SharePoint

f:: Microsoft Graph

Controlling app access on a specific SharePoint site collections is now available in Microsoft Graph - Microsoft 365 Developer Blog

For example, if I wanted to grant the Foo application write permission to a single site collection, I would make this call:

Graph Explorer | Try Microsoft Graph APIs - Microsoft Graph

POST https://graph.microsoft.com/v1.0/sites/{siteId}/permissions

{
    "roles": [
        "write"
    ],
    "grantedToIdentities": [
        {
            "application": {
                "id": "89ea5c94-7736-4e25-95ad-3fa95f62b66e",
                "displayName": "Foo App"
            }
        }
    ]
}

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#sites('...')/permissions/$entity",
    "id": "...",
    "roles": [
        "write"
    ],
    "grantedToIdentitiesV2": [
        {
            "application": {
                "displayName": "Foo App",
                "id": "89ea5c94-7736-4e25-95ad-3fa95f62b66e"
            }
        }
    ],
    "grantedToIdentities": [
        {
            "application": {
                "displayName": "Foo App",
                "id": "89ea5c94-7736-4e25-95ad-3fa95f62b66e"
            }
        }
    ]
}