Box

Live 92 Actions

Box Integration for AI Agents

Connect your AI agent to 92 QA'd Box actions via MCP, A2A, or SDK, with agent authentication, tool-calling execution, and security built-in.

Start Free Book Demo Box MCP Server

Box AI Agent Actions

92 production-ready actions for your agent to do more on Box.

Read the Box docs

92 Actions

List Pending Collaborations - List all pending collaborations for a user

Get Collaboration - Retrieve details of a specific collaboration by its ID, including the collaborator (user or group), their role, the item (file or folder) they have access to, and the collaboration status. Use list_folder_collaborations or list_file_collaborations to find collaboration IDs.

Create Collaboration - Add a collaborator (user or group) to a file or folder with a specific role (editor, viewer, previewer, uploader, previewer uploader, viewer uploader, co-owner). You can identify users by email (accessible_by.login) or user ID (accessible_by.id) — no need to look up the user ID first if you have their email. Cannot add the folder/file owner as a collaborator (returns 400). The is_access_only option is only supported for folder collaborations, not files. The expires_at option requires the enterprise admin to enable the "Automatically remove invited collaborators" setting.

Update Collaboration - Update a collaboration's role, expiry date, or path visibility. Requires the authenticated user to be the folder owner, co-owner, or enterprise admin. The expires_at field only works if the enterprise "Automatically remove invited collaborators" setting is enabled. Returns 403 if the user lacks permission to modify the collaboration.

Remove Collaboration - Remove a collaboration, revoking the user's or group's access to the shared file or folder. Requires the collaboration_id, which can be obtained from list_folder_collaborations or list_file_collaborations.

List Group Collaborations - List all file and folder collaborations for a specific group, showing what content the group has access to and with what role. Requires enterprise admin or co-admin permissions — having manage_groups scope alone is not sufficient, the authenticated user must also have admin-level privileges in the Box Admin Console.

List Folder Collaborations - List all collaborations on a folder, showing which users and groups have access and their roles (editor, viewer, co-owner, etc.). Returns both pending and active collaborations. Use the collaboration_id from the response for update_collaboration or delete_collaboration operations.

List File Collaborations - List all collaborations on a file, showing which users and groups have access and their roles. Returns both pending and active collaborations. Use the collaboration_id from the response for update_collaboration or delete_collaboration operations.

Create Comment - Add a comment to a file

Get Comment - Retrieve information about a comment

Update Comment - Update a comment's message

Delete Comment - Remove a comment

Get User And Enterprise Events - List user and enterprise events

Get File Information - Retrieve information about a file

Get File Thumbnail - Retrieve a thumbnail of a file

Update File - Update a file's name, description, parent folder (to move it), shared link, tags, or lock status. To lock a file, provide a lock object with type='lock'. To unlock a file, omit the lock field entirely (do NOT set lock to null, which may cause errors).

Delete File - Delete a file and move it to trash

Copy File - Copy a file to another folder

Download File - Download file content

Get File Version - Retrieve a specific version of a file

List File Versions - List all versions of a file

Promote File Version - Promote a previous file version to be the current version

Restore File Version - Restore a previously deleted file version from the file's version history. This does NOT restore files from the trash — use restore_file for that. Requires the file_id and the file_version_id of the deleted version (obtainable from list_file_versions). Only works on premium Box accounts that support version tracking.

Delete File Version - Delete a specific file version

List File Comments - List all comments on a specific file by its file_id. Use list_folder_items first to find the file_id if you only have the filename. Returns comment text, author, creation date, and reply information.

List File Tasks - List tasks on a file

Get Trashed File - Retrieve information about a file in trash

Restore File From Trash - Restore a file from trash

Permanently Delete File - Permanently delete a trashed file

List Folder Items - List items in a folder

Get Folder Information - Retrieve information about a folder

Create Folder - Create a new folder

Update Folder - Update a folder's information

Delete Folder - Delete a folder and move it to trash

Copy Folder - Copy a folder to another folder

Get Trashed Folder - Retrieve information about a folder in trash

Restore Folder From Trash - Restore a folder from trash

Permanently Delete Folder - Permanently delete a trashed folder

List Trashed Items - List all items in trash

List Groups - List all enterprise groups, optionally filtered by name prefix. Returns group IDs, names, and basic details. Use filter_term to search for groups whose name starts with a specific string. This is a read-only listing operation that requires manage_groups scope.

Get Group - Retrieve detailed information about a specific group by its ID, including name, description, invitability_level, and member_viewability_level. Requires admin-level permissions or group membership — note this requires stronger permissions than list_groups, which may succeed even when get_group returns 403.

Create Group - Create a new enterprise group with optional invitation and member visibility settings. Requires enterprise admin or co-admin role — the manage_groups OAuth scope alone is not sufficient, the authenticated user must have admin-level privileges in the Box Admin Console.

Update Group - Update a group's name, description, invitation settings, or member visibility. Requires enterprise admin or co-admin permissions — the authenticated user must have admin-level privileges, not just manage_groups scope.

Delete Group - Permanently delete an enterprise group. This action cannot be undone. Requires enterprise admin or co-admin permissions.

List Group Memberships - List all members of a specific group, including their user IDs, roles (member or admin), and membership IDs. The membership ID is needed for update_group_membership and remove_user_from_group operations.

Add User To Group - Add a user to an enterprise group as a member or admin. Requires enterprise admin or co-admin permissions. Provide the user ID and group ID as nested objects. Returns 403 if the authenticated account lacks admin-level privileges for group membership management.

Update Group Membership - Update a user's membership in a group

Remove User From Group - Remove a user from a group

Get Unified Credentials - Get the current Box connection's unified credentials and identity.

List Unified Groups - List unified groups in Box.

Get Unified Group - Get a unified Box group by ID.

List Unified Organizations - List unified organizations in Box.

Get Unified Organization - Get a unified Box organization by ID.

List Unified Resource Types - List unified resource types in Box.

List Unified Resource Users - List unified resource users in Box.

List Unified Roles - List unified roles in Box.

Get Unified Role - Get a unified Box role by ID.

List Unified Users - List unified users in Box.

Get Unified User - Get a unified Box user by ID.

List File Metadata Instances - List all metadata instances on a file

Get File Metadata Instance - Retrieve a specific metadata instance on a file

Create File Metadata Instance - Apply a metadata template instance to a file. Requires the file_id, scope (e.g. 'enterprise_1452824910' or 'global'), template_key, and a metadata object with field values. Even if all template fields are optional, the metadata object must contain at least one key-value pair — an empty object {} is rejected with 400 Bad Request. Returns 409 Conflict if this template is already applied to the file (use update_file_metadata to modify existing metadata).

Update File Metadata Instance - Update a metadata instance on a file

Delete File Metadata Instance - Remove a metadata instance from a file

Get Folder Metadata Instance - Retrieve a specific metadata instance on a folder

List Folder Metadata Instances - List all metadata instances on a folder

Create Folder Metadata Instance - Apply a metadata template instance to a folder. Requires the folder_id, scope, template_key, and a metadata object with at least one key-value pair. Returns 409 Conflict if this template is already applied to the folder — use update_folder_metadata to modify existing metadata, or delete_folder_metadata first to remove and re-apply.

Update Folder Metadata Instance - Update a metadata instance on a folder

Delete Folder Metadata Instance - Remove a metadata instance from a folder

List Metadata Templates - List all metadata templates

Get Metadata Template - Retrieve a metadata template

Query By Metadata - Search for files and folders that have specific metadata values applied. This is a read-only search/query tool — it does NOT create, update, or delete metadata. Use create_file_metadata, update_file_metadata, or delete_file_metadata for write operations. Uses SQL-like syntax to filter by metadata field values.

Create Task - Create a review or completion task on a file. The task is created unassigned — use assign_task afterwards to assign it to users. Accepts an optional due date in ISO 8601 format (e.g. "2025-12-31T23:59:00+00:00"). Use +00:00 for UTC timezone offset, not -00:00.

Get Task - Retrieve information about a task

Update Task - Update a task's message, due date, action type, or completion rule. Note that updating completion_rule may fail with 400 Bad Request if the task has no assignees — assign at least one user before changing the completion rule.

Delete Task - Remove a task

List Task Assignments - List assignments for a task

Assign Task - Assign a task to a user by user ID or email address. The user receives a notification. You can use either assign_to.id (user ID) or assign_to.login (email address) — you do not need to look up the user ID first if you already have their email.

Get Task Assignment - Retrieve information about a task assignment

Update Task Assignment - Update a task assignment's resolution state or message. Only the task creator, the assignee themselves, or enterprise admins can update an assignment. Returns 403 if the authenticated user lacks permission OR if the assignment is already in an approved/completed state.

Delete Task Assignment - Remove a task assignment

Upload File - Upload a new file

Upload File Version - Upload a new version of an existing file by providing the file_id, base64-encoded file content (file_content), and a filename (file_name). All three parameters are required. For files up to 50MB only — use chunked upload for larger files.

Create Upload Session - Create a chunked upload session for large files

Get Current User - Retrieve the profile of the currently authenticated user, including their user ID, name, email, avatar URL, and enterprise info. Does not require admin permissions — any authenticated user can call this. Use this to get the current user's ID when you need it for other operations.

List Enterprise Users - List all enterprise users with their IDs, names, and email addresses. Requires enterprise admin or co-admin permissions with manage_managed_users scope. Use filter_term to search by name or email prefix. Use user_type to filter by managed, external, or all users. If you already have a user's email address (e.g. for task assignment), you can pass it directly to assign_task via assign_to.login instead of looking up their user ID here.

Get User - Retrieve information about a user

Create User - Create a new managed user account in the enterprise. Requires enterprise admin or co-admin role with manage_managed_users scope. The login email must use a real domain (not @example.com). Returns 403 Forbidden if the authenticated account lacks admin privileges.

Update User - Update a user's information

Delete User - Delete a user from the enterprise

Get User Avatar - Retrieve a user's avatar image. Returns 404 if no custom avatar has been uploaded, even when the user profile contains an avatar_url field (which points to a default placeholder until a real image is uploaded). Use this to check whether a user has a custom profile picture.

Delete User Avatar - Delete a user's avatar image

Do More, Build Less

Integration Infrastructure for Box AI Agents

Multiple Interfaces

Access integrations via API, AI SDKs, MCP & A2A.

Box MCP server

Managed Authentication

Pre-built authentication UI.

Agent auth

Falcon Engine

Every Box action runs on Falcon.

Agent Execution Engine

StackOne Defender

88.7% prompt injection detection.

Prompt injection defense

Start Free Book a Demo

"What impressed us most about StackOne is its ambition and clarity. They're creating infrastructure that modern software and the entire AI agent ecosystem can rely on. The depth of secure integrations, the pace of delivery, and the team's foresight into AI's future uniquely position StackOne to redefine this category."

Luna Schmid, Partner at GV

"We've been impressed by how quickly and deeply StackOne integrates with complex enterprise systems -- and now, with their focus on agent-to-agent interoperability, they're unlocking even more powerful use cases for customers. StackOne delivers all of the above in a universal layer -- without compromise."

Barbry McGann, SVP at Workday Ventures

Product Teams Love Building Agent Integrations With StackOne

IAM Permissions API

Case Study How Drata Broadened User Access Review Integrations through StackOne

Agentic Connectors

Case Study How Popp Built a Recruitment AI Agent with Enterprise ATS Integration in Weeks

Connectors for workflow builders

Case Study Introist uses StackOne to Launch New Enterprise-Grade Integrations and Expand Automation for HR Teams

Scroll to explore

More Cloud Storage Integrations Like Box

Dropbox

90+ actions

Amazon S3

89+ actions

53+ actions

46+ actions

30+ actions

26+ actions

19+ actions

Explore more Cloud Storage integrations

Box Agent Integration Resources

Unified API Limitations for AI Agent Integration: 7 Ways They Break

Unified APIs work for traditional software but fail AI agents in specific, measurable ways. Here are 7 problems we found after building both approaches, with examples from Workday, Greenhouse, Jira, and Salesforce.

14 min

Agentic Context Engineering: Why AI Agents Kill Their Own Context Windows

AI agents exceed their context windows without knowing it. Six failure patterns and seven survival architectures for agentic context engineering.

15 min

MCP Code Mode: Keeping Tool Responses Out of Agent Context

Anthropic's code_execution processes data already in context. Custom MCP code mode keeps raw tool responses in a sandbox. 14K tokens vs 500.

11 min

Comparing BM25, TF-IDF, and Hybrid Search for MCP Tool Discovery

Benchmarking BM25, TF-IDF, and hybrid search for MCP tool discovery across 916 tools. The 80/20 TF-IDF/BM25 hybrid hits 21% Top-1 accuracy in under 1ms.

10 min

Box integration FAQ

Do I need to create my own auth app to connect Box to StackOne?

Yes, you need an auth app inside the Box Developer Console. Box calls this a "Custom App" (OAuth 2.0 type). Once created with the StackOne redirect URI and read+write file scopes, paste the Client ID and Secret into the StackOne dashboard auth config for the Box connector. See the Box auth docs.

Put your AI agents to work

All the tools you need to build and scale AI agent integrations, with best-in-class connectivity, execution, and security.

Start Free Book Demo