We're excited to introduce secure file upload and download for the Box MCP server. Supported AI agents — including Claude, Codex, and Cursor — can now edit and write back to the binary files your teams work in every day, including PDFs, PowerPoint, Word, and Excel. Previously, an agent could read a file's contents but couldn't reliably update the original. Now it can complete the full workflow: open a file, modify it, and save it back.
This capability is disabled by default. Your organization retains full control over when and where to authorize agentic file editing, giving IT and security teams the ability to stage rollouts and align the feature to your risk tolerance before broad adoption.
Every upload and download is fully logged and attributed to a specific user and application, preserving the audit trail your compliance and security teams require.
How to enable:
Admins can activate the feature in Admin Console → Integrations → Box MCP Server → Files and Folders → Custom Configuration, then enabling get_upload_url and get_download_url.
Domain allowlisting:
Some MCP clients require explicit domain allowlisting for upload and download URLs to function. See additional documentation here. Required domains vary by your Box Zone deployment; you can configure wildcard rules to capture all necessary endpoints:
- upload.*.box.com
- *.boxcloud.com
- *.box.com
Of the supported clients, Claude restricts outbound network access by default, so Box's transfer domains must be added to its allowlist.
Your Claude organization owner can do this in Claude → Organization settings → Capabilities, under Allow network egress → package managers and specific domains, adding the endpoints above. See here for more information