I have an backend application registered in my organization and we have so many clients are consuming those API's. We have also registered Client Application and given permissions to the Backend API.
My Azure APIM API Inbound Policy expecting a token and validating it before sending the requesting to the Backend Application.
As a API owner, we need to test my API's which are published in the Azure APIM. I have the following questions on this.
1)if the API owner want to test the Applications, how they will get a token?
2) Is it possible to give the permissions to the Users/AD groups to the Backend API's? if yes, how can we get the token with out the client credentials?
Please help me here to understand how we can achieve this in Azure.