Skip to content
API Reference
Admin /Catalog /MCP Servers
Box logo

Box

Storage

Box's official MCP server for cloud content management, file collaboration, and document operations.

Provides full Box platform access including file and folder CRUD, content extraction (markdown and text), interactive file previews, keyword and metadata-based search, collaboration management, commenting, task listing, metadata template discovery, and file uploads. Supports structured metadata queries and multi-item collaboration lookups.

Box developer consoleOAuth 2.0 setup guideBox Platform docs

Install

Section titled “Install”
INSTALL

Add Box to your zone and connect it to your MCP client.

Step 1 - Start the install in Keycard Console

Section titled “Step 1 - Start the install in Keycard Console”

  1. In your zone’s Keycard Console, go to Applications -> Add Application -> Explore MCP Servers.

  2. Search for Box and click Install.

  3. The install dialog shows a Redirect URI. Copy it - you’ll paste it into Box in Step 2. Leave this Keycard tab open.

Step 2 - Create the OAuth app for Box

Section titled “Step 2 - Create the OAuth app for Box”

Box’s MCP server runs as a Custom Platform App with User Authentication (OAuth 2.0) in the Box Developer Console. Box also offers JWT-based Server Auth and Client Credentials Grant apps - those are server-to-server and do not fit the delegated, per-user model the MCP gateway needs.

Create a Custom Platform App

Section titled “Create a Custom Platform App”

  1. Open the Box Developer Console.

  2. Click Create Platform App.

  3. Choose Custom App, give it a name like Keycard - <zone-name>, and click Next.

  4. Pick User Authentication (OAuth 2.0) as the authentication method.

  5. Click Create App.

Configure redirect URI and scopes

Section titled “Configure redirect URI and scopes”

Open the new app’s Configuration tab.

  1. Under OAuth 2.0 Redirect URI, paste the redirect URI from the Keycard install dialog. Box requires HTTPS (HTTP is only allowed for localhost) and matches exactly, including trailing slash and case.

  2. Under Application Scopes, check the boxes for the operations you need:

    • Read all files and folders stored in Box (required for every MCP tool)
    • Write all files and folders stored in Box (uploads, updates, comments, tasks)
    • Manage users / Manage groups / Manage enterprise properties (only if your agents need those - the default tool surface does not require them)

  3. Leave CORS Domain empty unless your MCP client runs in a browser.

  4. Click Save Changes at the top of the page.

Get the Client ID and Client Secret

Section titled “Get the Client ID and Client Secret”

Both values live on the same Configuration tab under OAuth 2.0 Credentials. Click the eye icon next to the Client Secret to reveal it and copy both values. Treat the secret like a password even though Box does not enforce one-time-only display.

Authorize the app (Enterprise accounts only)

Section titled “Authorize the app (Enterprise accounts only)”

Personal Box accounts work as soon as a user completes the OAuth flow. Enterprise accounts almost always have “Disable unpublished apps by default” on, which blocks unauthorized custom apps from accepting user OAuth - the OAuth attempt returns a generic access-denied with no useful error.

  1. On the Authorization tab of your app, click Review and Submit. This emails your Box Admin a request to authorize the app for the enterprise.

  2. The Box Admin opens the Admin Console -> Apps -> Custom App Manager, finds the app by its Client ID, and clicks Authorize App.

  3. Once approved, users in the enterprise can complete the Keycard install and OAuth flow.

Step 3 - Finish the install in Keycard Console

Section titled “Step 3 - Finish the install in Keycard Console”

  1. Switch back to the Keycard install dialog you left open in Step 1.

  2. Paste the Client ID and Client Secret from Step 2.

  3. Click Install. Box appears on the Applications page with a Keycard MCP Gateway URL.

Step 4 - Connect your MCP client

Section titled “Step 4 - Connect your MCP client”

On the Applications page, click Add to Coding Agent next to Box and pick how you want to install:

  • Cursor - opens a deeplink that hands the MCP config straight to Cursor. Click Install inside Cursor to finish.
  • Claude Code - opens a dialog with a claude mcp add command. Pick a scope (User, Project, or Local), then copy and run the command in your terminal.
  • Install manually - reveals the Server Name and Server URL to paste into any other MCP-compatible client.

Once connected, Box’s tools are available to the agent, scoped to whoever signs in to your zone.

Tools

Section titled “Tools”
TOOLS

What Box can do once installed.

Box provides 21 tools:

create_file_comment
Create a new comment on a specific file for collaboration and feedback
create_folder
Create new folders in Box
get_file_content
Extract and return file content for files under 50MB (markdown preferred, text fallback)
get_file_details
Get comprehensive file information from Box
get_file_preview
Display an interactive preview widget for a Box file directly in chat
get_folder_details
Retrieve comprehensive information about a folder in Box
get_metadata_template_schema
Return the schema for a Box metadata template including all field keys
get_preview_page
Get the current preview page as an image for follow-up analysis of a previewed file
list_file_comments
List all comments on a specific file with pagination
list_folder_content_by_folder_id
List files, folders, and web links in a folder with pagination
list_item_collaborations
List collaborations for multiple files/folders in one request (up to 10 items)
list_metadata_templates
List Box metadata templates to discover scope and templateKey
list_tasks
List all tasks associated with a specific file
search_files_keyword
Keyword search with metadata filters, extension filtering, and field selection
search_files_metadata
Search files with SQL-like metadata queries
search_folders_by_name
Search folders by name with optional ancestor and date range filters
update_file_properties
Update file metadata: name, description, tags, and collections
update_folder_properties
Update folder metadata: name, description, tags, and collections
upload_file
Upload a new file with text content to Box
upload_file_version
Upload a new version of an existing file by full file contents
who_am_i
Return detailed information about the currently authenticated Box user

Next steps

Section titled “Next steps”
NEXT STEPS

What to do once Box is installed.

Now do this

  • Confirm the gateway works by asking your AI client to call one of the Box tools above.

Recommended

  • Decide who can use it - write access policies scoped to the Box resource so only the right users and agents reach the tools.
  • Watch the calls - every tool call lands in your audit log with user identity, resource, and policy decision.