All Products
Search

This Product

    Object Storage Service:Data retention policies (Node.js SDK)

    Document Center

    Object Storage Service:Data retention policies (Node.js SDK)

    Last Updated:Nov 29, 2025

    Data retention policies for Object Storage Service (OSS) have the Write Once, Read Many (WORM) attribute. This feature helps you store and use data in a way that prevents deletion and modification. To prevent all users, including the resource owner, from modifying or deleting objects in an OSS bucket for a specific period, you can set a data retention policy for the bucket. Before the retention period expires, you can only upload and read objects in the bucket. After the retention period expires, you can modify or delete the objects.

    Note

    Before you configure retention policies, make sure that you familiarize yourself with this feature. For more information, see Retention policies.

    Create a data retention policy

    The following code creates a data retention policy.

    const OSS = require('ali-oss');

const client = new OSS({
  // Set region to the region where the bucket is located. For example, if the bucket is in the China (Hangzhou) region, set region to oss-cn-hangzhou.
  region: 'yourregion',
  // Obtain access credentials from environment variables. Before you run this code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are set.
  accessKeyId: process.env.OSS_ACCESS_KEY_ID,
  accessKeySecret: process.env.OSS_ACCESS_KEY_SECRET,  
  authorizationV4: true,
  // Set bucket to your bucket name.
  bucket: 'yourBucketName',
});
// Create a data retention policy.
async function initiateBucketWorm() {
 // Set bucket to your bucket name.
  const bucket = 'yourbucketname'
  // Specify the retention period in days.
  const days = '<Retention Days>'
    const res = await client.initiateBucketWorm(bucket, days)
  console.log(res.wormId)
}

initiateBucketWorm()

    Cancel an unlocked data retention policy

    The following code cancels an unlocked data retention policy.

    const OSS = require('ali-oss');

const client = new OSS({
  // Set region to the region where the bucket is located. For example, if the bucket is in the China (Hangzhou) region, set region to oss-cn-hangzhou.
  region: 'yourregion',
  // Obtain access credentials from environment variables. Before you run this code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are set.
  accessKeyId: process.env.OSS_ACCESS_KEY_ID,
  accessKeySecret: process.env.OSS_ACCESS_KEY_SECRET,
  authorizationV4: true,
  // Set bucket to your bucket name.
  bucket: 'yourBucketName',
});
// Cancel the data retention policy.
async function abortBucketWorm() {
  // Set bucket to your bucket name.
  const bucket = 'yourbucketname'
    try {
    await client.abortBucketWorm(bucket)
    console.log('abort success')
  } catch(err) {
        console.log('err: ', err)
    }
}

abortBucketWorm()

    Lock a data retention policy

    The following code locks a data retention policy.

    const OSS = require('ali-oss');

const client = new OSS({
  // Set region to the region where the bucket is located. For example, if the bucket is in the China (Hangzhou) region, set region to oss-cn-hangzhou.
  region: 'yourregion',
  // Obtain access credentials from environment variables. Before you run this code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are set.
  accessKeyId: process.env.OSS_ACCESS_KEY_ID,
  accessKeySecret: process.env.OSS_ACCESS_KEY_SECRET,
  authorizationV4: true,
  // Set bucket to your bucket name.
  bucket: 'yourBucketName',
});
// Lock the data retention policy.
async function completeBucketWorm() {
  // Set bucket to your bucket name.
  const bucket = 'yourbucketname'
  const wormId = 'Your Worm Id'
    try {
        await client.completeBucketWorm(bucket, wormId)
  } catch(err) {
      console.log(err)
  }
}

completeBucketWorm()

    Get a data retention policy

    The following code retrieves a data retention policy.

    const OSS = require('ali-oss');

const client = new OSS({
  // Set region to the region where the bucket is located. For example, if the bucket is in the China (Hangzhou) region, set region to oss-cn-hangzhou.
  region: 'yourregion',
  // Obtain access credentials from environment variables. Before you run this code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are set.
  accessKeyId: process.env.OSS_ACCESS_KEY_ID,
  accessKeySecret: process.env.OSS_ACCESS_KEY_SECRET,
  authorizationV4: true,
  // Set bucket to your bucket name.
  bucket: 'yourBucketName',
});
// Get the data retention policy.
async function getBucketWorm() {
  // Set bucket to your bucket name.
  const bucket = 'yourbucketname'
    try {
        const res = await client.getBucketWorm(bucket)
    // View the data retention policy ID.
    console.log(res.wormId)
    // View the status of the data retention policy. The status can be "InProgress" (unlocked) or "Locked".
    console.log(res.state)
    // View the retention period for objects.
    console.log(res.days)
  } catch(err) {
      console.log(err)
  }
}

getBucketWorm()

    Extend the retention period of objects

    The following code extends the retention period of objects in a locked data retention policy.

    const OSS = require('ali-oss');

const client = new OSS({
  // Set region to the region where the bucket is located. For example, if the bucket is in the China (Hangzhou) region, set region to oss-cn-hangzhou.
  region: 'yourregion',
  // Obtain access credentials from environment variables. Before you run this code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are set.
  accessKeyId: process.env.OSS_ACCESS_KEY_ID,
  accessKeySecret: process.env.OSS_ACCESS_KEY_SECRET,
  authorizationV4: true,
  // Set bucket to your bucket name.
  bucket: 'yourBucketName',
});
// Extend the retention period of objects in a locked data retention policy.
async function extendBucketWorm() {
  // Set bucket to your bucket name.
  const bucket = 'yourbucketname'
  const wormId = 'Your Worm Id'
  const days = 'Retention Days'
    try {
        const res = await client.extendBucketWorm(bucket, wormId, days)
    console.log(res)
  } catch(err) {
      console.log(err)
  }
}

extendBucketWorm()

    References

    • For the complete sample code for data retention policies, see GitHub examples.

    • For more information about the API operation to create a data retention policy, see InitiateBucketWorm.

    • For more information about the API operation to cancel an unlocked data retention policy, see AbortBucketWorm.

    • For more information about the API operation to lock a data retention policy, see CompleteBucketWorm.

    • For more information about the API operation to get a data retention policy, see GetBucketWorm.

    • For more information about the API operation to extend the retention period of objects, see ExtendBucketWorm.