dropbox-analytics-mcp-server
dropbox-analytics-mcp-server
MCP server for Dropbox, built for analytics workflows. Read public shared links with zero authentication, or connect a full Dropbox account via OAuth to browse, search, read, and export files. CSV and Excel files are automatically parsed into tabular rows ready for analysis.
Quick start (public links, no auth)
npx dropbox-analytics-mcp-serverWith no credentials set, the server runs in public-link-only mode with a single tool:
| Tool | Description |
|---|---|
read_public_link |
Download and parse any public Dropbox shared link (CSV/Excel → rows, JSON → object, text → raw) |
Works with both old (/s/...) and new (/scl/fi/...?rlkey=...) link formats.
Full account access (OAuth)
With credentials set, eight more tools register:
| Tool | Description |
|---|---|
list_folder |
List files/folders at a path (optionally recursive) |
search_files |
Search by name or content |
get_file_metadata |
Size, modified date, revision info |
read_file |
Download + parse a file from the account |
list_shared_links |
List existing shared links |
create_shared_link |
Create (or fetch existing) public link for a file |
upload_file |
Upload text-based content (e.g. export analytics results as CSV) |
get_account_info |
Verify the connection works |
One-time setup: getting a refresh token
Dropbox no longer issues long-lived access tokens, so the server uses an auto-refreshing refresh token. You set this up once:
1. Create a Dropbox app at https://www.dropbox.com/developers/apps
- Choose Scoped access → Full Dropbox (or App folder for sandboxing)
- Under Permissions, enable:
files.metadata.read,files.content.read,files.content.write(only if usingupload_file),sharing.read,sharing.write(only if usingcreate_shared_link),account_info.read - Note the App key and App secret from the Settings tab
2. Authorize and grab the code — open this URL in a browser (replace YOUR_APP_KEY):
https://www.dropbox.com/oauth2/authorize?client_id=YOUR_APP_KEY&response_type=code&token_access_type=offlineApprove the app and copy the authorization code shown.
3. Exchange the code for a refresh token:
curl https://api.dropbox.com/oauth2/token \
-d code=YOUR_AUTH_CODE \
-d grant_type=authorization_code \
-u YOUR_APP_KEY:YOUR_APP_SECRETThe JSON response contains refresh_token — save it. It does not expire unless revoked.
Environment variables
| Variable | Required | Purpose |
|---|---|---|
DROPBOX_APP_KEY |
for account access | App key from the Dropbox app console |
DROPBOX_APP_SECRET |
for account access | App secret |
DROPBOX_REFRESH_TOKEN |
for account access | From step 3 above; auto-exchanged for short-lived access tokens |
DROPBOX_ACCESS_TOKEN |
alternative | Short-lived token for quick testing only (expires in ~4 hours) |
MCP client configuration
Claude Desktop (claude_desktop_config.json)
{
"mcpServers": {
"dropbox": {
"command": "npx",
"args": ["-y", "dropbox-analytics-mcp-server"],
"env": {
"DROPBOX_APP_KEY": "your_app_key",
"DROPBOX_APP_SECRET": "your_app_secret",
"DROPBOX_REFRESH_TOKEN": "your_refresh_token"
}
}
}
}For public-link-only mode, omit the env block entirely.
Tool examples
read_public_link
shared_link: "https://www.dropbox.com/scl/fi/abc/sales.xlsx?rlkey=xyz&dl=0"
sheet_name: "Q1" (optional, Excel only)
max_rows: 100 (optional, default 500)
read_file
path: "/Reports/2026/sales.csv"
upload_file
path: "/Exports/summary.csv"
content: "region,total\nWest,1200\nEast,950"Tabular responses include columns, rows, totalRows, availableSheets, and a truncated flag so the client knows whether to request more.
Limits
- Downloads capped at 50 MB per file
- Tabular responses default to 500 rows (override with
max_rows) - Text files truncated at 100k characters
upload_fileis text-only (UTF-8); binary upload not supported
Development
npm install
npm run build
node dist/index.jsLicense
MIT