Skip to main content

Authorization

Follow this guide to create a new Feishu credential that will allow Nexla to authenticate to and exchange data with your Feishu or Lark account.
feishu_api_auth.png

Feishu

Prerequisites

Nexla connects to Feishu (China region) and Lark (international region) using a custom app created in the Feishu Open Platform Developer Console. The app authenticates via its App ID and App Secret, which Nexla exchanges for a short-lived tenant_access_token (valid for approximately 2 hours, automatically refreshed) that is sent as a Bearer token on every API call.

Choose Your Region

Feishu and Lark are the same underlying platform but operate on separate, isolated infrastructure. Apps and tokens created in one region cannot be used in the other. Before creating your app, confirm which base URL applies to your organization:

  • China (Feishu): https://open.feishu.cn
  • International (Lark): https://open.larksuite.com

Create a Custom App in the Developer Console

  1. Sign in to the Developer Console for your region:

  2. Click Create App, then select Custom App (also labeled "Enterprise Custom App" in some console versions).

  3. Enter an App Name and optional App Description that clearly identifies this as the integration used by Nexla (for example, "Nexla Data Integration"). Click Confirm.

  4. On the app's main page, navigate to Credentials & Basic Info in the left sidebar. Your App ID and App Secret are displayed in the Credentials section. Copy both values—they will be entered into Nexla in the steps below.

    Protect Your App Secret

    The App Secret grants full programmatic access to your Feishu/Lark tenant using this app's permissions. Treat it like a password: do not commit it to source control or share it publicly.

Grant API Permissions

Nexla requires specific permission scopes depending on which Feishu APIs your data flows will use. Without the correct scopes, API calls will return authorization errors.

  1. In the Developer Console, navigate to Permission Management (or Permissions & Scopes) in the left sidebar.

  2. Search for and enable the scopes that correspond to the data your flows will access. Common scopes include:

    • Bitable: bitable:app (read/write Bitable records and fields)
    • Messaging: im:message (read messages), im:message:send_as_bot (send messages)
    • Contacts: contact:user.base:readonly (read user profiles), contact:user.base (read/write users)
    • Calendar: calendar:calendar (read/write calendar events)
    • Documents: docx:document (read/write Docx documents)
    • Drive: drive:drive (read Drive file statistics)
    • Approvals: approval:approval (read/write approval instances)
    • Tasks: task:task (read/write tasks)

  3. After enabling scopes, click Save (or Apply for Approval if your organization requires scope approval before use).

Publish or Enable the App

Custom apps must be enabled before their credentials are active:

  1. Navigate to App Release (or Version Management & Release) in the Developer Console sidebar.

  2. Create a version and click Apply for Online Release, or for internal enterprise apps, use Enable App to make it available to your tenant without a formal release.

For apps used solely for server-to-server API calls (such as Nexla integrations), a full public release is not required. Enabling the app for internal use within your tenant is sufficient.

Create a Feishu Credential

  • To create a new Feishu credential, after selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.

Credential Name & Description

  1. Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.

    Resource descriptions are recommended but are not required. They should be used to provide information about the resource purpose, data freshness, etc. that can help the owner and other users efficiently understand and utilize the resource.

Base URL

  1. Select the Base URL that corresponds to your organization's region from the pulldown menu:

    • China (Feishu)https://open.feishu.cn (default)
    • International (Lark)https://open.larksuite.com

    This setting determines which Feishu/Lark API infrastructure Nexla connects to. Apps and tokens are not interchangeable between regions, so the Base URL must match the region where your custom app was created.

App ID

  1. Enter the App ID of your Feishu/Lark custom app in the App ID field. The App ID is a string beginning with cli_ that uniquely identifies your application. It can be found on the Credentials & Basic Info page of your app in the Developer Console.

App Secret

  1. Enter the App Secret of your Feishu/Lark custom app in the App Secret field. The App Secret is found alongside the App ID on the Credentials & Basic Info page in the Developer Console.

    warning

    The App Secret is displayed only once when the app is created. If you have lost it, you can regenerate it from the Developer Console under Credentials & Basic Info — but regenerating invalidates the previous secret and will break any existing integrations using the old value.

Save the Credential

  1. Once all of the relevant steps in the above sections have been completed, click the Save button at the bottom of the overlay to save the configured credential.

  2. The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation and can be selected for use with a new data source or destination.