docs/usage/channels/feishu.mdx
By connecting a Feishu channel to your LobeHub agent, team members can interact with the AI assistant directly in Feishu private chats and group conversations.
If you are using the international version (Lark), please refer to the Lark setup guide.
Visit open.feishu.cn/app and sign in with your account.
Click Create Enterprise App. Fill in the app name (e.g., "LobeHub 助手"), description, and icon, then submit the form.
Go to Credentials & Basic Info and copy:
cli_xxx)Important: Keep your App Secret confidential. Never share it publicly.
</Steps>
In your app settings, go to Permissions & Scopes, click Batch Import, and paste the JSON below to grant the bot all necessary permissions.
{
"scopes": {
"tenant": [
"aily:file:read",
"aily:file:write",
"application:application.app_message_stats.overview:readonly",
"application:application:self_manage",
"application:bot.menu:write",
"cardkit:card:read",
"cardkit:card:write",
"contact:user.employee_id:readonly",
"corehr:file:download",
"event:ip_list",
"im:chat.access_event.bot_p2p_chat:read",
"im:chat.members:bot_access",
"im:message",
"im:message.group_at_msg:readonly",
"im:message.p2p_msg:readonly",
"im:message:readonly",
"im:message:send_as_bot",
"im:resource"
],
"user": [
"aily:file:read",
"aily:file:write",
"im:chat.access_event.bot_p2p_chat:read"
]
}
}
Go to App Capability → Bot. Toggle the bot capability on and set your preferred bot name.
</Steps>
In LobeHub, navigate to your agent's settings, then select the Channels tab. Click 飞书 (Feishu) from the platform list.
Enter the following fields:
You don't need to fill in Verification Token or Encrypt Key at this point — you can set them up after configuring the Event Subscription in Step 4.
Click Save Configuration. After saving, an Event Subscription URL will be displayed. Copy this URL — you will need it in the next step.
</Steps>
Go back to your app in the Feishu Developer Portal. Navigate to Event Subscription.
Paste the Event Subscription URL you copied from LobeHub into the Request URL field. The platform will verify the endpoint automatically.
Add the following event:
im.message.receive_v1 — Triggered when a message is receivedThis allows your app to receive messages and forward them to LobeHub.
After configuring Event Subscription, you can find the Verification Token and Encrypt Key at the top of the Event Subscription page under Encryption Strategy.
Go back to LobeHub's channel settings and fill in:
Click Save Configuration again to apply.
</Steps>
In your app settings, go to Version Management & Release. Create a new version with release notes.
Submit the version for review and publish. For enterprise self-managed apps, approval is typically automatic. </Steps>
Back in LobeHub's channel settings, click Test Connection to verify the credentials. Then find your bot in Feishu by searching its name and send it a message to confirm it responds.
One optional field under Advanced Settings carries a lot of weight in day-to-day use — fill it in once and most surprises go away.
This is your own Feishu open_id (the per-app, per-user identifier — not the same as your Feishu mobile number or email), used by:
/approve <code> is the owner's command and the runtime checks the sender against this ID.To get it: DM the bot once and inspect the inbound event payload — the open_id field on the sender is yours. The Feishu Developer Portal also exposes a User ID lookup that maps mobile/email to open_id. Paste it into Your Platform User ID in LobeHub's Advanced Settings.
Feishu doesn't expose a single "default server" concept that AI tools can pivot on (the bot operates per-tenant via credentials), so the Default Server field is not exposed for Feishu channels.
Two independent policies gate inbound traffic. Both default to Open.
A populated Allowed User IDs field is a global gate — DMs and group @mentions are restricted to listed Feishu open_id values. Empty means "no user-level filter". Read the open_id from the event payload, or copy the User ID displayed in the Feishu Developer Portal.
Open only when the list is empty: Allowlist then fails closed (no DMs).Allowlist, but a non-listed sender receives a one-time pairing code instead of a flat rejection. Approve via /approve <code> and the applicant is auto-appended to Allowed User IDs. Requires Your Platform User ID to be set (the runtime checks the /approve sender against it) and a configured Redis backend.@mentions.Controls which Feishu chat groups the bot will respond in.
@mentions in any chat group the bot has been added to.chat_id is listed in Allowed Channel IDs (read it from the event payload).See the Channels overview for cross-platform details.
| Field | Required | Description |
|---|---|---|
| App ID | Yes | Your Feishu app's App ID (cli_xxx) |
| App Secret | Yes | Your Feishu app's App Secret |
| Verification Token | No | Verifies webhook event source (recommended) |
| Encrypt Key | No | Decrypts encrypted event payloads |
| Event Subscription URL | — | Auto-generated after saving; paste into Feishu Developer Portal |
| Allowed User IDs | No | Comma- or whitespace-separated Feishu open_id values. Global gate — applies to DMs and group @mentions |
| DM Policy | No | open (default), allowlist, pairing, or disabled — who is allowed to DM the bot |
| Group Policy | No | open (default), allowlist, or disabled — where the bot responds to @mentions |
| Allowed Channel IDs | No | Comma- or whitespace-separated Feishu chat_id values. Used when Group Policy is Allowlist |
im.message.receive_v1 event is subscribed.Disabled, switch to Open or Allowlist. If it is Allowlist, confirm the sender's open_id is listed in Allowed User IDs.