How to add Box MCP Server (Remote) to Claude Desktop
Box's official hosted MCP server for secure, OAuth-gated access to enterprise content in Box. Paste the config into ~/Library/Application Support/Claude/claude_desktop_config.json and restart Claude Desktop.
Last updated June 15, 2026 ยท 250โ ยท http ยท oauth ยท official
Claude Desktop config for Box MCP Server (Remote)
Add remote URL https://mcp.box.com to your MCP client and complete the OAuth flow{
"mcpServers": {
"box-mcp-server-remote": {
"command": "npx",
"args": [
"-y",
"mcp-remote",
"https://mcp.box.com",
"--header",
"Authorization: Bearer <oauth-token>"
]
}
}
}Claude Desktop connects to remote servers through the `mcp-remote` proxy (installed on first run via npx). Restart Claude Desktop after saving.
Setup steps
- 1Open Claude Desktop โ Settings โ Developer โ Edit Config (this opens ~/Library/Application Support/Claude/claude_desktop_config.json).
- 2Paste the Box MCP Server (Remote) config below under the top-level "mcpServers" key.
- 3Fill in any placeholder secrets (API keys, paths) in the snippet.
- 4Save the file, then fully quit and reopen Claude Desktop.
- 5Open a chat and confirm Box MCP Server (Remote)'s tools appear under the ๐ tools menu.
Before you start
- A Box account (free, Business, or Enterprise) with access to the content you want the agent to use
- A Box OAuth 2.0 app configured in the Box Developer Console (or Admin Console) with a Client ID, Client Secret, and redirect URI โ used to authorize the MCP connection
- An MCP client that supports remote MCP servers with OAuth (e.g. Claude, Copilot Studio, Mistral Le Chat), or the mcp-remote proxy (Node.js 18+) for clients without native remote/OAuth support
What Box MCP Server (Remote) can do in Claude Desktop
who_am_iReturn the authenticated Box user (verify identity and connection).
search_files_keywordFull-text keyword search across files the user can access.
search_folders_by_nameFind folders by name.
list_folder_content_by_folder_idList the contents of a folder by its ID.
get_file_contentRetrieve the text/content of a file for use as context.
ai_qa_single_fileAsk Box AI a question about a single file.
ai_qa_multi_fileAsk Box AI a question across multiple files.
ai_qa_hubAsk Box AI a question grounded in a Box Hub.
Security
Access is brokered through Box's OAuth so the agent only sees content the authorizing user can access, but that can still be a large corpus of enterprise files; scope the connecting app's permissions carefully. Tokens granted via OAuth should be treated as sensitive.
Box MCP Server (Remote) + Claude Desktop FAQ
Where is the Claude Desktop config file?
Claude Desktop reads MCP servers from ~/Library/Application Support/Claude/claude_desktop_config.json. Paste the Box MCP Server (Remote) config there under the "mcpServers" key and restart the client.
Is Box MCP Server (Remote) safe to use with Claude Desktop?
Access is brokered through Box's OAuth so the agent only sees content the authorizing user can access, but that can still be a large corpus of enterprise files; scope the connecting app's permissions carefully. Tokens granted via OAuth should be treated as sensitive.
Is the Box remote MCP server official?
Yes. It is built and hosted by Box at mcp.box.com and published under the box organization on GitHub.
How does authentication work?
Via OAuth 2.0. The server is an OAuth-protected resource backed by Box's authorization server; you authorize through a Box app's Client ID/Secret and the agent acts as the authenticated user with that user's permissions.
Does the AI ever see content I can't access?
No. Every call runs as the authenticated user, so the agent only sees content that user is already permitted to access in Box.