How to add Box MCP Server (Remote) to Windsurf
Box's official hosted MCP server for secure, OAuth-gated access to enterprise content in Box. Paste the config into ~/.codeium/windsurf/mcp_config.json and restart Windsurf.
Last updated June 15, 2026 · 250★ · http · oauth · official
Windsurf config for Box MCP Server (Remote)
Add remote URL https://mcp.box.com to your MCP client and complete the OAuth flow{
"mcpServers": {
"box-mcp-server-remote": {
"serverUrl": "https://mcp.box.com",
"headers": {
"Authorization": "Bearer <oauth-token>"
}
}
}
}Remote server — no local install needed. Restart the client after saving the config.
Setup steps
- 1Open Windsurf → Cascade → the hammer/MCP icon → Configure (or edit ~/.codeium/windsurf/mcp_config.json).
- 2Paste the Box MCP Server (Remote) config below.
- 3Fill in placeholder secrets, then save.
- 4Click Refresh in the MCP panel.
- 5Box MCP Server (Remote)'s tools become available to Cascade.
Before you start
- A Box account (free, Business, or Enterprise) with access to the content you want the agent to use
- A Box OAuth 2.0 app configured in the Box Developer Console (or Admin Console) with a Client ID, Client Secret, and redirect URI — used to authorize the MCP connection
- An MCP client that supports remote MCP servers with OAuth (e.g. Claude, Copilot Studio, Mistral Le Chat), or the mcp-remote proxy (Node.js 18+) for clients without native remote/OAuth support
What Box MCP Server (Remote) can do in Windsurf
who_am_iReturn the authenticated Box user (verify identity and connection).
search_files_keywordFull-text keyword search across files the user can access.
search_folders_by_nameFind folders by name.
list_folder_content_by_folder_idList the contents of a folder by its ID.
get_file_contentRetrieve the text/content of a file for use as context.
ai_qa_single_fileAsk Box AI a question about a single file.
ai_qa_multi_fileAsk Box AI a question across multiple files.
ai_qa_hubAsk Box AI a question grounded in a Box Hub.
Security
Access is brokered through Box's OAuth so the agent only sees content the authorizing user can access, but that can still be a large corpus of enterprise files; scope the connecting app's permissions carefully. Tokens granted via OAuth should be treated as sensitive.
Box MCP Server (Remote) + Windsurf FAQ
Where is the Windsurf config file?
Windsurf reads MCP servers from ~/.codeium/windsurf/mcp_config.json. Paste the Box MCP Server (Remote) config there under the "mcpServers" key and restart the client.
Is Box MCP Server (Remote) safe to use with Windsurf?
Access is brokered through Box's OAuth so the agent only sees content the authorizing user can access, but that can still be a large corpus of enterprise files; scope the connecting app's permissions carefully. Tokens granted via OAuth should be treated as sensitive.
Is the Box remote MCP server official?
Yes. It is built and hosted by Box at mcp.box.com and published under the box organization on GitHub.
How does authentication work?
Via OAuth 2.0. The server is an OAuth-protected resource backed by Box's authorization server; you authorize through a Box app's Client ID/Secret and the agent acts as the authenticated user with that user's permissions.
Does the AI ever see content I can't access?
No. Every call runs as the authenticated user, so the agent only sees content that user is already permitted to access in Box.