One critical piece that I forgot (or rather overlooked) that needs to be mentioned is what is called the “Headless” connection. This is a connection to your Dynamics tenant that does not use a Username or Password combination and does not prompt the user to enter in their credentials when accessing.
In my previous examples, my Application type was “native”, however, for this to work in a headless modality in a web api world, this needs to be configured as Web app / API. If not configured this way, you will always be prompted for access to your Dynamics
Once you have done this, you then need to ensure that your application exists in Dynamics to access your system. This forum post is especially helpful in going through the steps to complete this process.
After adding my user, I added a custom security role to our solution specifically for my application that limited it’s freedom within Dynamics.