Set up API Permissions for the App Registration
After you have created an app registration, you need to grant it permissions to call the Microsoft Graph and SharePoint APIs. You also need to grant the app registration an admin consent to access your organization's data.
Select API permissions from the menu on the left.
Select Add a permission.
The Request API permissions page opens with the Microsoft APIs tab activated by default.
Select Microsoft Graph.
Select Application permissions as the type of permissions that the app registration needs to call the Microsoft Graph APIs.
Specify the Microsoft Graph permissions.
If this is an app registration for the Tagging module only, select Sites.Selected to grant the app registration access to specific sites. You can specify the individual sites in the Administration application.
If this is an app registration for the Term Store Synchronization module only, select TermStore.ReadWrite.All.
If this is an app registration for both the Term Store Synchronization and the Tagging modules, select Sites.Selected and TermStore.ReadWrite.All.
Confirm with Add permissions.
Select SharePoint.
Select Application permissions as the type of permissions that the app registration needs to call the SharePoint APIs.
Specify the SharePoint permissions.
If this is an app registration for the Tagging module only, select Sites.Selected to grant the app registration access to specific sites. You can specify the individual sites in the Administration application.
If this is an app registration for the Term Store Synchronization module only, select TermStore.ReadWrite.All, TermStore.Read.All.
If you want to make use of the Term Store-based tagging for the Managed Metadata columns, additionally select Sites.Selected. You can specify the individual sites in the Administration application.
If this is an app registration for both the Term Store Synchronization and the Tagging modules, select Sites.Selected, TermStore.ReadWrite.All and TermStore.Read.All.
Confirm with Add permissions.
Select Grant admin consent for your organization.
The Grant admin consent confirmation dialog box opens.
Confirm with Yes.
The app registration can now access your organization's data.