diff --git a/app/Http/Controllers/Migration/StepsController.php b/app/Http/Controllers/Migration/StepsController.php
index 52007b8e58..b18eff1d96 100644
--- a/app/Http/Controllers/Migration/StepsController.php
+++ b/app/Http/Controllers/Migration/StepsController.php
@@ -124,12 +124,13 @@ class StepsController extends BaseController
             return back()->with('responseErrors', [trans('texts.cross_migration_message')]);
         }
 
-        $authentication = (new AuthService($request->email, $request->password))
+        $authentication = (new AuthService($request->email, $request->password, $request->has('api_secret') ? $request->api_secret : null))
             ->endpoint(session('MIGRATION_ENDPOINT'))
             ->start();
 
         if ($authentication->isSuccessful()) {
             session()->put('MIGRATION_ACCOUNT_TOKEN', $authentication->getAccountToken());
+            session()->put('MIGRAITON_API_SECRET', $authentication->getApiSecret());
 
             return redirect(
                 url('/migration/companies')
diff --git a/app/Services/Migration/AuthService.php b/app/Services/Migration/AuthService.php
index 7e1ec8bb2a..6ddd65bb11 100644
--- a/app/Services/Migration/AuthService.php
+++ b/app/Services/Migration/AuthService.php
@@ -1,5 +1,16 @@
 <?php
 
+/**
+ * Invoice Ninja (https://invoiceninja.com).
+ *
+ * @link https://github.com/invoiceninja/invoiceninja source repository
+ *
+ * @copyright Copyright (c) 2020. Invoice Ninja LLC (https://invoiceninja.com)
+ *
+ * @license https://opensource.org/licenses/AAL
+ */
+
+
 namespace App\Services\Migration;
 
 use Unirest\Request;
@@ -9,17 +20,21 @@ class AuthService
 {
     protected $username;
     protected $password;
+    protected $apiSecret;
+
     protected $endpoint = 'https://app.invoiceninja.com';
     protected $uri = '/api/v1/login?include=token';
+
     protected $errors = [];
     protected $token;
     protected $isSuccessful;
 
 
-    public function __construct(string $username, string $password)
+    public function __construct(string $username, string $password, string $apiSecret = null)
     {
         $this->username = $username;
         $this->password = $password;
+        $this->apiSecret = $apiSecret;
     }
 
     public function endpoint(string $endpoint)
@@ -72,6 +87,10 @@ class AuthService
         return null;
     }
 
+    public function getApiSecret()
+    {
+        return $this->apiSecret;
+    }
 
     public function getErrors()
     {
@@ -80,10 +99,16 @@ class AuthService
 
     private function getHeaders()
     {
-        return [
+        $headers = [
             'X-Requested-With' => 'XMLHttpRequest',
             'Content-Type' => 'application/json',
         ];
+
+        if (!is_null($this->apiSecret)) {
+            $headers['X-Api-Secret'] = $this->apiSecret;
+        }
+
+        return $headers;
     }
 
     private function getUrl()
diff --git a/app/Services/Migration/CompleteService.php b/app/Services/Migration/CompleteService.php
index 3ebf406290..df774cdfed 100644
--- a/app/Services/Migration/CompleteService.php
+++ b/app/Services/Migration/CompleteService.php
@@ -87,11 +87,17 @@ class CompleteService
 
     private function getHeaders()
     {
-        return [
+        $headers =  [
             'X-Requested-With' => 'XMLHttpRequest',
             'X-Api-Token' => $this->token,
             'Content-Type' => 'multipart/form-data',
         ];
+
+        if (session('MIGRATION_API_SECRET')) {
+            $headers['X-Api-Secret'] = session('MIGRATION_API_SECRET');
+        }
+
+        return $headers;
     }
 
     private function getUrl()
diff --git a/resources/lang/en/texts.php b/resources/lang/en/texts.php
index ff2e60cdb9..11b24ca981 100644
--- a/resources/lang/en/texts.php
+++ b/resources/lang/en/texts.php
@@ -3816,6 +3816,9 @@ $LANG = array(
     'activity_65' => ':user emailed third reminder for invoice :invoice to :contact',
     'activity_66' => ':user emailed endless reminder for invoice :invoice to :contact',
     'expense_category_id' => 'Expense Category ID',
+    'migration_auth_label' => 'Let\'s continue by authenticating.',
+    'api_secret' => 'API secret',
+    'migration_api_secret_notice' => 'You can find API_SECRET in the .env file or Invoice Ninja v5. If property is missing, leave field blank.',
     'view_licenses' => 'View Licenses',
     'fullscreen_editor' => 'Fullscreen Editor',
     'sidebar_editor' => 'Sidebar Editor',
diff --git a/resources/views/migration/auth.blade.php b/resources/views/migration/auth.blade.php
index 714da56fa2..b96404e08c 100644
--- a/resources/views/migration/auth.blade.php
+++ b/resources/views/migration/auth.blade.php
@@ -11,18 +11,25 @@
             <h3 class="panel-title">{!! trans('texts.welcome_to_the_new_version') !!}</h3>
         </div>
         <div class="panel-body">
-            <h4>Let's continue with authentication.</h4><br/>
+            <h4>{!! trans('texts.migration_auth_label') !!}</h4><br/>
             <form action="{{ url('/migration/auth') }}" method="post" id="auth-form">
                 {{ csrf_field() }}
+
                 <div class="form-group">
-                    <label for="email">E-mail address</label>
+                    <label for="email">{!! trans('texts.email_address') !!} *</label>
                     <input type="email" name="email" class="form form-control">
                 </div>
 
                 <div class="form-group">
-                    <label for="password">Password</label>
+                    <label for="password">{!! trans('texts.password') !!} *</label>
                     <input type="password" name="password" class="form form-control">
                 </div>
+
+                <div class="form-group">
+                    <label for="api_secret">{!! trans('texts.api_secret') !!}</label>
+                    <input type="api_secret" name="api_secret" class="form form-control">
+                    <small>{!! trans('texts.migration_api_secret_notice') !!}</small>
+                </div>
             </form>
         </div>
         <div class="panel-footer text-right">