DingTalk Messaging Skill
Use this skill to run DingTalk messaging operations through uxc + OpenAPI.
Reuse the uxc skill for shared execution, auth, and error-handling guidance.
Prerequisites
uxcis installed and available inPATH.- Network access to
https://api.dingtalk.com/v1.0. - Access to the curated OpenAPI schema URL:
https://raw.githubusercontent.com/holon-run/uxc/main/skills/dingtalk-openapi-skill/references/dingtalk-messaging.openapi.json
- A DingTalk internal app or app suite with bot messaging permissions enabled.
- A DingTalk app
appKey+appSecret, or a currentaccessTokenif you are using the manual fallback path. - Robot code, conversation identifiers, and user identifiers for the target send flows.
Scope
This skill covers a narrow IM-focused request/response surface:
- one-to-one bot sends
- group bot sends
- service group sends
- minimal user lookup by
unionId
This skill does not cover:
- approval, attendance, admin, or broader enterprise app workflows
- old
oapi.dingtalk.comendpoints - custom robot webhook token/signature flows
- inbound callback or webhook receiver runtime
Subscribe / Stream Mode Status
DingTalk has event-delivery flows such as Stream Mode, but those flows are outside the current scope of this skill.
Current uxc subscribe status:
- this skill is validated only for request/response messaging operations
- DingTalk inbound event/message intake is not currently validated through
uxc subscribe
Treat DingTalk as a possible future subscribe target via Stream Mode rather than a currently supported IM subscribe provider.
API Surface Choice
This skill is intentionally pinned to the newer DingTalk Open Platform host:
https://api.dingtalk.com/v1.0
The older oapi.dingtalk.com surface is intentionally excluded from v1 to keep auth and schema shape consistent.
Authentication
DingTalk v1 APIs use app accessToken credentials.
Preferred setup is to store appKey + appSecret as credential fields and let uxc auth bootstrap fetch and refresh the short-lived access token automatically.
Bootstrap-managed setup:
uxc auth credential set dingtalk-app \
--auth-type bearer \
--field app_key=env:DINGTALK_APP_KEY \
--field app_secret=env:DINGTALK_APP_SECRET
uxc auth bootstrap set dingtalk-app \
--token-endpoint https://api.dingtalk.com/v1.0/oauth2/accessToken \
--header 'Content-Type=application/json' \
--request-json '{"appKey":"{{field:app_key}}","appSecret":"{{field:app_secret}}"}' \
--access-token-pointer /accessToken \
--expires-in-pointer /expireIn
uxc auth binding add \
--id dingtalk-app \
--host api.dingtalk.com \
--path-prefix /v1.0 \
--scheme https \
--credential dingtalk-app \
--priority 100
Manual fallback if you already have an app access token:
curl -sS https://api.dingtalk.com/v1.0/oauth2/accessToken \
-H 'Content-Type: application/json' \
-d '{"appKey":"dingxxxx","appSecret":"xxxx"}'
Configure one bearer credential and bind it to the DingTalk API host:
uxc auth credential set dingtalk-app \
--auth-type bearer \
--secret-env DINGTALK_ACCESS_TOKEN
uxc auth binding add \
--id dingtalk-app \
--host api.dingtalk.com \
--path-prefix /v1.0 \
--scheme https \
--credential dingtalk-app \
--priority 100
Validate the active mapping when auth looks wrong:
uxc auth binding match https://api.dingtalk.com/v1.0
Core Workflow
-
Use the fixed link command by default:
command -v dingtalk-openapi-cli- If missing, create it:
uxc link dingtalk-openapi-cli https://api.dingtalk.com/v1.0 --schema-url https://raw.githubusercontent.com/holon-run/uxc/main/skills/dingtalk-openapi-skill/references/dingtalk-messaging.openapi.json dingtalk-openapi-cli -h
-
Inspect operation schema first:
dingtalk-openapi-cli get:/contact/users/{unionId} -hdingtalk-openapi-cli post:/robot/oToMessages/batchSend -hdingtalk-openapi-cli post:/robot/groupMessages/send -h
-
Prefer read/setup validation before writes:
dingtalk-openapi-cli get:/contact/users/{unionId} unionId=$DINGTALK_UNION_IDdingtalk-openapi-cli post:/robot/oToMessages/batchSend -hdingtalk-openapi-cli post:/serviceGroup/messages/send -h
-
Execute with key/value or positional JSON:
- key/value:
dingtalk-openapi-cli get:/contact/users/{unionId} unionId=$DINGTALK_UNION_ID language=zh_CN - positional JSON:
dingtalk-openapi-cli post:/robot/groupMessages/send '{"openConversationId":"cidxxxx","robotCode":"dingxxxx","msgKey":"sampleText","msgParam":"{\"content\":\"Hello from UXC\"}"}'
- key/value:
Operation Groups
User Lookup
get:/contact/users/{unionId}
Messaging
post:/robot/oToMessages/batchSendpost:/robot/groupMessages/sendpost:/serviceGroup/messages/send
Guardrails
- Keep automation on the JSON output envelope; do not use
--text. - Parse stable fields first:
ok,kind,protocol,data,error. - Prefer
uxc auth bootstrapover manual token management. ManualaccessTokensetup is still supported as a fallback. - All three send operations are high-risk writes. Require explicit user confirmation before execution.
- DingTalk
msgParamis a JSON-encoded string payload, not a nested JSON object. Build and validate that string carefully before sending. robotCode,openConversationId,coolAppCode, and target identifiers are all provider-specific routing fields. Missing any of them generally means the send will fail even if auth is valid.- This v1 wrapper does not include custom robot webhook token/sign flows; use app-based APIs only.
dingtalk-openapi-cli <operation> ...is equivalent touxc https://api.dingtalk.com/v1.0 --schema-url <dingtalk_openapi_schema> <operation> ....
References
- Usage patterns:
references/usage-patterns.md - Curated OpenAPI schema:
references/dingtalk-messaging.openapi.json - DingTalk developer docs: https://open.dingtalk.com/document/