First, find your Azure AD App's Service Principal ID.
Use the Service Principal ID for the principalId field, and set principalType as "ServicePrincipal".
{
"properties": {
"roleDefinitionId": "/subscriptions/YOUR_SUBSCRIPTION_ID/providers/Microsoft.Authorization/roleDefinitions/CONTRIBUTOR_ROLE_ID",
"principalId": "YOUR_SERVICE_PRINCIPAL_ID",
"principalType": "ServicePrincipal"
}
}
Use the Azure REST API endpoint you have (or Azure SDK) to assign the role.
this is the step-by-step approach to add an Azure AD App as a contributor to a subscription: