Introduction
In this, you grant scoped, permissions-based access to your own web API to a client app registered with the Microsoft identity platform. You grant the client application access to Microsoft Graph as well.
The client app can get an access token from the Microsoft identity platform that contains the scopes of a web API by specifying those scopes in the client app's registration. Based on the scopes found in the access token, the web API's code can then grant permission-based access to its resources.
Add permissions to access your web API
Step 1. Search for App registration in the search bar at the top and select App registration.
![App Registration]()
Step 2. Select the recent app which you have created.
![Select APP Registration]()
Step 3. Navigate to the API Permission, which is visible in the left pain.
![Select the API Permissions]()
Step 4. Click on Add permission.
![Click on Add Permission]()
Step 5. Right Pain Open up with “Request API permissions”, Select the Microsoft API’s.
![Request API permissions]()
Step 6. Select Dynamic CRM and give the” user_impersonation” permission and click on Add permission button.
![Select Dynamic CRM]()
![Add CRM Permission]()
Step 7. Add the API permissions as per the requirement. I have added the Key Vault and Microsoft Graph Permissions.
![Permissions]()