All Products
Search

This Product

    Object Storage Service:Initialization (Browser.js SDK)

    Document Center

    Object Storage Service:Initialization (Browser.js SDK)

    Last Updated:Dec 18, 2025

    The client for the OSS Browser.js software development kit (SDK) manages Object Storage Service (OSS) resources, such as buckets and files. To send an OSS request, you must initialize a client instance and can modify the default configurations as needed.

    Prerequisites

    The Browser.js SDK must be installed. For more information, see Installation (Browser.js SDK).

    Create a new client

    Signature V4 (Recommended)

    Use the more secure V4 signature algorithm. When you initialize a client with a V4 signature, declare authorizationV4. V4 signatures are supported in OSS Browser.js SDK V6.20.0 and later.

    The following example shows how to use a V4 signature during initialization with an OSS domain name. For other scenarios, such as initializing with a custom domain name, modify the example as needed.

    <!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <title>Document</title>
  </head>
  <body>
    <!--Import the SDK file.-->
    <script
      type="text/javascript"
      src="https://gosspublic.alicdn.com/aliyun-oss-sdk-6.20.0.min.js"
    ></script>
    <script type="text/javascript">
      const client = new OSS({
        // Set yourRegion to the region where the bucket is located. For example, if the bucket is in the China (Hangzhou) region, set yourRegion to oss-cn-hangzhou.
        region: 'yourRegion',
	authorizationV4: true,
        // The temporary AccessKey pair (AccessKey ID and AccessKey secret) obtained from Security Token Service (STS).
        accessKeyId: 'yourAccessKeyId',
        accessKeySecret: 'yourAccessKeySecret',
        // The security token obtained from STS.
        stsToken: 'yourSecurityToken',
        // Specify the bucket name. For example, examplebucket.
        bucket: "examplebucket",
      });
    </script>
  </body>
</html>

    Signature V1 (Not recommended)

    Important

    From March 1, 2025, the V1 signature algorithm of OSS is no longer available to new customers with new UIDs. From September 1, 2025, OSS no longer updates and maintains the V1 signature algorithm, and the V1 signature algorithm is no longer available for new buckets. Upgrade V1 signatures to V4 signatures at the earliest opportunity to prevent impact on your business. 

    <!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <title>Document</title>
  </head>
  <body>
    <!--Import the SDK file.-->
    <script
      type="text/javascript"
      src="https://gosspublic.alicdn.com/aliyun-oss-sdk-6.18.0.min.js"
    ></script>
    <script type="text/javascript">
      const client = new OSS({
        // Set yourRegion to the region where the bucket is located. For example, if the bucket is in the China (Hangzhou) region, set yourRegion to oss-cn-hangzhou.
        region: 'yourRegion',
        // The temporary AccessKey pair (AccessKey ID and AccessKey secret) obtained from STS.
        accessKeyId: 'yourAccessKeyId',
        accessKeySecret: 'yourAccessKeySecret',
        // The security token obtained from STS.
        stsToken: 'yourSecurityToken',
        // Specify the bucket name. For example, examplebucket.
        bucket: "examplebucket",
      });
    </script>
  </body>
</html>

    Configure the client

    You can add configuration items as needed when you initialize the client. For example, you can use timeout to specify the request timeout period and stsToken to specify a temporary access credential. For more information about the configuration items and examples supported by Browser.js, see the following sections.

    options parameter descriptions

    • accessKeyId {String}: The AccessKey ID that you obtain from the Alibaba Cloud Management Console.

    • accessKeySecret {String}: The AccessKey secret that you obtain from the Alibaba Cloud Management Console.

    • [stsToken] {String}: The Security Token Service token used for temporary authorization.

    • [refreshSTSToken] {Function}: A function that automatically sets the stsToken, accessKeyId, and accessKeySecret when the STS token expires. This function must return an object that contains the stsToken, accessKeyId, and accessKeySecret.

    • [refreshSTSTokenInterval] {number}: The Security Token Service token flush interval in milliseconds. This value must be less than the expiration period of the STS token. The default value is 300,000 milliseconds (5 minutes).

    • [bucket] {String}: The default bucket that you want to access. If the bucket does not exist, you can call the putBucket() operation to create it.

    • [endpoint] {String}: The OSS region-specific domain name. This parameter has a higher priority than the region parameter. You can set this parameter to a public endpoint, an internal same-region endpoint, or an accelerated domain name as needed. For more information, see the list of endpoints.

    • [region] {String}: The region where the bucket is located. The default value is oss-cn-hangzhou.

    • [internal] {Boolean}: Specifies whether to access OSS over the Alibaba Cloud internal network. The default value is false. If your server also runs on Alibaba Cloud, set this parameter to true to reduce data transfer costs.

    • [secure] {Boolean}: Specifies whether the OSS client uses the HTTPS (secure: true) or HTTP (secure: false) protocol.

    • [timeout] {String|Number}: The timeout period for all operations, in seconds. The default value is 60.

    • [cname] {Boolean}: Specifies whether to use a custom domain name to access OSS. The default value is false. If you set this parameter to true, you must specify the custom domain name in the endpoint field.

    • [isRequestPay] {Boolean}: Specifies whether to enable the Requester Pays feature for the bucket. The default value is false. If you set this parameter to true, the 'x-oss-request-payer': 'requester' header is sent to the OSS server.

    • [useFetch] {Boolean}: This parameter takes effect only in a browser environment. The default value is false. If you set this parameter to true, objects are uploaded using the fetch method. Otherwise, XMLHttpRequest is used.

    • [retryMax] {Number}: The maximum number of retries for a request that fails due to a network error or timeout. Retries are not supported for putStream operations.

    • [authorizationV4] {Boolean}: Specifies whether to use a V4 signature. The default value is false.

    Examples

    • Basic usage

      const OSS = require('ali-oss');

const store = new OSS({
  region: 'yourRegion',
  authorizationV4: true,
  accessKeyId: 'your access key',
  accessKeySecret: 'your access secret',
  stsToken: 'yourSecurityToken',
  bucket: 'your bucket name',
});

    • Use an accelerated endpoint

      Note

      Global Accelerator endpoint: oss-accelerate.aliyuncs.com

      Accelerated endpoint for regions outside the Chinese mainland: oss-accelerate-overseas.aliyuncs.com

      const OSS = require('ali-oss');

const store = new OSS({
  region: 'yourRegion',
  authorizationV4: true,
  accessKeyId: 'your access key',
  accessKeySecret: 'your access secret',
  stsToken: 'yourSecurityToken',
  bucket: 'your bucket name',
  endpoint: 'oss-accelerate.aliyuncs.com',
});

    • Use a custom access method

      const OSS = require('ali-oss');

const store = new OSS({
  region: 'yourRegion',
  authorizationV4: true,
  stsToken: 'yourSecurityToken',
  accessKeyId: 'your access key',
  accessKeySecret: 'your access secret',
  cname: true,
  endpoint: 'your custome domain',
});

    • Access using an STS token

      const OSS = require('ali-oss');

const store = new OSS({
  region: 'yourRegion',
  authorizationV4: true,
  accessKeyId: 'your STS key',
  accessKeySecret: 'your STS secret',
  stsToken: 'your STS token',
  refreshSTSToken: async () => {
    const info = await fetch('you sts server');
    return {
      accessKeyId: info.accessKeyId,
      accessKeySecret: info.accessKeySecret,
      stsToken: info.stsToken,
    };
  },
  refreshSTSTokenInterval: 300000,
});

    • Retry a request using a stream

      for (let i = 0; i <= store.options.retryMax; i++) {
  try {
    const result = await store.putStream('<example-object>', fs.createReadStream('<example-path>'));
    console.log(result);
    break; // break if success
  } catch (e) {
    console.log(e);
  }
}

    • Use a V4 signature and the optional additionalHeaders option

      const OSS = require('ali-oss');

const store = new OSS({
  accessKeyId: 'your access key',
  accessKeySecret: 'your access secret',
  bucket: 'your bucket name',
  region: 'oss-cn-hangzhou',
  authorizationV4: true ,
  stsToken: 'yourSecurityToken',
});

try {
  const bucketInfo = await store.getBucketInfo('your bucket name');
  console.log(bucketInfo);
} catch (e) {
  console.log(e);
}

try {
  const putObjectResult = await store.put('your bucket name', 'your object name', {
    headers: {
      // The headers of this request
      header1: 'value1',
      header2: 'value2',
    },
    // The keys of the request headers to include in the V4 signature calculation. Ensure that these additional headers are included in the request headers.
    additionalHeaders: ['additional header1', 'additional header2'],
  });
  console.log(putObjectResult);
} catch (e) {
  console.log(e);
}