Features
- ✅ Stream Mode (no public IP required)
- ✅ AppKey and AppSecret authentication
- ✅ Staff ID-based access control
- ✅ Simple setup and configuration
Setup
Create a DingTalk bot
- Visit DingTalk Open Platform
- Click Create Application (创建应用)
- Choose Internal Application (企业内部应用)
- Fill in application name and description
Add Robot capability
- In your application, go to Application Functions (应用功能)
- Click Add Robot (添加机器人)
- Toggle Stream Mode (长连接模式) to ON
- Save configuration
Stream Mode requires nanobot to be running to receive messages
Configure permissions
In Permissions (权限管理):Add necessary permissions:
- Send messages to users
- Receive messages from users
- Access basic user info (optional)
Get credentials
In Credentials & Basic Info (凭证与基础信息):Copy:
- AppKey (also called Client ID)
- AppSecret (also called Client Secret)
Publish the app
- Go to Version Management (版本管理)
- Create a version and submit for review
- Or publish to internal organization only
Configuration Options
Enable the DingTalk channel
AppKey (Client ID) from DingTalk Open Platform
AppSecret (Client Secret) from DingTalk Open Platform
List of DingTalk Staff IDs allowed to interact with the botExamples:
- Single user:
["123456789"] - Multiple users:
["123456789", "987654321"] - All users:
["*"](not recommended for production)
Find Staff IDs in nanobot logs when users message the bot
Stream Mode vs Webhook
Understanding connection modes
Understanding connection modes
DingTalk supports two ways to receive events:
Stream Mode — Recommended
- ✅ No public IP required
- ✅ No SSL certificate needed
- ✅ Works behind firewall/NAT
- ✅ Simpler setup
- This is what nanobot uses by default
Webhook Mode
- ❌ Requires public IP
- ❌ Requires HTTPS with valid certificate
- ❌ More complex setup
- Only use if you have specific webhook requirements
Troubleshooting
Bot doesn't respond
Bot doesn't respond
- Check Stream Mode: Verify Stream Mode is enabled in robot settings
- Check Staff ID: Ensure your Staff ID is in
allowFrom - Check permissions: Verify all required permissions are approved
- Check app status: App must be published (at least to internal org)
- Check logs: Run
nanobot gateway -vfor detailed logs
Stream connection fails
Stream connection fails
- Verify AppKey (clientId) and AppSecret (clientSecret) are correct
- Check internet connectivity
- Ensure no firewall blocks Stream Mode connections
- Try restarting gateway:
nanobot gateway - Check DingTalk Open Platform status
Permission denied errors
Permission denied errors
If you see permission errors:
- Go to DingTalk Open Platform → Your App → Permissions
- Verify all required permissions are added and approved
- Some permissions require admin approval
- Wait for approval, then restart gateway
Cannot find Staff ID
Cannot find Staff ID
To get your Staff ID:
- Temporarily set
allowFrom: ["*"] - Restart gateway
- Send a message to the bot
- Check logs — Staff ID will be displayed
- Copy the Staff ID and add it to
allowFrom - Remove
"*"and restart gateway
App not published error
App not published error
If messages aren’t received:
- Go to Version Management in DingTalk Open Platform
- Ensure app is published (even just to internal users)
- Check app status is “Active” or “Online”
- Restart gateway after publishing
Complete Example
Full configuration with all options:Related Pages
Configuration Overview
Learn about channel configuration
Security Settings
Set up access control