Use the put method to upload a local file to OSS as an object.
Prerequisites
Before you begin, ensure that you have:
An OSS bucket
The
oss:PutObjectpermission granted to your RAM user or RAM role via a RAM policy or bucket policy(Conditional) The
oss:PutObjectTaggingpermission, if you upload with thex-oss-taggingheader(Conditional) The
kms:GenerateDataKeyandkms:Decryptpermissions, if the object metadata includesX-Oss-Server-Side-Encryption: KMS
Alibaba Cloud accounts have full permissions by default. RAM users and RAM roles have no permissions by default.
Usage notes
If an object with the same key already exists in the bucket,
putoverwrites it. Setx-oss-forbid-overwritetotrueto prevent this.The object key cannot include the bucket name.
If the local file path has no directory component, OSS uploads the file from the directory where the project runs.
Permissions
| API | Action | When required |
|---|---|---|
| PutObject | oss:PutObject | Always |
| PutObject | oss:PutObjectTagging | When uploading with x-oss-tagging |
| PutObject | kms:GenerateDataKey, kms:Decrypt | When X-Oss-Server-Side-Encryption: KMS is set |
Sample code
The following example uploads D:\localpath\examplefile.txt to examplebucket as an object named exampleobject.txt. Required parameters are marked /* Required */. The optional headers show available customization — remove any that don't apply.
Set OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET as environment variables before running the code.
const OSS = require('ali-oss');
const path = require('path');
// Initialize the OSS client.
// Store your AccessKey ID and AccessKey secret in environment variables
// to avoid hardcoding credentials in source code.
const client = new OSS({
region: 'yourregion', /* Required — e.g., oss-cn-hangzhou */
accessKeyId: process.env.OSS_ACCESS_KEY_ID, /* Required */
accessKeySecret: process.env.OSS_ACCESS_KEY_SECRET, /* Required */
authorizationV4: true,
bucket: 'examplebucket', /* Required */
});
// Optional headers — remove any that do not apply to your use case.
const headers = {
// Storage class of the object.
'x-oss-storage-class': 'Standard',
// Object ACL. Defaults to inheriting the bucket ACL if omitted.
'x-oss-object-acl': 'private',
// Serve the object as a downloadable attachment when accessed by URL.
'Content-Disposition': 'attachment; filename="example.txt"',
// Object tags. Requires the oss:PutObjectTagging permission.
'x-oss-tagging': 'Tag1=1&Tag2=2',
// Prevent overwriting an existing object with the same key.
'x-oss-forbid-overwrite': 'true',
};
async function put() {
try {
// First argument: object key (cannot contain the bucket name).
// Second argument: local file path.
const result = await client.put(
'exampleobject.txt', /* Required */
path.normalize('D:\\localpath\\examplefile.txt'), /* Required */
{ headers }
);
console.log(result);
} catch (e) {
console.log(e);
}
}
put();Replace the following placeholders before running the code:
| Placeholder | Description | Example |
|---|---|---|
yourregion | Region where the bucket is located | oss-cn-hangzhou |
examplebucket | Name of your bucket | my-bucket |
exampleobject.txt | Object key to use in OSS | uploads/report.txt |
D:\\localpath\\examplefile.txt | Full path of the local file to upload | C:\\Users\\me\\report.txt |
Optional headers
| Header | Description |
|---|---|
x-oss-storage-class | Storage class of the uploaded object. |
x-oss-object-acl | Access control for the object. Defaults to inheriting the bucket ACL. |
Content-Disposition | Controls how browsers handle the object when accessed by URL. Use attachment to force a download. |
x-oss-tagging | Object tags in URL-encoded key-value pairs, such as Tag1=1&Tag2=2. Requires the oss:PutObjectTagging permission. |
x-oss-forbid-overwrite | Set to true to prevent overwriting an existing object with the same key. |
FAQ
How do I get an HTTPS URL for the uploaded object?
Add secure: true to the client configuration:
const client = new OSS({
region: 'yourregion',
accessKeyId: process.env.OSS_ACCESS_KEY_ID,
accessKeySecret: process.env.OSS_ACCESS_KEY_SECRET,
authorizationV4: true,
bucket: 'examplebucket',
secure: true, // Forces HTTPS for generated URLs
});For all available configuration options, see Configuration items.
What's next
For more Node.js upload examples, see GitHub examples.
For the complete API reference, see PutObject.