Thank you for posting your query on Microsoft Q&A. From above description I could understand that you have an API in A tenant and want to give its permission to an App in Tenant B.
Please do correct me if this is not the case by responding in the comments section.
Kindly follow the below steps:
- On tenant A, make under authentication you have selected "Accounts from any directory".
- API must have exposed URI:
- You must have at-least user.read graph API permission added to the API:
- Now you need to access this API of tenant A a with a user of tenant B (I prefer admin)
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=***{client ID of API in Tenant A}&response_type=code&redirect_uri={redirect URI of API in tenant A}***&response_mode=fragment&scope=openid&state=12345
- Now it would take you to a consent screen, accept and access the app:
- Now you could navigate to Tenant B > App registration> select the App you want to access the API > API permissions > APIs my organization uses, and you would be able to see the API you want to access.
Thanks,
Akshay Kaushik
Please "Accept the answer" (Yes), and share your feedback if the suggestion answers you’re your query. This will help us and others in the community as well.