### Open LarkSuite MCP Integration Guide Source: https://open.larksuite.com/document/server-docs/getting-started/getting-started Guide for integrating with LarkSuite's MCP (Meeting Control Platform) for meeting-related functionalities. ```APIDOC Open LarkSuite MCP Integration Guide: MCP Introduction: https://open.larksuite.com/document/uAjLw4CM/ukTMukTMukTM/mcp_integration/mcp_introduction ``` -------------------------------- ### Larksuite Server API List and Guides Source: https://open.larksuite.com/document/server-docs/getting-started/server-api-list Comprehensive documentation for Larksuite's Server APIs, including guides on calling processes, rate limits, general parameters, and error codes. Covers authentication, authorization, and various API categories. ```APIDOC Server API Documentation Overview: * API Call Guide: Information on how to call Larksuite APIs. * Server API list: A comprehensive list of available server APIs. * Scope list: Lists available scopes for API access. * Server SDK: Documentation for the Server SDK. * Rate limits: Information on API rate limits and frequency control. * General parameters: Explanation of general parameters used in the APIs. * Server Error Codes: List of server error codes and their meanings. API Categories: * Events and callbacks: Documentation on event handling and callbacks. * Authenticate and Authorize: Information on authentication and authorization processes. * Contacts: APIs related to contact management. * Messaging: APIs for sending and receiving messages. * Group Chat: APIs for managing group chats. * Lark Card: APIs for working with Lark Cards. * Feed: APIs related to feeds. * Docs: APIs for document management. * Calendar: APIs for calendar integration. * Video Conferencing: APIs for video conferencing features. * Minutes: APIs for meeting minutes. * Attendance: APIs for attendance tracking. * Approval: APIs for approval workflows. * Bot: APIs for bot integration. * Tasks v2: APIs for task management (version 2). * Email: APIs for email integration. * App Information: APIs for retrieving app information. * Company Information: APIs for accessing company information. * Personal Settings: APIs for managing personal settings. * AI: APIs related to artificial intelligence features. * Admin: APIs for administrative tasks. * OKR: APIs for Objectives and Key Results management. * Security and Compliance: APIs related to security and compliance. * Workplace: APIs for workplace integration. ``` -------------------------------- ### Larksuite API Call Guide and Process Source: https://open.larksuite.com/document/server-docs/getting-started/overview-of-app-scopes Comprehensive guide to calling Larksuite APIs, covering the process from obtaining access tokens to handling API call limits. Includes information on applying for API permissions and configuring app data permissions. ```APIDOC API Call Guide: - Process overview - Obtain access tokens - Apply for API permission - Configure app data permissions - Set IP allowlist - Calling APIs - Adjusting API call limits for custom apps - Server API list - Scope list - Server SDK - Rate limits - General parameters - Server Error Codes ``` -------------------------------- ### Open LarkSuite Server API Documentation Source: https://open.larksuite.com/document/server-docs/getting-started/getting-started Provides comprehensive documentation for the LarkSuite Server API, including guides on calling processes, obtaining access tokens, API permissions, IP allowlists, rate limits, and error codes. It also lists available server SDKs and general API parameters. ```APIDOC Open LarkSuite Server API Documentation: Calling Process: Process overview: https://open.larksuite.com/document/server-docs/getting-started/getting-started Obtain access tokens: https://open.larksuite.com/document/server-docs/getting-started/api-access-token/app-access-token-development-guide Apply for API permission: https://open.larksuite.com/document/server-docs/getting-started/overview-of-app-scopes Configure app data permissions: https://open.larksuite.com/document/home/introduction-to-scope-and-authorization/configure-app-data-permissions Set IP allowlist: https://open.larksuite.com/document/server-docs/getting-started/ip-allowlist Calling APIs: https://open.larksuite.com/document/server-docs/getting-started/api-access-token/get- Adjusting API call limits for custom apps: https://open.larksuite.com/document/uAjLw4CM/ukTMukTMukTM/api-call-guide/api-billing API Resources: Server API list: https://open.larksuite.com/document/server-docs/getting-started/server-api-list Scope list: https://open.larksuite.com/document/server-docs/getting-started/scope-list Server SDK: https://open.larksuite.com/document/ukTMukTMukTM/uETO1YjLxkTN24SM5UjN Rate limits: https://open.larksuite.com/document/server-docs/getting-started/frequency-control General parameters: https://open.larksuite.com/document/server-docs/getting-started/terminology Server Error Codes: https://open.larksuite.com/document/server-docs/getting-started/server-error-codes Modules: Contacts Messaging Group Chat Lark Card Feed Docs Calendar Video Conferencing Minutes Attendance Approval Bot Tasks v2 Email App Information Company Information Personal Settings AI Admin OKR Security and Compliance Workplace Deprecated Version (Not Recommended) ``` -------------------------------- ### Access Tokens Source: https://open.larksuite.com/document/server-docs/getting-started/terminology Documentation for tenant_access_token and user_access_token, which are essential for authenticating API requests on behalf of a tenant or a user, respectively. Includes links to guides on how to obtain these tokens. ```APIDOC tenant_access_token: description: The access token for a tenant. Allows an app to perform operations on behalf of an organization or team. related_links: - url: https://open.larksuite.com/document/ukTMukTMukTM/ukDNz4SO0MjL5QzM/auth-v3/auth/tenant_access_token text: Get tenant_access_token for store apps - url: https://open.larksuite.com/document/ukTMukTMukTM/ukDNz4SO0MjL5QzM/auth-v3/auth/tenant_access_token_internal text: Get tenant_access_token for custom apps user_access_token: description: The access token for a user. Allows an app to perform operations on behalf of a user, such as creating documents or schedules. related_links: - url: https://open.larksuite.com/document/uAjLw4CM/ukTMukTMukTM/reference/authen-v1/authen/access_token text: Getting user_access_token ``` -------------------------------- ### Lark Suite API - Get User Information Source: https://open.larksuite.com/document/server-docs/getting-started/overview-of-app-scopes Demonstrates how to find required scopes for the 'Get user information' API. It explains 'Required scopes' and 'Required field scopes' and their implications for app permissions. ```APIDOC APIDOC: Endpoint: /open-apis/contact/v3/user/:user_id Method: GET Description: Get user information. Permissions: Required Scopes: - "contact:user.readonly" (OR relationship between scopes) Required Field Scopes: - "user_id: "user_id" field requires 'Get user ID' permission. Example: To get the user_id field, the app must have the 'Get user ID' permission enabled. ``` -------------------------------- ### Lark Open Platform API Call Process Source: https://open.larksuite.com/document/server-docs/getting-started/getting-started Illustrates the step-by-step process for calling server APIs on the Lark Open Platform. ```APIDOC APIDOC: Process Steps: 1. Create apps in the Developer Console. 2. Obtain an access token (various types available, include in HTTP header). 3. Apply for API scopes required for specific interfaces. 4. (Optional) Configure data permissions for sensitive fields and submit for review. 5. (Optional) Set an IP whitelist for enhanced security. 6. Call the open API using the API documentation. ``` -------------------------------- ### Open LarkSuite Client API Documentation Source: https://open.larksuite.com/document/server-docs/getting-started/getting-started Documentation for the LarkSuite Client API, focusing on frontend integration and user interface elements. ```APIDOC Open LarkSuite Client API Documentation: https://open.larksuite.com/document/client-docs/h5/ ``` -------------------------------- ### LarkSuite App Release Process Source: https://open.larksuite.com/document/server-docs/getting-started/overview-of-app-scopes Details the process of releasing an app on the LarkSuite platform, including choosing between targeted listing, full listing, and non-public listing based on business needs. It also provides links to further documentation on publishing store apps and managing app permissions. ```APIDOC APIDOC: Endpoint: /app-release/version-management Method: POST Description: Publishes the app to the store. Parameters: - release_type: string (required) - Specifies the release type. Options: 'targeted', 'full', 'non_public'. - version: string (required) - The version number of the app to release. - notes: string (optional) - Release notes for the new version. Returns: - status: string - Indicates the success or failure of the release. - message: string - A message providing details about the release status. Example: POST /app-release/version-management { "release_type": "full", "version": "1.0.0", "notes": "Initial release of the app." } ``` -------------------------------- ### Larksuite Department Management API Source: https://open.larksuite.com/document/server-docs/getting-started/server-api-list APIs for managing departments in Larksuite. Includes operations for creating, partially updating, and fully updating departments. ```APIDOC Create a department: POST /open-apis/contact/v3/departments Description: Creates a department in contacts. Parameters: None Modify department information in part: PATCH /open-apis/contact/v3/departments/:department_id Description: Updates any department field in contacts. Parameters: - department_id: The ID of the department to update. Update department information in whole: PUT /open-apis/contact/v3/departments/:department_id Description: Updates all information of the current department. Parameters: - department_id: The ID of the department to update. ``` -------------------------------- ### Workforce Type API Source: https://open.larksuite.com/document/server-docs/getting-started/server-api-list API for creating workforce types. ```APIDOC POST /open-apis/contact/v3/employee_type_enums Description: Adds a workforce type. ``` -------------------------------- ### Access Token Acquisition Source: https://open.larksuite.com/document/server-docs/getting-started/getting-started Explains the importance and types of access tokens provided by Lark Open Platform for resource access permissions. ```APIDOC APIDOC: Access Token: - Lark Open Platform provides various types of access tokens. - Access tokens represent different resource access permissions. - When calling APIs, the access token must be included in the HTTP header. ``` -------------------------------- ### Lark Open Platform API Request URL Format Source: https://open.larksuite.com/document/server-docs/getting-started/getting-started Describes the standard format for request URLs when interacting with Lark Open Platform APIs. ```APIDOC APIDOC: URL Format: The APIs provided by Lark Open Platform follow the RESTful style, and the format of the request URL is as follows: ``` -------------------------------- ### Larksuite Server API - General Information Source: https://open.larksuite.com/document/server-docs/getting-started/ip-allowlist Provides an overview of key aspects of the Lark Server API, including the calling process, access token management, API permissions, and rate limiting. ```APIDOC APIDOC: Server API Overview: Calling Process: - Process overview: https://open.larksuite.com/document/server-docs/getting-started/getting-started - Obtain access tokens: https://open.larksuite.com/document/server-docs/getting-started/api-access-token/app-access-token-development-guide - Apply for API permission: https://open.larksuite.com/document/server-docs/getting-started/overview-of-app-scopes - Configure app data permissions: https://open.larksuite.com/document/home/introduction-to-scope-and-authorization/configure-app-data-permissions API Call Guide: - Calling APIs: https://open.larksuite.com/document/server-docs/getting-started/api-access-token/get- - Adjusting API call limits: https://open.larksuite.com/document/uAjLw4CM/ukTMukTMukTM/api-call-guide/api-billing Resources: - Server API list: https://open.larksuite.com/document/server-docs/getting-started/server-api-list - Scope list: https://open.larksuite.com/document/server-docs/getting-started/scope-list - Server SDK: https://open.larksuite.com/document/ukTMukTMukTM/uETO1YjLxkTN24SM5UjN - Rate limits: https://open.larksuite.com/document/server-docs/getting-started/frequency-control - General parameters: https://open.larksuite.com/document/server-docs/getting-started/terminology - Server Error Codes: https://open.larksuite.com/document/server-docs/getting-started/server-error-codes ``` -------------------------------- ### Lark Suite API - List Roles Source: https://open.larksuite.com/document/server-docs/getting-started/overview-of-app-scopes Illustrates API permission requirements for the 'List roles' API. It specifies the necessary permissions ('View, comment, edit and manage Bitable' or 'View, comment, and export Bitable') for debugging using a user_access_token. ```APIDOC APIDOC: Endpoint: /open-apis/bitable/v1/app-roles Method: GET Description: List roles within a Bitable app. Permissions: Required Scopes: - "bitable:openapi.readonly" (View, comment, edit and manage Bitable) - "bitable:openapi.readonly" (View, comment, and export Bitable) Debugging Note: APIs requiring review can be debugged using the app developer's user_access_token if the permission supports it, without needing to publish the app. ``` -------------------------------- ### IP Whitelist Configuration Source: https://open.larksuite.com/document/server-docs/getting-started/getting-started Explains the optional security measure of setting an IP whitelist to restrict access to the Lark Open Platform. ```APIDOC APIDOC: IP Whitelist: - Optional security feature to enhance app security. - Only requests from whitelisted IP addresses are responded to. - Requests from non-whitelisted IPs are rejected. ``` -------------------------------- ### Larksuite API Permission Application and Testing Workflow Source: https://open.larksuite.com/document/server-docs/getting-started/overview-of-app-scopes This section describes the general workflow for applying for and testing API permissions within the Larksuite developer console. It includes steps for both custom apps and store apps, focusing on utilizing test companies for debugging without immediate approval. ```APIDOC API Permission Application Workflow: 1. Navigate to the Developer Console. 2. Select the target app (custom or store app). 3. Go to Development Configuration > Permissions & Scopes. 4. Apply for the necessary permissions in the Manage scopes area. 5. Confirm the requested permission list. API Testing and Debugging with Test Company: 1. Create a test company and users (Development Configuration > Test Companies and Users). 2. Create a new app version (App Release > Version Management & Release). 3. Configure the version number and description. 4. Set the version as a test version. 5. Install the app in the test company. 6. Call the APIs in the test company without review (for approval-required permissions). Releasing the App: 1. Switch back to the official version. 2. Enable the same permissions again in the official version. 3. Create a version release request (App Versions > Version Management & Release). 4. Configure app version, update notes, features, scope changes, availability, and reason for request. 5. Submit for release. 6. Wait for enterprise administrator review. ``` -------------------------------- ### Larksuite API Categories Source: https://open.larksuite.com/document/server-docs/getting-started/overview-of-app-scopes Overview of various API categories available in Larksuite, including authentication, messaging, calendar, and attendance. This provides a high-level view of the different functionalities exposed through the API. ```APIDOC API Categories: - Authenticate and Authorize - Contacts - Messaging - Group Chat - Lark Card - Feed - Docs - Calendar - Video Conferencing - Minutes - Attendance - Approval - Bot - Tasks v2 - Email - App Information - Company Information - Personal Settings - AI - Admin - OKR - Security and Compliance - Workplace ``` -------------------------------- ### Custom App Permissions Source: https://open.larksuite.com/document/server-docs/getting-started/overview-of-app-scopes Details the permission levels for custom apps on the LarkSuite Open Platform, including automatic approval and review-required permissions, their descriptions, and review rules. ```APIDOC Custom apps: Permission level | Description | Review rules ---|---|--- Automatic approval permissions | Tenant administrators can configure automatic approval permissions based on the actual data governance requirements of the tenant to reduce the review burden. For specific configuration methods, see [How do administrators set up custom app review rules](https://www.larksuite.com/hc/zh-CN/articles/360048488346). | No review is required, and it takes effect immediately after applying. Review-required permissions | For permissions involving sensitive data, include them in the review-required permission list. | After applying, you need to create a version and submit it for review. The app administrator will review and approve it before it takes effect. ``` -------------------------------- ### Obtaining and Refreshing User Access Tokens Source: https://open.larksuite.com/document/server-docs/getting-started/api-access-token/app-access-token-development-guide Provides links to API documentation for obtaining and refreshing user access tokens, which are crucial for user-specific operations within the Lark platform. ```APIDOC Refer to the following API documentation for managing user access tokens: - [Get user_access_token](https://open.larksuite.com/document/uAjLw4CM/ukTMukTMukTM/reference/authen-v1/oidc-access_token/create) - [Refresh user_access_token](https://open.larksuite.com/document/uAjLw4CM/ukTMukTMukTM/reference/authen-v1/oidc-refresh_access_token/create) ``` -------------------------------- ### Larksuite Contacts API Reference Source: https://open.larksuite.com/document/server-docs/getting-started/server-api-list Provides comprehensive details for managing contacts within the Lark system. This includes obtaining permissions, creating, updating, retrieving, and deleting user information, as well as managing user IDs and restoring deleted users. ```APIDOC APIDOC: Contacts API: Obtain Contacts Permission Scope: GET /open-apis/contact/v3/scopes Description: Obtains the range of contacts data an app is authorized to access (department list, user list, user group list). Returns first-level departments if access is all employees, otherwise returns administrator-selected departments. Billing Type: Unlimited App Type: All Business Domain: Contacts Create User: POST /open-apis/contact/v3/users Description: Creates a user in Contacts for new employees. Only data within the app's scope is returned after creation. Refer to App scopes for data scope and field relationships. Billing Type: Unlimited App Type: All Business Domain: Contacts Modify User Information (Partial): PATCH /open-apis/contact/v3/users/:user_id Description: Updates specified fields for a user in Contacts. Unspecified parameters remain unchanged. Billing Type: Unlimited App Type: All Business Domain: Contacts Update UserID: PATCH /open-apis/contact/v3/users/:user_id/update_user_id Description: Updates a user's ID. Billing Type: Unlimited App Type: All Business Domain: Contacts Obtain Single User Information: GET /open-apis/contact/v3/users/:user_id Description: Retrieves information for a single user in Contacts. Billing Type: Unlimited App Type: All Business Domain: Contacts Obtain Multiple Users Information: GET /open-apis/contact/v3/users/batch Description: Retrieves information for multiple users. Billing Type: Unlimited App Type: All Business Domain: Contacts Obtain Users Directly Under Department: GET /open-apis/contact/v3/users/find_by_department Description: Retrieves a list of users directly under a specified department ID. Billing Type: Unlimited App Type: All Business Domain: Contacts Obtain User ID via Email or Mobile Number: POST /open-apis/contact/v3/users/batch_get_id Description: Retrieves user ID information (open_id, user_id, union_id) using mobile number or email. Specify desired ID types via query parameters. Billing Type: Unlimited App Type: All Business Domain: Contacts Delete User: DELETE /open-apis/contact/v3/users/:user_id Description: Deletes a user from Contacts when an employee is terminated. Refer to FAQs for details. Billing Type: Unlimited App Type: All Business Domain: Contacts Restore Deleted Users: POST /open-apis/contact/v3/users/:user_id/resurrect Description: Restores deleted users (members who have left the organization). Applicable to custom apps only; store apps are not authorized. Billing Type: Unlimited App Type: Custom apps Business Domain: Contacts Fully Update User Information: PUT /open-apis/contact/v3/users/:user_id Description: Updates all fields for a user in Contacts. Refer to FAQs for details. Billing Type: Unlimited App Type: All Business Domain: Contacts ``` -------------------------------- ### Lark Server API General Parameters Source: https://open.larksuite.com/document/server-docs/getting-started/terminology This section details the general parameters used in Lark Open Platform server APIs. It covers app-related parameters like app_id, app_secret, and app_ticket, organization-related parameters such as tenant_key, and user-related parameters including various access tokens. ```APIDOC General Parameters: App-related parameters: app_id: Unique identifier for the Lark application. app_secret: Secret key for the Lark application, used for authentication. app_ticket: A ticket used for specific authentication flows. Organization-related parameters: tenant_key: Unique identifier for the organization (tenant) on Lark. department_id: Identifier for a department within an organization. open_department_id: Open identifier for a department. User-related parameters: user_access_token: Token for accessing user-specific data and actions. Access tokens related parameters: app_access_token: Token for accessing application-level resources. tenant_access_token: Token for accessing tenant-level resources. Other parameters: chat_id: Identifier for a chat. open_message_id: Open identifier for a message. ``` -------------------------------- ### Data Permissions Configuration Source: https://open.larksuite.com/document/server-docs/getting-started/getting-started Describes the optional step of configuring data permissions for APIs like Contacts and Lark HR Enterprise Edition, including review and approval process. ```APIDOC APIDOC: Data Permissions: - Optional configuration for apps requesting permissions for certain APIs (e.g., Contacts, Lark HR Enterprise Edition). - Requires configuring corresponding data permissions and submitting for review. - Permissions take effect after approval, enabling successful data retrieval. - Failure to configure or get approval results in authorization errors. ``` -------------------------------- ### Lark Open Platform Access Tokens: app_access_token, tenant_access_token, user_access_token Source: https://open.larksuite.com/document/server-docs/getting-started/terminology Describes the different types of access tokens used in the Lark Open Platform: `app_access_token`, `tenant_access_token`, and `user_access_token`. These tokens represent authorization granted to an app by the platform, tenant, or user, respectively. ```APIDOC app_access_token: - Description: The access token for apps, identifying the app's identity to the Open Platform. - Type: String - Allows the app to access its own related information without specifying an organization or user. tenant_access_token: - Description: Access token representing authorization granted to an app by a tenant (organization or team). - Type: String user_access_token: - Description: Access token representing authorization granted to an app by a user. - Type: String ``` -------------------------------- ### IP Allowlist Configuration Procedure Source: https://open.larksuite.com/document/server-docs/getting-started/ip-allowlist Steps to configure IP allowlist settings in the LarkSuite Developer Console. This involves logging in, selecting an app, navigating to security settings, and adding an IPv4 address. ```APIDOC Procedure: 1. Log in to the Developer Console (https://open.larksuite.com/app). 2. Navigate to the app details page. 3. Go to **Security Settings** and find the **IP allowlist** section. 4. Enter a valid IPv4 address and click **Add**. ``` -------------------------------- ### Lark Open Platform Organization Parameters: tenant_key, department_id, open_department_id Source: https://open.larksuite.com/document/server-docs/getting-started/terminology Describes the `tenant_key`, `deparment_id`, and `open_department_id` parameters used for identifying organizations and departments within the Lark Open Platform. `tenant_key` is the unique identifier for an enterprise, `department_id` is a custom department ID (deprecated), and `open_department_id` is the recommended globally unique department ID. ```APIDOC tenant_key: - Description: A tenant unique identifier, which corresponds to an enterprise. - Type: String - Obtained when the organization installs the app or when the user logs in and grants authorization. department_id: - Description: A custom department ID. - Type: String - Uniqueness is no longer guaranteed due to policy updates. - Not recommended for use as a unique identifier. open_department_id: - Description: An automatically generated department ID by the Open Platform. - Type: String - Starts with `od-`. - Globally unique across apps and development subjects. - Recommended for use as a unique identifier for departments. ``` -------------------------------- ### Obtain Access Tokens Source: https://open.larksuite.com/document/server-docs/getting-started/api-access-token/app-access-token-development-guide This section details the process of obtaining various types of access tokens required for interacting with the Larksuite API. It covers obtaining tenant_access_token and app_access_token for custom and store apps, as well as user_access_token. It also explains how to choose the appropriate token type and how to use them in API calls. ```APIDOC Obtain access tokens: - Introduction to access tokens - How to choose different types of access tokens - Obtain tenant_access_token for custom apps - Obtain app_access_token for custom apps - Obtain app_access_token for store apps - Obtain tenant_access_token for store apps - Obtain user_access_token - How to use access tokens ``` -------------------------------- ### Larksuite Workforce Type Management API Source: https://open.larksuite.com/document/server-docs/getting-started/server-api-list APIs for managing custom workforce types in Larksuite. Includes operations for updating, fetching, and deleting workforce types. ```APIDOC Update Workforce Type: PUT /open-apis/contact/v3/employee_type_enums/:enum_id Description: Updates the custom workforce type. Parameters: - enum_id: The ID of the workforce type to update. Fetch Workforce Type: GET /open-apis/contact/v3/employee_type_enums Description: Obtains an employee's workforce type. Parameters: None Delete Workforce Type: DELETE /open-apis/contact/v3/employee_type_enums/:enum_id Description: Deletes custom workforce types. Parameters: - enum_id: The ID of the workforce type to delete. ``` -------------------------------- ### Lark Access Token Types Source: https://open.larksuite.com/document/server-docs/getting-started/api-access-token/app-access-token-development-guide Details the different types of access tokens available in the Lark Open Platform, including their authorization requirements and typical use cases. ```APIDOC Access Token Type | Requires User Authorization | Description ---|---|--- tenant_access_token | No | The credentials required to call the API as an app. The range of readable and writable data is determined by the app's own [data permission range](https://open.larksuite.com/document/home/introduction-to-scope-and-authorization/configure-app-data-permissions). The value of this type of credential is prefixed with `t-`, and the example value is: `t-24b5bf4e00b2af1234`. user_access_token | is | The credentials required when calling the API as a user. The range of readable and writable data is determined by the user's data permission range. The value of this type of credential is prefixed with `u-`, and the example value is: `u-Lr1RT7S8fS03mT1234`. app_access_token | No | The short-term token for app identity, the open platform identifies the caller's app identity based on the app_access_token. The value of this type of credential is prefixed with `a-` or `t-`, and the example value is: `a-24b5cef00b1234`. ``` -------------------------------- ### Lark Open Platform App Credentials: app_id, app_secret, app_ticket Source: https://open.larksuite.com/document/server-docs/getting-started/terminology Describes the `app_id`, `app_secret`, and `app_ticket` parameters used for authenticating Lark Open Platform applications. `app_id` is the unique identifier, `app_secret` is the secret key, and `app_ticket` is used by store apps to enhance security when obtaining the `app_access_token`. ```APIDOC app_id: - Description: The unique identifier of a Lark Open Platform app. - Type: String - Generated automatically by the system. - Cannot be modified by users. - Found in the Credentials & Basic info page of the Developer Console. app_secret: - Description: The secret key of the app. - Type: String - Generated automatically by the system. - Required as a request parameter when calling certain APIs. - Can be checked or reset on the Credentials & Basic Info page of the Developer Console. app_ticket: - Description: A field used by store apps to improve security. - Type: String - Required when calling the API to get `app_access_token` for store apps. - Lark Open Platform pushes `app_ticket` to the app once per hour after configuring the event request address. - Can also be triggered by calling the `app_ticket_resend` API. ``` -------------------------------- ### Obtain tenant_access_token for store apps Source: https://open.larksuite.com/document/server-docs/getting-started/api-access-token/app-access-token-development-guide This API is used to obtain the tenant_access_token for store apps. It requires the app_access_token and tenant_key. The tenant_key is a unique identifier for the tenant on Lark. ```APIDOC POST /open-apis/auth/v3/tenant_access_token - Description: Obtains the tenant_access_token for store apps. - Request Body: - app_access_token (string): The app access token. - tenant_key (string): The tenant key. - Returns: - tenant_access_token (string): The tenant access token. - expire (int): Expiration time of the token (in seconds). - Example: ```json { "app_access_token": "xxxxxxxxxxxxxxxxx", "tenant_key": "xxxxxxxxxxxxxxxxx" } ``` ``` -------------------------------- ### Handling Rate Limiting with HTTP 429 Source: https://open.larksuite.com/document/server-docs/getting-started/frequency-control This section describes how to handle rate limiting errors by using the HTTP 429 status code and the `x-ogw-ratelimit-reset` response header to delay subsequent requests. ```APIDOC HTTP Status Code: 429 Too Many Requests Response Header: x-ogw-ratelimit-reset: - Description: The number of seconds to wait before retrying the request. Handling Steps: 1. Upon receiving a 429 error, read the value of the `x-ogw-ratelimit-reset` header. 2. Delay subsequent requests by the number of seconds specified in the header. 3. Retry the request. 4. If the request continues to fail with a 429 error, repeat steps 1-3 until the request succeeds. ``` -------------------------------- ### Other Parameters Source: https://open.larksuite.com/document/server-docs/getting-started/terminology Documentation for other important parameters like chat_id and open_message_id, used for identifying conversations and messages within the Larksuite platform. ```APIDOC chat_id: description: A unique identifier for a conversation, applicable to both private and group chats. open_message_id: description: A unique identifier for a specific message body. ``` -------------------------------- ### API Scope Application Source: https://open.larksuite.com/document/server-docs/getting-started/getting-started Details the requirement to apply for API scopes before calling interfaces, including scopes for sensitive fields. ```APIDOC APIDOC: API Scopes: - To call an API, you must first obtain the necessary scope. - If accessing sensitive fields, a specific scope for sensitive field access is also required. ``` -------------------------------- ### User Group Member Management API Source: https://open.larksuite.com/document/server-docs/getting-started/server-api-list APIs for adding, batch adding, listing, removing, and batch removing members from user groups. Permissions are determined by the app's contact scope. ```APIDOC POST /open-apis/contact/v3/group/:group_id/member/add Description: Adds a single user member to a user group. POST /open-apis/contact/v3/group/:group_id/member/batch_add Description: Adds multiple user members to a user group. Requires 'All employees' scope for unrestricted access. GET /open-apis/contact/v3/group/:group_id/member/simplelist Description: Lists members (users or departments) of a user group. Access depends on contact scope. POST /open-apis/contact/v3/group/:group_id/member/remove Description: Removes a single user member from a user group. POST /open-apis/contact/v3/group/:group_id/member/batch_remove Description: Removes multiple user members from a user group. Requires 'All employees' scope for unrestricted access. ``` -------------------------------- ### User Group Management API Source: https://open.larksuite.com/document/server-docs/getting-started/server-api-list APIs for creating, updating, retrieving, listing, and deleting user groups. These operations are subject to the application's contact scope permissions. ```APIDOC POST /open-apis/contact/v3/group Description: Creates a user group. Requires 'All employees' contact scope. PATCH /open-apis/contact/v3/group/:group_id Description: Updates an existing user group. GET /open-apis/contact/v3/group/:group_id Description: Retrieves basic information of a user group by its ID. Requires contact scope to include the group or 'All employees'. GET /open-apis/contact/v3/group/simplelist Description: Lists user groups in a company. Access depends on contact scope. DELETE /open-apis/contact/v3/group/:group_id Description: Deletes a user group. ``` -------------------------------- ### API Frequency Control Information Source: https://open.larksuite.com/document/server-docs/getting-started/frequency-control Provides details on Lark Open Platform's API frequency control, including limitations and how to request adjustments. ```APIDOC API Frequency Control: - No self-adjustment feature available. - Request temporary increases via CSM for scenarios like data migration or large-scale activities. - Limitations apply to Message, Group, and Base businesses. Related Topics: - Response for limitations - Handling limitation scenarios - Frequency control strategy levels ``` -------------------------------- ### Lark Suite Frequency Control Strategy Levels Source: https://open.larksuite.com/document/server-docs/getting-started/frequency-control Details the different frequency control levels applied to APIs, custom apps, and bots within the Lark Suite. It outlines limits per application, per tenant, and per second/minute. ```APIDOC Frequency Control Levels: General Application: - Applied on a per-API, per-application, and per-tenant basis. - Write interfaces may have lower limits than read interfaces. Custom Bots: - Limits: 100 times per minute and 5 times per second. OpenAPIs: - Most follow standard levels. - Complex OpenAPIs may have custom strategies; contact technical support. - Exceeding limits (QPS/QPM) triggers rate limiting. Level | Description | Custom app limit(Basic Edition) | Custom app limit (Business Edition) | Store app limit ---|---|---|---|--- 1 | 10 times/min per app/tenant | 10 times/min | 10 times/min | 10 times/min 2 | 20 times/min per app/tenant | 20 times/min | 20 times/min | 20 times/min 3 | 100 times/min per app/tenant | 100 times/min | 100 times/min | 100 times/min 4 | 1000 times/min & 50 times/sec per app/tenant | 1000 times/min & 50 times/sec | 1000 times/min & 50 times/sec | 1000 times/min & 50 times/sec 5 | 1 time/sec per app/tenant | 1 time/sec | 1 time/sec | 1 time/sec 6 | 5 times/sec per app/tenant | 5 times/sec | 5 times/sec | 5 times/sec 7 | 10 times/sec per app/tenant | 10 times/sec | 10 times/sec | 10 times/sec 8 | 20 times/sec per app/tenant | 20 times/sec | 20 times/sec | 20 times/sec 9 | 50 times/sec per app/tenant | 50 times/sec | 50 times/sec | 50 times/sec 10 | 50 times/sec per app/tenant | 50 times/sec | 100 times/sec | 50 times/sec 11 | 100 times/sec per app/tenant | 100 times/sec | 100 times/sec | 100 times/sec Special Frequency Control | Non-standard frequency control. Contact Technical Support. | | | Note: Specific limitation values are subject to change and will be communicated via the Lark Open Platform changelog. ``` -------------------------------- ### Custom User Fields API Source: https://open.larksuite.com/document/server-docs/getting-started/server-api-list API to retrieve the custom user field configurations for a company. ```APIDOC GET /open-apis/contact/v3/custom_attrs Description: Obtains custom user field configurations for a company. ``` -------------------------------- ### Obtain tenant_access_token for custom apps Source: https://open.larksuite.com/document/server-docs/getting-started/api-access-token/app-access-token-development-guide This API is used to obtain the tenant_access_token for custom apps. It requires the App ID and App Secret of the app, which can be found on the Credentials & Basic Info page in the Developer Console. ```APIDOC POST /open-apis/auth/v3/tenant_access_token/internal - Description: Obtains the tenant_access_token for custom apps. - Request Body: - app_id (string): The App ID of the app. - app_secret (string): The App Secret of the app. - Returns: - tenant_access_token (string): The tenant access token. - expire (int): Expiration time of the token (in seconds). - Example: ```json { "app_id": "cli_xxxxxxxxxxxx", "app_secret": "xxxxxxxxxxxxxxxxx" } ``` ``` -------------------------------- ### Obtain app_access_token for store apps Source: https://open.larksuite.com/document/server-docs/getting-started/api-access-token/app-access-token-development-guide This API is used to obtain the app_access_token for store apps. It requires the App ID, App Secret, and app_ticket. The app_ticket is obtained through event subscriptions or the resend API. ```APIDOC POST /open-apis/auth/v3/app_access_token - Description: Obtains the app_access_token for store apps. - Request Body: - app_id (string): The App ID of the app. - app_secret (string): The App Secret of the app. - app_ticket (string): The app_ticket obtained from event subscription. - Returns: - app_access_token (string): The app access token. - expire (int): Expiration time of the token (in seconds). - Example: ```json { "app_id": "cli_xxxxxxxxxxxx", "app_secret": "xxxxxxxxxxxxxxxxx", "app_ticket": "xxxxxxxxxxxxxxxxx" } ``` ``` -------------------------------- ### Lark Open Platform User Identifiers: user_id, open_id, union_id Source: https://open.larksuite.com/document/server-docs/getting-started/terminology Describes the `user_id`, `open_id`, and `union_id` parameters used for identifying users within the Lark Open Platform. These IDs cater to different development scenarios based on the need for data association between apps and organizations. ```APIDOC user_id: - Description: User identifier suitable when data association between apps is needed, and the apps may be developed by different organizations, but the users of the apps belong to the same organization. - Type: String open_id: - Description: User identifier suitable when data association between different apps is not required. - Type: String union_id: - Description: User identifier suitable when data association between apps is needed, and the developers belong to the same organization. - Type: String ``` -------------------------------- ### Larksuite Server API - IP Allowlist Configuration Source: https://open.larksuite.com/document/server-docs/getting-started/ip-allowlist This section details how to configure an IP allowlist for Lark server APIs to enhance security. It explains the process, restrictions, and the immediate effect of these configurations. Requests from IPs not on the allowlist will be rejected with a specific error code. ```APIDOC APIDOC: Set IP allowlist: Description: Allows developers to specify IP addresses permitted to access Lark server APIs, enhancing security by rejecting requests from unlisted IPs. Error Code for Rejection: 99991401 Notes: - Does not affect access_token related interfaces. - Takes effect immediately after configuration. - Multiple IP addresses can be configured. - Functionality is disabled by default and requires manual configuration. Restrictions: - Only IPv4 public IP addresses are supported; IPv6 or IP segments are not allowed. - Example of invalid configuration: '172.170.0.0' (IP segment). Procedure: - Refer to the Lark documentation for the step-by-step procedure to configure the IP allowlist. ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.