All requests to the Float API must be authenticated so that we can provide access to your data.

Authorization header

When making a call to our API endpoints, you must supply an Authorization header.

Add the following HTTP header to your request:

Authorization: Bearer FLOAT_ACCESS_TOKEN

where FLOAT_ACCESS_TOKEN is the API token you obtained from your Float Account & Billing page.

We use the OAuth 2.0 protocol for API authentication, but only a subset of the specification is exposed. The token you receive on our web site is pre-authorized by being logged into the admin screen – basically you pick it up from the point where you are working with an access token to make authorized requests for Float resources.

The API token you receive on our site is a Bearer token, which will grant access to Float API resources on behalf of a specific user – in this case, the account owner. This token should be considered as sensitive as passwords and must not be shared or distributed to untrusted parties.

(If you are interested in using alternative OAuth 2.0 connection methods or have questions about connecting to specific applications, please contact us at

Identify Yourself

We like to know who you are so we can contact you if there’s any issues. Please include a ‘User-Agent’ header with the name of your application and a contact email. Here’s a sample:

User-Agent: Glenn's People Import Integration (

Request Limits

You can make up to 400 requests per minute from the same account. Following this you will receive a ‘429 Error: too many requests by this user’. You will need to wait a brief period before attempting additional requests.

To insure optimal performance for all users there is additionally a limit of 20 requests per second for GET requests, 10 per second for non-GET (POST, PUT, DELETE) requests.