Hi @SvenGlöckner ,
See Use a TLS/SSL certificate in your code in Azure App Service on how you can upload the certificate and use it in your code. If your API is running on a Linux app service, and you're loading the certificate as a file, then make sure you include the password on load; otherwise, the usage of the certificate may error.
As for using Hybrid Connection, as long as you can directly access the on-premises database for your SAP system, then this also is a viable option.