Switchy
Sign up
productivityoauth2

Box

Enterprise file storage and sharing.

Verdict

Box MCP connects your team's file storage and collaboration platform to Switchy. @mention Box to search files, add classifications, manage shared links, or check folder permissions without leaving your Space. Teams that already rely on Box for document workflows get the most value — you can triage access requests, audit sharing settings, or pull file metadata into a conversation. The OAuth flow requires admin approval if your Box instance enforces SSO or advanced security policies, so coordinate with IT before connecting.

Common use cases

  • Audit shared links across project folders
  • Add classification labels to sensitive files
  • Check who has access to a document
  • Generate shared links from chat
  • Search Box content during standup

Integration

Vendor
Box
Category
productivity
Auth
OAUTH2
Tools
50
Composio slug
box

Tools

  • Add classification to file

    Adds a classification to a file by specifying the label of the classification to add. this api can also be called by including the enterprise id in the url explicitly, for example `/files/:id//enterprise 12345/securityclassification-6vmvoch

  • Add classification to folder

    Adds a classification to a folder by specifying the label of the classification to add. this api can also be called by including the enterprise id in the url explicitly, for example `/folders/:id/enterprise 12345/securityclassification-6vmv

  • Add domain to list of allowed collaboration domains

    Creates a new entry in the list of allowed domains to allow collaboration for.

  • Add initial classifications

    When an enterprise does not yet have any classifications, this api call initializes the classification template with an initial set of classifications. if an enterprise already has a classification, the template will already exist and inste

  • Add or update user avatar

    Adds or updates a user avatar.

  • Add shared link to file

    Adds a shared link to a file.

  • Add shared link to folder

    Adds a shared link to a folder.

  • Add shared link to web link

    Adds a shared link to a web link.

  • Add user to group

    Creates a group membership. only users with admin-level permissions will be able to use this api.

  • Apply watermark to file

    Applies or update a watermark on a file.

  • Apply watermark to folder

    Applies or update a watermark on a folder.

  • Ask question

    Sends an ai request to supported llms and returns an answer specifically focused on the user's question given the provided context.

  • Assign legal hold policy

    Assign a legal hold to a file, file version, folder, or user.

  • Assign retention policy

    Assigns a retention policy to an item.

  • Assign storage policy

    Creates a storage policy assignment for an enterprise or user.

  • Assign task

    Assigns a task to a user. a task can be assigned to more than one user by creating multiple assignments.

  • Authorize user

    Authorize a user by sending them through the [box](https://box.com) website and request their permission to act on their behalf. this is the first step when authenticating a user using oauth 2.0. to request a user's authorization to use the

  • Cancel box sign request

    Cancels a sign request.

  • Change shield information barrier status

    Change status of shield information barrier with the specified id.

  • Commit upload session

    Close an upload session and create a file from the uploaded chunks. the actual endpoint url is returned by the [`create upload session`](e://post-files-upload-sessions) and [`get upload session`](e://get-files-upload-sessions-id) endpoints.

  • Copy file

    Creates a copy of a file.

  • Copy file request

    Copies an existing file request that is already present on one folder, and applies it to another folder.

  • Copy folder

    Creates a copy of a folder within a destination folder. the original folder will not be changed.

  • Create ai agent

    Creates an ai agent. at least one of the following capabilities must be provided: `ask`, `text gen`, `extract`.

  • Create box sign request

    Creates a signature request. this involves preparing a document for signing and sending the signature request to signers.

  • Create box skill cards on file

    Applies one or more box skills metadata cards to a file.

  • Create collaboration

    Adds a collaboration for a single user or a single group to a file or folder. collaborations can be created using email address, user ids, or a group ids. if a collaboration is being created with a group, access to this endpoint is dependen

  • Create comment

    Adds a comment by the user to a specific file, or as a reply to an other comment.

  • Create email alias

    Adds a new email alias to a user account..

  • Create folder

    Creates a new empty folder within the specified parent folder.

  • Create folder lock

    Creates a folder lock on a folder, preventing it from being moved and/or deleted. you must be authenticated as the owner or co-owner of the folder to use this endpoint.

  • Create group

    Creates a new group of users in an enterprise. only users with admin permissions can create new groups.

  • Create jobs to terminate user group session

    Validates the roles and permissions of the group, and creates asynchronous jobs to terminate the group's sessions. returns the status for the post request.

  • Create jobs to terminate users session

    Validates the roles and permissions of the user, and creates asynchronous jobs to terminate the user's sessions. returns the status for the post request.

  • Create legal hold policy

    Create a new legal hold policy.

  • Create metadata cascade policy

    Creates a new metadata cascade policy that applies a given metadata template to a given folder and automatically cascades it down to any files within that folder. in order for the policy to be applied a metadata instance must first be appli

  • Create metadata instance on file

    Applies an instance of a metadata template to a file. in most cases only values that are present in the metadata template will be accepted, except for the `global.properties` template which accepts any key-value pair.

  • Create metadata instance on folder

    Applies an instance of a metadata template to a folder. in most cases only values that are present in the metadata template will be accepted, except for the `global.properties` template which accepts any key-value pair. to display the metad

  • Create metadata template

    Creates a new metadata template that can be applied to files and folders.

  • Create retention policy

    Creates a retention policy.

  • Create shield information barrier

    Creates a shield information barrier to separate individuals/groups within the same firm and prevents confidential information passing between them.

  • Create shield information barrier report

    Creates a shield information barrier report for a given barrier.

  • Create shield information barrier segment

    Creates a shield information barrier segment.

  • Create shield information barrier segment member

    Creates a new shield information barrier segment member.

  • Create shield information barrier segment restriction

    Creates a shield information barrier segment restriction object.

  • Create slack integration mapping

    Creates a [slack integration mapping](https://support.box.com/hc/en-us/articles/4415585987859-box-as-the-content-layer-for-slack) by mapping a slack channel to a box item. you need admin or co-admin role to use this endpoint.

  • Create task

    Creates a single task on a file. this task is not assigned to any user and will need to be assigned separately.

  • Create teams integration mapping

    Creates a [teams integration mapping](https://support.box.com/hc/en-us/articles/360044681474-using-box-for-teams) by mapping a teams channel to a box item. you need admin or co-admin role to use this endpoint.

  • Create terms of service

    Creates a terms of service for a given enterprise and type of user.

  • Create terms of service status for new user

    Sets the status for a terms of service for a user.

Setup

Setup guide

  1. 11. Open your Switchy workspace settings and navigate to the Integrations tab. 2. Search for Box in the MCP directory and click Connect. 3. You'll be redirected to Box's OAuth consent screen — sign in with your Box account and grant the requested scopes (typically 'Manage files', 'Manage folders', 'Manage enterprise properties'). 4. If your organization uses SSO or requires admin approval for new apps, coordinate with your IT team before this step. 5. Once authorized, Switchy redirects you back and confirms the connection. 6. Open any Space and type '@Box list files in folder [folder_id]' to test — Box should return a file list. 7. If you see an error about missing permissions, revisit the OAuth consent screen and ensure all scopes were granted.

What teammates see: by default, memories from Box are scoped to the Space (PROJECT visibility) - you can mark any memory PRIVATE or share it ORG-wide.

Works well with

Top models

Compatibility data appears once enough Spaces have used this MCP together with a given model.

How Switchy teams use it

Not enough Spaces yet to publish anonymised usage stats (we require ≥ 50 Spaces per week).

Starter prompts

Audit Folder Sharing

@Box list all shared links in folder 123456789 and show me which ones are publicly accessible
Open in a Space →

Classify Sensitive Files

@Box add the 'Confidential' classification to file 987654321 so it meets our data governance policy
Open in a Space →

Generate Shareable Link

@Box create a shared link for folder 111222333 with view-only access and send me the URL
Open in a Space →

Check File Permissions

@Box show me all collaborators on file 555666777 and their permission levels
Open in a Space →

Search Recent Uploads

@Box search for files uploaded in the past 7 days that contain 'Q4 budget' in the name
Open in a Space →

Example outputs

Illustrative - representative of the model's voice and quality, not literal recordings.

Prompt

@Box search for all files in the 'Q1 Planning' folder that were modified in the last 7 days and show me their names and owners

Output

Found 8 files modified in the last 7 days within 'Q1 Planning': • Budget_Draft_v3.xlsx (owner: sarah.chen@company.com, modified 2 days ago) • Marketing_Strategy.pptx (owner: james.park@company.com, modified 3 days ago) • Product_Roadmap_Q1.pdf (owner: maria.lopez@company.com, modified 5 days ago) • Team_Allocations.docx (owner: sarah.chen@company.com, modified 6 days ago) • Vendor_Contracts_Review.pdf (owner: james.park@company.com, modified 7 days ago) ...and 3 more files. This example shows typical metadata returned from Box's search API, though actual results depend on your folder structure and permissions.

Notes

This demonstrates Box's search and metadata retrieval capabilities. The user making the request must have at least Viewer permissions on the target folder. Box's search can be slow on large enterprise accounts with millions of files, and results are limited by your account's search index refresh rate (typically 15-30 minutes for new content).

Prompt

@Box create a shared link for the file 'Q4_Results_Final.pdf' with password protection and set it to expire in 14 days

Output

Created a password-protected shared link for 'Q4_Results_Final.pdf': Link: https://company.box.com/s/a8k3m9x2p7q4r1t5 Password: [set as requested] Expires: March 15, 2024 Access level: People with the link can view and download The link is now active. Anyone with the URL and password can access the file until expiration. This example illustrates Box's shared link creation response—actual URLs and security settings depend on your enterprise's sharing policies.

Notes

This showcases Box's sharing and access control tools. The user must have Editor or Co-owner permissions on the file to create shared links. Be aware that creating shared links is a write operation with compliance implications—some enterprises disable external sharing entirely, and audit logs will record who created the link. Always verify your org's data sharing policies before automating link creation.

Prompt

@Box list all files in the 'Legal Contracts' folder that don't have a classification label yet, then summarize which ones likely need 'Confidential' classification based on their names

Output

Found 12 unclassified files in 'Legal Contracts': Likely need 'Confidential' classification (7 files): • NDA_Acme_Corp_2024.pdf • Employment_Agreement_Template.docx • Merger_Discussion_Notes.pdf • IP_Assignment_Agreement.pdf • Executive_Compensation_Plan.xlsx • Non_Compete_Agreement_Draft.docx • Board_Resolution_Confidential.pdf Likely public/internal (5 files): • Vendor_Contact_List.xlsx • Meeting_Room_Booking.pdf • Office_Supplies_Invoice.pdf This analysis is based on filename patterns—actual classification should follow your organization's data governance policies.

Notes

This example combines Box's metadata retrieval with AI reasoning to identify classification gaps. It requires Enterprise Plus licensing for Box's classification features and assumes your admin has already set up classification templates. The AI's suggestions are heuristic—human review is essential before applying classifications, as misclassification can trigger incorrect DLP rules or access restrictions.

Use-case deep-dives

Client portal file sharing

When Box beats Dropbox for external collaboration

A 6-person consulting firm shares deliverables with clients who refuse to install yet another app. Box's shared link tools let you generate time-limited, password-protected URLs for files and folders without forcing recipients into an account. The OAuth2 flow means your team can automate link creation from Slack or a CRM without storing API keys in plaintext. The classification tools matter if you're in legal or finance and need to tag files as "confidential" before sharing. If your clients are technical and already live in GitHub or Notion, this is overkill—just use those native share features. But if you're sending contracts or pitch decks to non-technical stakeholders who check email and nothing else, Box's link controls are the fastest path to compliant sharing.

Compliance tagging at scale

Box classification for regulated file workflows

A 12-person healthcare startup stores patient intake forms in Box and needs every file tagged with a sensitivity label before it hits the shared drive. The classification MCP lets you script the tagging step into your intake workflow—when a form uploads, a Zapier hook calls Switchy, Switchy calls Box, and the file gets marked "PHI" before anyone manually touches it. The 50-tool surface means you can also manage folder permissions and collaboration domains in the same automation. This setup only makes sense if you're already paying for Box's enterprise tier with classification enabled. If you're on a basic plan or your compliance needs are lighter, a naming convention and a weekly audit script will close the gap for a year or two.

Avatar sync for distributed team

When to automate Box profile updates

A 20-person remote agency uses Box for client file storage and wants employee avatars to stay current across Box, Slack, and their intranet. The Box MCP's avatar tool lets you write a nightly sync that pulls headshots from your HR system and pushes them to Box profiles. This is a narrow win—most teams don't care if Box avatars are stale because they're not collaborating inside Box's UI. The scenario where this matters: your clients log into Box shared folders and need to recognize who uploaded what file by face, not just name. If your team rarely shares folders with external users, or if your clients never actually open Box (they just download links), skip the avatar automation and spend the engineering time elsewhere.

Frequently asked

What does the Box MCP let me do in Switchy?

It connects your Box account so AI agents can read, write, and manage files, folders, and metadata directly. You can classify documents, share links, set permissions, and handle collaboration workflows without leaving Switchy. The MCP exposes 50 tools covering file operations, user management, and enterprise governance features like allowed collaboration domains.

Which OAuth scopes does the Box MCP request?

Box uses OAuth2 for authentication. The exact scopes depend on which tools you enable, but typical grants include read/write access to files and folders, user profile data, and enterprise admin functions like classification templates. You'll authorize these during the initial connection flow. If your team restricts Box app permissions, check with your IT admin before connecting.

Can the Box MCP create new folders and upload files?

Yes. The MCP includes tools for creating folders, uploading files, and organizing content hierarchies. It can also add metadata classifications, set retention policies, and manage shared links. If you need to bulk-migrate files or run complex folder structures, the MCP handles those operations programmatically through Switchy's agent workflows.

How does this compare to using Box's web UI or API directly?

The MCP wraps Box's REST API into natural-language tools your AI agents can call. You skip writing custom API scripts or clicking through the Box UI for repetitive tasks. Trade-off: you're limited to the 50 tools the MCP exposes, so niche Box features might require a direct API call or manual intervention.

Who on my team should connect the Box MCP?

Whoever has the broadest Box permissions your workflows need. If agents will classify files or manage collaboration domains, that user needs enterprise admin rights. For basic file operations, a standard user works. The MCP inherits the connected account's permissions, so scope it to the least privilege that still unblocks your use cases.

Data last verified 8 hours ago.Sources aggregated hourly to weekly. See docs/architecture/model-directory.md.