https://app.vortexiq.ai/v2/api/bc-migration. Every
request is authenticated as a Vortex IQ user and scoped to a single organisation. Two authentication
methods are supported, and every endpoint accepts either:
Bearer tokens (server-to-server)
Exchange your identity and your organisation’s API credential for a token on the Login endpoint:What you need before you can log in
1
An API credential for your organisation
The
client_id / client_secret pair is issued per organisation by Vortex IQ. The secret is
shown once at issue time - store it in a secret manager, never in client-side code. Contact
support to have a credential provisioned or rotated.2
Store Migration enabled for your organisation
The app is enabled per organisation; without it every endpoint returns
403.3
At least 2 connected BigCommerce stores
A migration needs a source and a destination, so login refuses organisations with fewer than 2
connected stores (
403 insufficient_stores).Token lifetime and revocation
- Tokens live for 10 days (
expires_in: 864000). Log in again to get a fresh one - there is no refresh endpoint. - Rotating or disabling your organisation’s API credential immediately invalidates every
outstanding token for the organisation, not just future logins. Rotation keeps the same
client_id; only the secret changes. - A token is bound to the user and organisation it was issued for. If the user leaves the organisation, the token stops working.
- The token is a signed JWT: its claims are readable (no secrets inside), but any modification invalidates it. Treat the whole token as a secret - it authenticates as you.
- Login is rate limited to 10 attempts per minute (
429beyond that), and failed logins return a deliberately generic401 invalid_credentialsthat does not reveal which field was wrong.
Sessions (from the browser)
Requests from a signed-inapp.vortexiq.ai page are authorised by your Vortex IQ session, the same
one the StagingPro UI uses - no token needed:
403:
422 store_not_found.
Store credentials
You never send BigCommerce API tokens to this API. Stores are referenced by store hash - for example"source_store_hash": "abc123xyz". The hashes
for your organisation’s stores are returned by Login. Vortex IQ
resolves each store’s BigCommerce credentials server-side from your organisation’s connected
StagingPro integrations, and authorises the store against your organisation on every call. Tokens
never travel through the browser, your scripts, or this API’s request bodies.
This is why connecting a store in StagingPro is a prerequisite for migrating it, and why a hash your
organisation has not connected returns: