I you are using azure ad identity then you can use a clientid & secret. in your azure ad app configuration portal, add api permission and define a secret.
note: a disassemble of the mobile app will reveal the secret. A better approach is some sort of registration of the mobile app that retrieves the secret from the api website and stores encrypted. also it is a good idea that the secret expires and must be updated.