Skip to main content
The StagingPro V2 Migration API is served from https://app.vortexiq.ai/v2/api/bc-migration. Every request is authenticated as a Vortex IQ user and scoped to a single organisation. Two authentication methods are supported, and every endpoint accepts either:

Bearer tokens (server-to-server)

Exchange your identity and your organisation’s API credential for a token on the Login endpoint:
A successful login returns your user and organisation details, the BigCommerce stores connected to your organisation (source material for every other endpoint), and the token itself:
Send the token on every subsequent call:

What you need before you can log in

1

An API credential for your organisation

The client_id / client_secret pair is issued per organisation by Vortex IQ. The secret is shown once at issue time - store it in a secret manager, never in client-side code. Contact support to have a credential provisioned or rotated.
2

Store Migration enabled for your organisation

The app is enabled per organisation; without it every endpoint returns 403.
3

At least 2 connected BigCommerce stores

A migration needs a source and a destination, so login refuses organisations with fewer than 2 connected stores (403 insufficient_stores).

Token lifetime and revocation

  • Tokens live for 10 days (expires_in: 864000). Log in again to get a fresh one - there is no refresh endpoint.
  • Rotating or disabling your organisation’s API credential immediately invalidates every outstanding token for the organisation, not just future logins. Rotation keeps the same client_id; only the secret changes.
  • A token is bound to the user and organisation it was issued for. If the user leaves the organisation, the token stops working.
  • The token is a signed JWT: its claims are readable (no secrets inside), but any modification invalidates it. Treat the whole token as a secret - it authenticates as you.
  • Login is rate limited to 10 attempts per minute (429 beyond that), and failed logins return a deliberately generic 401 invalid_credentials that does not reveal which field was wrong.

Sessions (from the browser)

Requests from a signed-in app.vortexiq.ai page are authorised by your Vortex IQ session, the same one the StagingPro UI uses - no token needed:
The same organisation gate applies: if Store Migration is not enabled for your organisation, every endpoint returns 403:
Everything you read or start is scoped to your organisation. Migration history shows only your organisation’s runs, and a store must be connected to your organisation before you can migrate it - otherwise you get 422 store_not_found.

Store credentials

You never send BigCommerce API tokens to this API. Stores are referenced by store hash - for example "source_store_hash": "abc123xyz". The hashes for your organisation’s stores are returned by Login. Vortex IQ resolves each store’s BigCommerce credentials server-side from your organisation’s connected StagingPro integrations, and authorises the store against your organisation on every call. Tokens never travel through the browser, your scripts, or this API’s request bodies. This is why connecting a store in StagingPro is a prerequisite for migrating it, and why a hash your organisation has not connected returns:

Errors you may hit