All requests to the Float API must be authenticated so that we can provide access to your data.

Authorization header

When making a call to our API endpoints, you must supply an Authorization header.

Add the following HTTP header to your request:

Authorization: Bearer FLOAT_ACCESS_TOKEN

where FLOAT_ACCESS_TOKEN is the API token you obtained from your Float Account Settings page.

The token request on our web site is pre-authenticated by being logged into the Float site and accessing the admin screen. The access token returned will grant access to Float API resources on behalf of a specific user – in this case, the account owner – suitable for machine-to-machine communication. The API token should be treated as sensitive as a password and must not be shared or distributed to untrusted parties. The token will remain valid as long as the account is in good standing or until it is regenerated (on the Float Account Settings page).

If you have questions about connecting to specific applications, please contact us at support@float.com

Identify Yourself

We need to know who you are and how we can contact you if there are any issues. Include a ‘User-Agent’ header with the name of your application and a contact email. Here’s a sample:

User-Agent: Glenn's People Import Integration (glenn@example.com)

Request Limits

You can make up to 400 requests per minute from the same company for GET requests, 200 per minute for non-GET (POST, PUT, DELETE) requests. Following this you will receive a ‘429 Error: too many requests by this user’. You will need to wait a brief period before attempting additional requests.

To insure optimal performance for all users there is additionally a limit of 10 requests per second for GET requests, 5 per second for non-GET (POST, PUT, DELETE) requests.