PR review edit

Author: ktoliver

articles/active-directory/develop/howto-add-app-roles-in-azure-ad-apps.md

@@ -173,10 +173,10 @@ Because these are _application permissions_, not delegated permissions, an admin
 
 The **Status** column should reflect that consent has been **Granted for \<tenant name\>**.
 
-<a name="#use-app-roles-in-your-web-api"></a>
+<a name="use-app-roles-in-your-web-api"></a>
 ## Usage scenario of app roles
 
-If you're implementing app role business logic that signs in the users in your application scenario, first define the app roles in **App registration**, and then an admin assigns them to users and groups in the **Enterprise applications** pane. These assigned app roles are included with any token that's issued for your application, either access tokens when your app is the API being called by an app, or ID tokens when your app is signing in a user. 
+If you're implementing app role business logic that signs in the users in your application scenario, first define the app roles in **App registration**. Then, an admin assigns them to users and groups in the **Enterprise applications** pane. These assigned app roles are included with any token that's issued for your application, either access tokens when your app is the API being called by an app or ID tokens when your app is signing in a user. 
 
 If you're implementing app role business logic in an app-calling-API scenario, you have two app registrations. One app registration is for the app, and a second app registration is for the API. In this case, define the app roles and assign them to the user or group in the app registration of the API. When the user authenticates with the app and requests an access token to call the API, a roles claim is included in the access token. Your next step is to add code to your web API to check for those roles when the API is called.