For more information, please visit open platform
Lark uses permissions to control app feature and determine if an app can call a particular API and get or update certain fields. A permission has three properties: field, API and event.
- •Field: The field an app has permission to access. If the "Obtain user email address" permission is enabled, the app can access the email address field.
- •API: Permission must be enabled to invoke certain APIs. To invoke the "Send message" API, the "Send messages as an app" permission must be enabled.
- •Event: Permission is also required to subscribe to certain events and obtain the corresponding field. For example, if you want to "Obtain private messages sent from a user to a bot", you will have to subscribe to the "Receive messages" event.
Different permissions are available for different types of apps. Some permissions apply to both custom apps and public apps, while others only apply to custom apps.
I. Enabling permissions
Administrators can apply for app permissions in Lark Developer. On the app details page, click Permissions in the menu on the left and then enable the permissions needed for the app. The permissions will only go into effect after the next version of the app has been submitted and approved.
II. Basic permissions
Basic permissions are lower risk and can be enabled by developers as needed. The following basic permissions are provided:
Permission Name | Fields | API | Event | Available for | Notes |
Obtain basic user information | name, avatar, description | - | Custom apps Public apps | User name, profile picture, and description | |
Obtain department information | id, name, chat_id, status | - | Custom apps Public apps | ||
Send messages as an app | - | - | Custom apps Public apps | Can only be enabled if bot feature is enabled | |
Obtain private messages sent from a user to a bot | - | - | Custom apps Public apps | Can only be enabled if bot feature is enabled | |
Obtain user messages @ a bot in a group chat | - | - | Custom apps Public apps | Can only be enabled if bot feature is enabled | |
Verify if a user is an app administrator | - | Verify application administrator | - | Custom apps Public apps | Finds out if a user has permission to manage an app |
III. Advanced permissions
- •Advanced permissions requested by custom apps are reviewed by organization administrators after the app has been submitted for review.
- •The advanced permissions requested by public apps are highlighted on the app page in the Lark App Directory. Organization administrators will consider the permissions required when assessing whether to use the app.
Only request permissions that your app needs to function properly. Otherwise, the organization administrator (for custom apps)/the platform operator (for public apps) may reject your app or decide not to use it.
User
Permission Name | Fields | API | Available for | Notes |
Obtain user’s email | email | Custom apps Public apps | ||
Obtain user’s mobile number | mobile | Custom apps | ||
Obtain user’s user ID | user_id or employee_id | Custom apps | ||
Obtain user’s ID using an email address or mobile number | open_id, user_id | Custom apps Public apps | ||
Operate a cloud doc as a user | - | Custom apps Public apps | ||
Obtain user’s unified ID | union_id | Custom apps Public apps |
Messages
Permission Name | Fields | API | Available for | Notes |
Send messages to multiple users | - | Custom apps Public apps | ||
Send messages to users in one or multiple departments | - | Custom apps Public apps |
Group chat
Permission Name | Fields | API | Available for | Notes |
Obtain group information | id, chatType, userType, avatarUrls, name, i18nNames | Custom apps Public apps |
Contacts
Permission Name | Fields | API | Event | Available for | Notes |
Obtain user’s employment information | employee_no, employee_type, status, is_tenant_manager, join_time, update_timecountry, city, work_station, custom_attrs | - | Custom apps Public apps | Obtains a user’s work information | |
Obtain user’s gender | gender | - | Custom apps Public apps | ||
Obtain user’s management information | departments, leader_open_id | - | Custom apps Public apps | Obtains the user’s department and supervisor | |
Obtain role | role_list, id(role), name(role) | - | Custom apps Public apps | ||
Obtain department management information | parent_id, leader_open_id, sub-department information, department user information, and custom user properties | - | Custom apps Public apps | Gets department management information, including sub-departments, the department manager, department members, and custom properties. Permission to access user information is required to get department user details | |
Update contacts | - | - | Custom apps | ||
Access Contacts as an app | - | Events - Contacts updates | Custom apps Public apps | The app must have permission to access Contacts | |
Search users | - | - | Custom apps Public apps |
Manage apps
Lark Suite