@Rachana Koneru Before you can request a token for your API, you need to register it on Azure AD and expose scopes.
In your Web API, you would validate the token (authentication) and parse it to extract scopes/roles from it, checking to make sure the user has access to the API called (authorization).
You can read more about the concepts for a Web API and how you can use built-in features in ASP.NET (Core) to achieve this in your Web API if you are building using C# and .NET in the official docs.