@Kenan_R Welcome to Microsoft Q&A forums.
You are off to a good start.
Since you already created a web app, it can act as an intermediate to query the database on behalf of the authenticated user.
Microsoft.Identity.Web is the library that helps with authentication scenarios.
Please follow the scenario here to protect your API and restrict it to the authenticated user only.
Do let us know if you have further questions.
----------
If an answer is helpful, please "Accept answer" or "Up-Vote" which might help other community members reading this thread.