Thank you for posting your query on Microsoft Q&A, from above description I could understand that you are looking to add API permission in an existing Entra ID registered App via Bicep template.
Please do correct me if this is not the case by responding in the comments.
We don't have a direct way to make changes to Entra ID App registration via Bicep.
Use the MS Graph provider (in Private Preview, which is not currently accepting new members until sometime this year)
Use a Deployment Script, like this doc suggests: https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/deployment-script-bicep#use-microsoft-graph-within-a-deployment-script
As per deployment scripts in Bicep using the deploymentScripts resource, you can run scripts in Bicep deployments and review execution results. You can use these scripts to perform only following custom steps such as:
- Add users to a directory.
- Perform data plane operations; for example, copy blobs or seed a database.
- Look up and validate a license key.
- Create a self-signed certificate.
- Create an object in Microsoft Entra ID.
- Look up IP address blocks from a custom system.
Referring to Quickstart templates I found a sample to Use a deployment script to create Azure AD objects
Also following the Bicep Community Call - July '23 I was able to find that this is on the roadmap. The current timelines are as follows:
Please "Accept the answer (Yes)" and "share your feedback ". This will help us and others in the community as well.
Thanks,
Akshay Kaushik