All Products
Search

This Product

    Data Transmission Service:Tutorial: Connect Lark to a DTS RAGFlow knowledge base

    Document Center

    Data Transmission Service:Tutorial: Connect Lark to a DTS RAGFlow knowledge base

    Last Updated:Mar 28, 2026

    Use the KBSync tool to sync content from Lark — including Lark Docs, workbooks, Bitable, and knowledge bases — into a Data Transmission Service (DTS) RAGFlow knowledge base, making your Lark content searchable through RAGFlow.

    Prerequisites

    Before you begin, make sure you have:

    Choose an access method

    KBSync connects to Lark using one of two credential types. Choose based on your sync pattern:

    MethodPermission typeProsCons
    tenant_access_token (recommended)Application identitySupports resumable transfers. For a single folder or knowledge base, configure once and reuse.Requires extra steps to grant Cloud Drive and knowledge base permissions.
    user_access_tokenUser identityFewer setup steps — has access to all folders with no extra permission grants needed.Must get a new authorization code each time KBSync runs. The code expires and cannot be reused.

    Which method should I use? Use tenant_access_token for recurring or automated syncs — you configure permissions once and reuse the credentials indefinitely. Use user_access_token for one-time or ad hoc syncs where setup simplicity matters more than reusability.

    Step 1: Create a Lark application

    Create a custom application in the Lark Open Platform to get the App ID and App Secret that KBSync needs to authenticate with Lark.

    For more information about Lark platform operations, see the Lark Help Center and Lark Developer Documentation.

    1. Log in to the Lark Open Platform and go to the Developer Console.

    2. Click Create Custom App, fill in Name and App Description, and then click Create.

    3. Click the application card to open it. The Basic Information > Credentials & Basic Info page appears by default.

    4. In the App Credentials section, record the App ID and App Secret. You will need these values when configuring KBSync.

    Step 2: Configure access permissions

    The configuration steps differ depending on which access method you chose.

    Use tenant_access_token (recommended)

    Add a bot and publish the application

    KBSync uses a bot to access Lark data on behalf of the application. You must add a bot and publish the application to activate it before you can configure permissions.

    1. Log in to the Lark Open Platform and open the application you created.

    2. In the left navigation pane, choose App Features > Add App Features.

    3. On the Add By Feature tab, find the Bot card and click Add.

    4. At the top of the page, click Create Version.

      Alternatively, choose App Release > Version Management & Release in the left navigation pane, and then click Create Version.

    5. On the Version Details page, enter App Version and Update Notes, then click Save.

      Keep the default Bot value for Default Feature On Mobile and Default Feature On Desktop.

    6. In the confirmation dialog, click Confirm Release.

    Configure API permissions

    Grant the application the scopes it needs to read Lark Docs and knowledge bases. Without these scopes, KBSync cannot export or access your content.

    1. In the left navigation pane, choose Development Configuration > Permissions & Scopes.

    2. Click Bulk Import/Export Scopes.

    3. On the Import tab, paste the following JSON into the JSON text box:

      {
  "scopes": {
    "tenant": [
      "docs:document:export",
      "drive:drive",
      "wiki:wiki"
    ],
    "user": []
  }
}

    4. Click Next, Confirm New Scopes, then click Request To Activate.

    Create a group and add the bot

    Before you can grant Cloud Drive and knowledge base access to the application, you must create a Lark group and add the application as a Group Bot.

    1. Log in to the Lark client.

    2. Create a new group.

    3. Add the application you created in Step 1 as a Group Bot in the group.

    Grant access to Cloud Drive and knowledge bases

    Because tenant_access_token uses application identity, the bot must be explicitly granted access to the specific folders and knowledge bases it will sync. This is a one-time setup per folder or knowledge base.

    Grant Cloud Drive access:

    1. In the Lark client, go to the target Cloud Drive folder.

    2. Click Share on the right side of the page.

    3. Under Invite Collaborators, enter the group that contains the bot. The default Can View permission is sufficient.

    4. Click Send.

    Grant knowledge base access:

    1. Go to the All Knowledge Bases page.

    2. Hover over the target knowledge base, then click the Knowledge Base Settings icon.

    3. Click the Member Settings tab. In the Roles & Permissions section, on the Administrator tab, click Add Administrator.

    4. Add the group that contains the bot, then click Next and Send.

    Use user_access_token

    Configure API permissions

    Grant the application the user-level scopes it needs to access Lark content on behalf of the user.

    1. Log in to the Lark Open Platform and open the application you created.

    2. In the left navigation pane, choose Development Configuration > Permissions & Scopes.

    3. Click Bulk Import/Export Scopes.

    4. On the Import tab, paste the following JSON into the JSON text box:

      {
  "scopes": {
    "tenant": [],
    "user": [
      "offline_access",
      "docs:document:export",
      "drive:drive",
      "wiki:wiki"
    ]
  }
}

    5. Click Next, Confirm New Scopes, then click Request To Activate.

    Configure the redirect URL

    The redirect URL is where Lark sends the authorization code after the user grants access. KBSync uses this code to authenticate on the user's behalf.

    1. In the left navigation pane, choose Development Configuration > Security Settings.

    2. In the Redirect URLs field, enter https://www.aliyun.com and click Add.

    3. Turn on the Refresh User_access_token switch.

      If the switch is not visible, the feature is already enabled by default.

    Get the authorization code

    The authorization code is a credential that KBSync uses to get a user_access_token. You must get a new code each time you run KBSync, as the code expires.

    1. Build the Lark authorization URL by replacing YOUR_FEISHU_CLIENT_ID with the App ID you recorded in Step 1:

      https://accounts.feishu.cn/open-apis/authen/v1/authorize?client_id=YOUR_FEISHU_CLIENT_ID&redirect_uri=https://www.aliyun.com&scope=drive:drive offline_access docs:document:export wiki:wiki

    2. Open the URL in a browser and click Authorize.

    3. After authorization, the browser redirects to https://www.aliyun.com. Copy the value of the code parameter from the redirect URL.

      Important

      The authorization code is the value of the code parameter only — do not include code=, &, or anything after &.

    Step 3: Get folder tokens and knowledge base IDs

    KBSync uses a folder token to identify which Lark Docs folder to sync, and a knowledge base ID to identify which Lark knowledge base to sync.

    Get the Lark Docs folder token:

    1. In the Lark client, navigate to the target folder.

    2. Copy the folder URL from the address bar.

    3. Extract the token: it is the string after folder/ in the URL. Do not include ? or anything that follows.

    Get the Lark knowledge base ID:

    1. Go to the All Knowledge Bases page.

    2. Hover over the target knowledge base, then click the Knowledge Base Settings icon.

    3. Copy the URL from the address bar.

    4. Extract the ID: it is the string of digits after settings/ in the URL. Do not include # or anything that follows.

    Step 4: Run KBSync

    Get the KBSync file

    Join the DingTalk group (ID: 79690034672) and contact the helpdesk to get the KBSync file.

    KBSync runs in a Linux environment that has network access to both the Lark Open Platform and RAGFlow.

    Create the config file

    1. In the Linux environment, create a file named config.

    2. Copy the following template into the file:

      whiteList=
blackList=
sinkType=RagFlow
sourceType=FeiShu
ragflowUrl=http://XX.XX.XX.XX
ragflowApiKey=Bearer RAGFlow-BmND******MDI0Mm
ragflowDatasetId=928d061******2ac120006
feishuAppId=cli_a8a******d00d
feishuAppSecret=pMp73Si******UDrWXBSOa
feishuUserAccessCode=bGzpx6******B9KFCdzdCDHG
feishuCloudSpaceDirToken=ESJm*******CRdn002cii3bnAc
feishuWikiSpaceId=7504968******8674

    3. Replace the placeholder values with your actual values. Use the parameter reference below.

    Parameter reference:

    ParameterRequiredDescriptionHow to get
    whiteListNoFolder paths in Lark Docs or document paths in knowledge bases to include. Separate multiple paths with spaces. Regular expressions are supported.From the Lark client
    blackListNoPaths to exclude. Takes priority over whiteList. Separate multiple paths with spaces. Regular expressions are supported.From the Lark client
    sinkTypeYesType of the sync destination.Set to RagFlow
    sourceTypeYesType of the sync source.Set to FeiShu
    ragflowUrlYesRAGFlow API Server address.Get the API endpoint
    ragflowApiKeyYesAPI key for the RAGFlow knowledge base.Get the API key
    ragflowDatasetIdYesID of the RAGFlow knowledge base.Get the knowledge base ID
    feishuAppIdYesApp ID of the Lark application.Recorded in Step 1
    feishuAppSecretYesApp Secret of the Lark application.Recorded in Step 1
    feishuUserAccessCodeRequired for user_access_token onlyLark authorization code. Get a new one before each run, as the code expires.Get the authorization code
    feishuCloudSpaceDirTokenOne of these two is requiredToken of the Lark Docs folder to sync. If both feishuCloudSpaceDirToken and feishuWikiSpaceId are set, only Lark Docs and their parent folder are transferred (only this parameter takes effect).Get the folder token
    feishuWikiSpaceIdOne of these two is requiredID of the Lark knowledge base to sync.Get the knowledge base ID
    Important

    Leave the value blank for any parameter you do not need — do not remove the parameter line.

    Run the program

    1. Place the KBSync binary and the config file in the same directory.

    2. Run the following command:

      ./KBSync --config config

      If KBSync starts successfully, the output looks similar to:

      INFO config whiteList=, blackList=
INFO config ragflowUrl=http://XX.XX.XX.XX/, ragflowApiKey=Bearer RAGFlow-BmND******MDI0Mm
INFO config ragflowDatasetId=928d061******2ac120006
INFO config feishuAppId=cli_a8a******d00d, feishuAppSecret=pMp73Si******UDrWXBSOa
INFO Response from https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal: 200, ...
INFO set feishu tenant access token expires in: 4340

    Appendix

    Get the API endpoint of the RAGFlow knowledge base

    1. Log in to the RAGFlow page.

    2. In the left navigation pane, click API.

    3. Copy the API Server value.

    Get the API key of the RAGFlow knowledge base

    1. Log in to the RAGFlow page.

    2. In the left navigation pane, click API.

    3. Next to RAGFlow API, click API KEY.

    4. In the API KEY dialog, click Create New Key.

    5. Click the copy icon to save the token.

    Get the ID of the RAGFlow knowledge base

    1. Log in to the RAGFlow page.

    2. On the Knowledge Base page, click the target knowledge base.

    3. In the URL of the page, copy the value after id=.