Set up API Permissions for the App Registration
After you have created an app registration, you need to grant it permissions to call the Microsoft Graph and SharePoint APIs. You also need to grant the app registration an admin consent to access your organization's data.
Select API permissions from the menu on the left.
Select Add a permission.
The Request API permissions page opens with the Microsoft APIs tab activated by default.
Select Microsoft Graph.
Select Application permissions as the type of permissions that the app registration needs to call the Microsoft Graph APIs.
Specify the permissions.
Select Sites.Selected to grant the app registration access only to specific sites. You can specify the individual sites in the Administration application.
If you want to enable synchronization with Term store, select TermStore.ReadWrite.All.
Confirm with Add permissions.
Select SharePoint.
Select Application permissions as the type of permissions that the app registration needs to call the SharePoint APIs.
Select Sites.Selected to grant the app registration access only to specific sites. You can specify the individual sites in the Administration application.
Confirm with Add permissions.
Select Grant admin consent for your organization.
The Grant admin consent confirmation dialog box opens.
Confirm with Yes.
The app registration can now access your organization's data.