Enabling AD Authentication on Azure Functions - Web APIs - how to aquire tokens to call APIs?

Question

I have a demo / bogus azure function app that by default is open to anyone. It has a hello world function. Its using "AuthorizationLevel.Anonymous" So far so good - it's wide open and anyone can call it.
Now I need to ensure that only users within our organization can consume this API. So I followed this tutorial: https://docs.microsoft.com/en-us/azure/app-service/scenario-secure-app-authentication-app-service

When I try to call my demo function from a browser I get a 401 unauthorized error which is a good thing I guess - that's what I requested when unauthorized users try to hit my API.

From what I've read, I in order to call this API now, I have to pass it a token. But this is where it's not clear to me how / where I get this token.

If I create the new application registration and change the "Unauthenticated requests" from the 401 to 302 option, it correctly redirects me to the Microsoft Login prompt when I try to call my API. I enter my creds and then the function works. The issue is that the callers of my API will be doing so programmatically and not manually by a person.

So far I've been checked all the related links listed in that tutorial but I haven't found what I'm looking for. Or maybe I missed it.

Any tips would be appreciated. I think I just need to read the right article / doc that will help me understand the big picture for this specific use case.

Thanks.

EDIT 1

In case it helps, here's a screen shot of the output from my integration assistant wizard. I selected "web api" as the type of application I'm trying to build:

Answer 1

From the documentation you posted:

"In the App Service authentication settings section, leave Authentication set to Require authentication and Unauthenticated requests set to HTTP 302 Found redirect: recommended for websites."

If that's set then there's something wrong with the website.