,6 +166,9 @@ func (a *API) handleLogin(w http.ResponseWriter, r *http.Request) {
 	//     description: internal error
 	//     schema:
 	//       "$ref": "#/definitions/ErrorResponse"
+	if a.MattermostAuth {
+		a.errorResponse(w, r.URL.Path, http.StatusNotImplemented, "not permitted in plugin mode", nil)
+	}
 
 	if len(a.singleUserToken) > 0 {
 		// Not permitted in single-user mode
@@ -228,6 +231,9 @@ func (a *API) handleLogout(w http.ResponseWriter, r *http.Request) {
 	//     description: internal error
 	//     schema:
 	//       "$ref": "#/definitions/ErrorResponse"
+	if a.MattermostAuth {
+		a.errorResponse(w, r.URL.Path, http.StatusNotImplemented, "not permitted in plugin mode", nil)
+	}
 
 	if len(a.singleUserToken) > 0 {
 		// Not permitted in single-user mode
@@ -278,6 +284,9 @@ func (a *API) handleRegister(w http.ResponseWriter, r *http.Request) {
 	//     description: internal error
 	//     schema:
 	//       "$ref": "#/definitions/ErrorResponse"
+	if a.MattermostAuth {
+		a.errorResponse(w, r.URL.Path, http.StatusNotImplemented, "not permitted in plugin mode", nil)
+	}
 
 	if len(a.singleUserToken) > 0 {
 		// Not permitted in single-user mode
@@ -377,6 +386,9 @@ func (a *API) handleChangePassword(w http.ResponseWriter, r *http.Request) {
 	//     description: internal error
 	//     schema:
 	//       "$ref": "#/definitions/ErrorResponse"
+	if a.MattermostAuth {
+		a.errorResponse(w, r.URL.Path, http.StatusNotImplemented, "not permitted in plugin mode", nil)
+	}
 
 	if len(a.singleUserToken) > 0 {
 		// Not permitted in single-user mode