All requests to the Float API must be authenticated so that we can provide access to your data.

Authorization header

When making a call to our API endpoints, you must supply an Authorization header.

Add the following HTTP header to your request:

Authorization: Bearer FLOAT_ACCESS_TOKEN

where FLOAT_ACCESS_TOKEN is the API token you obtained from your Float Account Settings page.

The token request on our web site is pre-authenticated by being logged into the Float site and accessing the admin screen. The access token returned will grant access to Float API resources on behalf of a specific user – in this case, the account owner – suitable for machine-to-machine communication. The API token should be treated as sensitive as a password and must not be shared or distributed to untrusted parties. The token will remain valid as long as the account is in good standing or until it is regenerated (on the Float Account Settings page).

(If you are interested in using alternative OAuth 2.0 connection methods or have questions about connecting to specific applications, please contact us at

Identify Yourself

We like to know who you are so we can contact you if there’s any issues. Please include a ‘User-Agent’ header with the name of your application and a contact email. Here’s a sample:

User-Agent: Glenn's People Import Integration (

Request Limits

You can make up to 400 requests per minute from the same account. Following this you will receive a ‘429 Error: too many requests by this user’. You will need to wait a brief period before attempting additional requests.

To insure optimal performance for all users there is additionally a limit of 20 requests per second for GET requests, 10 per second for non-GET (POST, PUT, DELETE) requests.