Authenticating with Float

All requests to the Float API must be authenticated so that we can provide access to your data.

Authorization header

When making a call to our API endpoints, you must supply an Authorization header.

Add the following HTTP header to your request:

Authorization: Bearer FLOAT_ACCESS_TOKEN

where FLOAT_ACCESS_TOKEN is the API token you obtained from your Float Account Settings page.

The token request on our web site is pre-authenticated by being logged into the Float site and accessing the admin screen. The access token returned will grant access to Float API resources on behalf of a specific user – in this case, the account owner – suitable for machine-to-machine communication. The API token should be treated as sensitive as a password and must not be shared or distributed to untrusted parties. The token will remain valid as long as the account is in good standing or until it is regenerated (on the Float Account Settings page).

If you have questions about connecting to specific applications, please contact us at

Identify Yourself

We need to know who you are and how we can contact you if there are any issues. You must include a ‘User-Agent’ header with the name of your application and a contact email. Here’s a sample:

User-Agent: Glenn's People Import Integration (

Rate Limiting

For primary data endpoints, you can make up to 200 requests per minute from the same company for GET requests, 100 per minute for non-GET (e.g., POST, PATCH, DELETE) requests. Following this you will receive a 429 Error too many requests by this user. You will need to wait a brief period before attempting additional requests. To insure optimal performance for all users we may also apply a burst limit of 10 requests per second for GET requests, 4 per second for non-GET (POST, PATCH, DELETE) requests.

For reports endpoints, the request (GET) limit is 30 requests per minute.