Authenticate using a Box OAuth 2.0 access token or a JWT service account token with appropriate scopes; the token must have sign_requests.readwrite and files.readwrite permissions.
Upload the document to Box via the Files API (POST /2.0/files/content) and capture the file id.
Create a sign request via POST /2.0/sign_requests with a signers array (each with email and role), a source_files array referencing the Box file id, and a parent_folder_id for storing the signed copy.
Optionally include prefill_tags in the request body to prepopulate document fields, or set is_document_preparation_needed to true to open the Box Sign prep UI before sending.
Poll GET /2.0/sign_requests/{id} or configure a Box webhook on the SIGN_REQUEST.COMPLETED event type to detect when all parties have signed.
Known gotchas
Box Sign is available only on certain Box plans; the API returns a 403 with a feature_not_available code if your account does not have Sign enabled.
The signed copy is stored back into Box storage — ensure the parent_folder_id belongs to a folder the service account has write access to, or the request creation will fail.
Box Sign does not currently support custom signing order enforcement across all plan tiers; verify sequential signing support matches your plan before relying on it.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp