POST /admin/migrations/:id/items/:itemId/approve
Approve a migration item for import. Optionally override the target environments or bucket classification at approval time. Auth:migration_reviewer permission + a recent step-up verification (5-minute window)
Step-up is enforced server-side: the platform checks for a recent re-authentication by the signed-in user. No step-up token or header is sent on this request. To create a verification first, the user re-authenticates via POST /auth/2fa/verify-step-up (TOTP), POST /auth/passkey/verify-step-up (passkey), or the email fallback (POST /auth/step-up/email-challenge then POST /auth/step-up/verify-email). If no recent verification exists, this endpoint returns 403 with { "error": "Recent step-up verification required for this action", "requires_step_up": true, "max_age_minutes": 5 }.
Request body (all optional)
Response
409 if the item is not in pending_review status.