Help Center/ Object Storage Service/ API Reference/ Object APIs/ Configuring WORM Retention for an Object

Updated on 2026-04-16 GMT+08:00

Configuring WORM Retention for an Object

Functions

This API is used to configure or update the retention period for objects uploaded to a bucket with WORM enabled.

If you did not configure a retention period or apply the default bucket-level protection rule when uploading an object, you can call this API to configure a retention period for the object.
If you already configured a retention period or applied the default bucket-level protection rule when uploading an object, you can call this API to prolong the retention period for the object.
The retention period of an object can only be modified, but not deleted.

For more information about WORM, see Configuring WORM to Protect Objects from Being Overwritten or Deleted.

Working with Other Functions

OBS automatically enables versioning when you enable WORM for a bucket. In such case, the object you uploaded to the bucket is assigned a version ID. An object-level WORM policy is applied to the current object version by default, but you can specify a version ID to make the policy applied to a specific object version. The WORM configuration does not apply to a delete marker with a unique version ID.

Before a multipart upload is complete, the default bucket-level WORM policy is not automatically applied to the object parts uploaded. Besides, you cannot configure an object-level WORM policy using a header when you upload a part or assemble the object parts, or for a part that has already been uploaded to the bucket. You can call this API to configure a WORM retention policy for the new object after the object parts are assembled.

Authorization Information

To call this API, you must be the object owner or have the permission to configure WORM retention for an object. You are advised to use IAM or bucket policies for authorization. For details about OBS authorization methods, see Differences Between OBS Permissions Control Methods.

If you use IAM for authorization, you need to use either role/policy-based authorization or identity policy-based authorization and configure the required permissions:

If you use role/policy-based authorization (IAM v3 APIs in the old IAM version), you need to grant the obs:object:PutObjectRetention permission. For details, see Creating a Custom IAM Policy.

If you use identity policy-based authorization (IAM v5 APIs in the new IAM version), you need to grant the obs:object:PutObjectRetention permission, as shown in the following table. For details, see Creating a Custom IAM Identity Policy.

Action	Access Level	Resource Type (*: Required)	Condition Key	Alias	Dependencies
obs:object:putObjectRetention	Write	object *	g:EnterpriseProjectId	-	-
-	obs:EpochTime obs:SourceIp obs:TlsVersion obs:CustomDomain

Action

Access Level

Resource Type (*: Required)

Condition Key

Alias

Dependencies

obs:object:putObjectRetention

Write

object *

g:EnterpriseProjectId

obs:EpochTime
obs:SourceIp
obs:TlsVersion
obs:CustomDomain

If you use bucket policies for authorization, you need to grant the obs:object:PutObjectRetention permission. For details, see Creating a Custom Bucket Policy.

Request Syntax

PUT /ObjectName?retention&versionId=versionid HTTP/1.1 
Host: bucketname.obs.region.myhuaweicloud.com 
Date: date
Authorization: authorization

<Retention>
    <Mode>String</Mode>
    <RetainUntilDate>Timestamp</RetainUntilDate>
</Retention>

URI Parameters

Table 1 describes the request parameters.

**Table 1** URI parameters
Parameter	Mandatory (Yes/No)	Type	Description
retention	Yes	String	Definition: Indicates that the operation is to configure or modify the retention period of an object. Constraints: None Range: None Default value: None
versionId	No	String	Definition: Object version ID The WORM policy of the specified object version is to be changed. If this parameter is not carried, the operation applies to the current object version. Constraints: None Range: The value must contain 32 characters. Default value: None. If this parameter is not configured, the latest version of the object is specified.

Request Headers

This request uses common headers. For details, see Table 3.

Request Body

**Table 2** Request body parameters
Parameter	Mandatory (Yes/No)	Type	Description
Retention	Yes	Container	Definition: Container for object-level WORM policy configuration. Retention is the parent node of Mode and RetainUntilDate. Constraints: None Range: For details, see Table 3. Default value: None

**Table 3** Retention parameters
Parameter	Mandatory (Yes/No)	Type	Description
Mode	Yes	String	Definition: Retention policy of the object. Constraints: None Range: COMPLIANCE: compliance mode Default value: None
RetainUntilDate	Yes	Long	Definition: Example: 1435728035000 Constraints: The specified time must be later than the current time and can be extended but not shortened. Range: None Default value: None

Response Syntax

HTTP/1.1 status_code
Date: date
Content-Length: length

Response Headers

This response uses common headers. For details, see Table 1.

Response Body

This response contains no elements.

Error Responses

Table 4 describes possible special errors in this request.

**Table 4** Error Responses
Error Code	Description	HTTP Status Code
InvalidRequest	The object lock is disabled for the bucket.	400
InvalidRequest	The retention period date must be later than the current or the configured date.	400
MalformedObjectLockError	Invalid policy configuration format.	400

For other errors, see Table 2.

Sample Request

PUT /objectname?retention HTTP/1.1
Host: bucketname.obs.region.myhuaweicloud.com 
Date: WED, 01 Jul 2015 02:25:05 GMT
Authorization: OBS H4IPJX0TQTHTHEBQQCEC:75/Y4Ng1izvzc1nTGxpMXTE6ynw=
Content-Type: application/xml
Content-Length: 157
<Retention>
    <Mode>COMPLIANCE</Mode>
    <RetainUntilDate>1435728035000</RetainUntilDate>
</Retention>

Sample Response

HTTP/1.1 200 OK
Server: OBS
x-obs-request-id: BF260000016435CE298386946AE4C482
x-obs-id-2: 32AAAQAAEAABSAAgAAEAABAAAQAAEAABCT9W2tcvLmMJ+plfdopaD62S0npbaRUz
Date: WED, 01 Jul 2015 02:25:06 GMT
Content-Length: 0

Helpful Links

For more information about WORM, see Configuring WORM to Protect Objects from Being Overwritten or Deleted.
For details about the billing items involved in API operations, see Billing Items.

Parent Topic: Object APIs

Previous topic: Deleting Object Tags

Next topic: Sending an OPTIONS Request to an Object - OptionsObject

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

For any further questions, feel free to contact us through the chatbot.

Chatbot