For web applications hosted on a server to interact with Graph API without needing User level permissions, you can use application permissions. These permissions are used by apps that run without a signed-in user present. For example, apps that run as background services or daemons. Application permissions can only be consented by an administrator.
However, please note that not all operations and APIs support application permissions. Some operations and APIs require delegated permissions, which means they need to be performed on behalf of a user. This is especially true for operations that involve user data.
In such cases, you would need to handle token acquisition, renewal, and expiry. Microsoft provides libraries like MSAL (Microsoft Authentication Library) to simplify this process. You can also use the 'on-behalf-of' flow to acquire tokens for APIs that do not support application permissions.
Thanks,
Prasad Das
*************************************************************************
If the response is helpful, please click "Accept Answer" and upvote it.