There are two kinds of API Scope, which are called B2B Access Token API and Transactional API. Both of these APIs have different sets of security specifications.
This is the flow that merchants will commonly use for all integrations, showing how both of these API scopes will be used throughout the integration:
As you can see on the above image, merchant will be required to call for B2B Access Token API to get the Access Token that will be used for subsequent Transactional API until the access token given expired.
Please refer to this page for more details on how to generate signature on BI-SNAP-based Core API flow.