There are two kinds of API Scope, which are called B2B Access Token API and Transactional API. Both of these APIs have different sets of security specifications.
This is the flow that merchants will commonly use for all integrations, showing how both of these API scopes will be used throughout the integration:
As you can see on the above image, merchant will be required to call for B2B Access Token API to get the Access Token that will be used for subsequent Transactional API until the access token given expired.
TLS Version
Midtrans implements secure channel communication to ensure the confidentiality of transmitted messages. The standard minimum version to be used is Transport Layer Security (TLS) 1.2
Please refer to this page for more details on how to generate signature on BI-SNAP-based Core API flow.