you question is not clear.
to validate an ad account user/password you use the directory services api.
to create a webapi, just create a webapi project.
dotnet new webapi
but I suspect you want to know how to use your authentication with the vendor app. this will depend on their design. many will support oauth, in which case you can use azure ad oauth support, or create your own oauth server.