Box

Live

OAUTH 2.0

FILES & DOCUMENTS

Files & Documents

Every contract, file, and folder your team shares in Box. Box MCP gives your agent authenticated access to file storage scoped to the user who authorized it.

  • Acts as the user: Access and write actions stay tied to the Box account that authorized the agent.
  • Credentials stay vaulted: AES-256, resolved at request time, never in LLM context.
  • Scoped before every call: User permissions enforced. 90-day audit trail.
Box
agent · Acme Q3
Run
Find all customer contracts signed this quarter and list status by account.
S
box_files_search
86ms
Document agent
23 contracts found in 'Customer Agreements' folder, signed Oct-Dec. 18 fully executed, 3 pending counter-sign, 2 expired pending renewal.
Sources: 23 contracts, Customer Agreements folder
boxmcp
23 files
18:29
Message Claude...

Tools your document agent reaches for on Box, scoped per user.

CALL ANY TOOL
Search files, get metadata, list folders, create shared links, and upload documents.
box_collaboration_create
Create collaboration
Grants a user or group access to a file or folder.
Parameters
Name
Type
Required
Description
accessible_by_id
string
Required
ID of the user or group to collaborate with.
accessible_by_type
string
Required
Type: user or group.
item_id
string
Required
ID of the file or folder.
item_type
string
Required
Type of item: file or folder.
role
string
Required
Collaboration role: viewer, previewer, uploader, previewer_uploader, viewer_uploader, co-owner, or editor.
can_view_path
string
Optional
Allow user to see path to item (true/false).
expires_at
string
Optional
Expiry date in ISO 8601 format.
notify
string
Optional
Notify collaborator via email (true/false).
box_collaboration_delete
Delete collaboration
box_collaboration_get
Get collaboration
box_collaboration_update
Update collaboration
box_collection_items_list
List collection items
box_collections_list
List collections
box_comment_create
Create comment
box_comment_delete
Delete comment
box_comment_get
Get comment
box_comment_update
Update comment
box_events_list
List events
box_file_collaborations_list
List file collaborations
box_file_comments_list
List file comments
box_file_copy
File Copy
box_file_delete
Delete file
box_file_get
Get file
box_file_metadata_create
Create file metadata
box_file_metadata_delete
Delete file metadata
box_file_metadata_get
Get file metadata
box_file_metadata_list
List file metadata
box_file_representations_get
Get file representations
box_file_tasks_list
List file tasks
box_file_thumbnail_get
Get file thumbnail
box_file_update
Update file
box_file_versions_list
List file versions
box_folder_collaborations_list
List folder collaborations
box_folder_copy
Folder Copy
box_folder_create
Create folder
box_folder_delete
Delete folder
box_folder_get
Get folder

For more tools, view docs.

Build your Agent
Drop the toolkit in, point it at the user, and your document agent can use Box from the first run.
Python · LlamaIndex
import { ScalekitClient } from "@scalekit-sdk/node";
import { DynamicStructuredTool } from "@langchain/core/tools";
import { createReactAgent } from "@langchain/langgraph/prebuilt";
import { z } from "zod";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);

const { tools } = await sk.tools.listScopedTools("user_123", {
filter: { connectionNames: ["box"], toolNames: ["box_files_search", "box_file_get", "box_file_download"] },
pageSize: 100,
});

const lcTools = tools.map((t) => new DynamicStructuredTool({
name: t.tool.definition.name,
description: t.tool.definition.description,
schema: z.object({}).passthrough(),
func: async (args) => {
const { data } = await sk.tools.executeTool({
toolName: t.tool.definition.name,
identifier: "user_123",
params: args,
});
return JSON.stringify(data);
},
}));

const agent = createReactAgent({ llm, tools: lcTools });
import { ScalekitClient } from "@scalekit-sdk/node";
import OpenAI from "openai";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);
const openai = new OpenAI();

const { tools } = await sk.tools.listScopedTools("user_123", {
filter: { connectionNames: ["box"], toolNames: ["box_files_search", "box_file_get", "box_file_download"] },
pageSize: 100,
});

const llmTools = tools.map((t) => ({
type: "function",
function: {
name: t.tool.definition.name,
description: t.tool.definition.description,
parameters: t.tool.definition.input_schema,
},
}));

const resp = await openai.responses.create({
model: "gpt-4o", input: prompt, tools: llmTools,
});
import { ScalekitClient } from "@scalekit-sdk/node";
import Anthropic from "@anthropic-ai/sdk";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);
const anthropic = new Anthropic();

const { tools } = await sk.tools.listScopedTools("user_123", {
filter: { connectionNames: ["box"], toolNames: ["box_files_search", "box_file_get", "box_file_download"] },
pageSize: 100,
});

const llmTools = tools.map((t) => ({
name: t.tool.definition.name,
description: t.tool.definition.description,
input_schema: t.tool.definition.input_schema,
}));

const msg = await anthropic.messages.create({
model: "claude-sonnet-4-6", max_tokens: 1024,
tools: llmTools,
messages: [{ role: "user", content: prompt }],
});
import { Agent } from "@google/adk/agents";
import {
MCPToolset, StreamableHTTPConnectionParams,
} from "@google/adk/tools/mcp";

const toolset = new MCPToolset({
connectionParams: new StreamableHTTPConnectionParams({
url: "https://mcp.scalekit.com/box",
headers: { Authorization: `Bearer ${userScopedToken}` },
}),
});

const agent = new Agent({
name: "agent", model: "gemini-2.0-flash",
tools: await toolset.getTools(),
});
Try these prompts
Paste any prompt into your agent to start using Box.
Search & recall
Copy the prompt
Copied
Find all files matching [keyword] in Box.
Copy the prompt
Copied
List files in folder [folder name].
Copy the prompt
Copied
Get the metadata for [file name].
Copy the prompt
Copied
Show me all files shared with [email].
Action & sharing
Copy the prompt
Copied
Create a shared link for [file] with company access.
Copy the prompt
Copied
Upload [filename] to [folder].
Copy the prompt
Copied
Move [file] to [folder].
Copy the prompt
Copied
Add a comment to [file]: [text].
Folders & audits
Copy the prompt
Copied
List all subfolders in [folder].
Copy the prompt
Copied
Which files were edited this week?
Copy the prompt
Copied
Show file owners across [folder].
Copy the prompt
Copied
Find files older than 1 year in [folder].
SEE HOW AUTH WORKS
Users authorize Box once. Their credentials stay vaulted, every call is checked, and every action is logged.
1
Authorize
Your user connects
Box
once. We tie it to their identity and the meetings they approved — no shared bot account, no org-wide access
Who:
user ‘A’
when:
Once per user
access:
Limited to user
2
Store
Their
Box
token lives in a vault scoped to them. User A's meetings are never reachable by an agent acting for user B, even on the same connection
vault:
encrypted
scope:
per-user
tokens:
auto-refreshed
3
Resolve
When your agent calls a
Box
tool, we fetch the right token server-side. It never touches your agent, never appears in the LLM context, never shows up in your logs
speed:
~40ms
check:
before every call
seen by:
nobody
4
Audit
Every
Box
tool call is logged — who triggered it, which meeting was fetched, what came back. 90 days of history, tied to the user who authorized it
history:
90 days
export:
SIEM-ready
logged:
every call
Test other agents
Same per-user auth pattern across other document agents and MCP connectors. Working code, live demos, fork what fits.
SUPPORT
Support triage agent
Read Zendesk tickets, fetch runbooks from Notion, and route to the right Slack channel with a drafted response.
SUPPORT
Support ticket automation (Google ADK)
Google ADK agent that classifies Zendesk tickets, pulls Notion context, and posts to Slack. End-to-end ticket handoff.
Why Scalekit
Secure your agent's access. Connectors ship in minutes
Other connector libraries treat auth as a demo afterthought. Scalekit starts with user identity, scope enforcement, and audit.
01.
File downloads bypass folder ACLs
A shared Box service account looks fine in a demo. In production, every file download and folder search runs with admin-level access that bypasses collaboration scope and folder ACLs. Scalekit resolves the actual user's token so every Box action respects their real permissions.
// shared token
audit → bot_service_account
user_filter → broken

// scalekit
audit → user_abc
scope → enforced ✓
02.
Authentication is not authorization
03.
Multi-tenancy is architectural
04.
Box today. Google Drive, Dropbox, SharePoint tomorrow.
“Our agents act across Salesforce, Gong, Google Drive, and more, on behalf of every customer. Scalekit behind the scenes meant we can keep adding tools without ever rebuilding how credentials or tool calling work.”
Venu Madhav Kattagoni
Head of Engineering / Von
FAQs
Frequently Asked Questions
Does the agent access Box as the user or as a shared key?
As the user. Each workspace member authorizes once and Scalekit resolves their credential at request time. Audit logs attribute every action to that user, not a shared service account.
Where is the Box oauth 2.0 stored?
In Scalekit's managed AES-256 token vault, namespaced per tenant. Refresh is automatic. Revocation is a single dashboard action. Tokens never appear in prompts, logs, or LLM context.
Can I limit what the agent is allowed to do in Box?
Yes. Pass a tool name filter to listScopedTools so the document agent only sees the subset you authorize. Pre-API-call scope checks block out-of-policy actions before the request reaches Box.
What happens when a user revokes Box access?
The connection is invalidated on the next tool call. Subsequent requests for that user fail closed with a clear error. Other users in the tenant remain unaffected. The event is logged for audit.
Can the agent download files outside the user's folders?
No. File search, downloads, and shared links all run with the authorizing user's Box permissions. Collaboration scope, folder ACLs, and Box-level security policies are honored.
Start in your coding agent
Up and running in one command
Install the Scalekit skill in your editor of choice. Connector, auth, tools, prompt, all wired up
Claude Code REPL
/plugin marketplace add scalekit-inc/claude-code-authstack
/plugin install agentkit@scalekit-auth-stack
Cursor Code REPL
# ~/.cursor/mcp.json
{
""mcpServers"": {
""box"": {
""url"": ""https://mcp.scalekit.com/box"",
""headers"": { ""Authorization"": ""Bearer $SCALEKIT_TOKEN"" }
}
}
}
Codex Code REPL
# ~/.codex/config.toml
[mcp_servers.box]
url = ""https://mcp.scalekit.com/box""
auth_env = ""SCALEKIT_TOKEN""
Copilot Code REPL
# .vscode/mcp.json
{
""servers"": {
""box"": {
""url"": ""https://mcp.scalekit.com/box"",
""type"": ""http""
}
}
}