@thunder12 APIM does provide Send Request policy which you can leverage in your inbound policy along with the C# expression to initiate any request before calling your backend services.
This article has the details of how you can Access Token Acquisition, Caching, and Renewal within your policy. To build the SharePoint online token you can refer to this discussion on what URL endpoint call you to need to initiate and accordingly update your policy as per your requirement.
To get more familiar with the SharePoint REST services you can refer to this document.