Merge pull request #215586 from cilwerner/patch-1

v-regandowner · web-flow · commit 46ef7997b8bc · 2022-10-24T10:32:32.000-04:00
[msid][content-health] scenario-web-app-call-api-overview.md (ADO-2002424)
diff --git a/articles/active-directory/develop/scenario-web-api-call-api-overview.md b/articles/active-directory/develop/scenario-web-api-call-api-overview.md
@@ -9,9 +9,9 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 03/03/2021
+ms.date: 10/24/2022
 ms.author: jmprieur
-ms.custom: aaddev, identityplatformtop40
+ms.custom: aaddev, identityplatformtop40, engagement-fy23
 #Customer intent: As an application developer, I want to know how to write a web API that calls web APIs by using the Microsoft identity platform.
 ---
 
@@ -27,11 +27,12 @@ This scenario, in which a protected web API calls other web APIs, builds on [Sce
 
 - A web, desktop, mobile, or single-page application client (not represented in the accompanying diagram) calls a protected web API and provides a JSON Web Token (JWT) bearer token in its "Authorization" HTTP header.
 - The protected web API validates the token and uses the Microsoft Authentication Library (MSAL) `AcquireTokenOnBehalfOf` method to request another token from Azure Active Directory (Azure AD) so that the protected web API can call a second web API, or downstream web API, on behalf of the user. `AcquireTokenOnBehalfOf` refreshes the token when needed.
-![Diagram of a web API calling a web API](media/scenarios/web-api.svg)
+
+![Diagram of a web app calling a web API.](media/scenarios/web-api.svg)
 
 ## Specifics
 
-The app registration part that's related to API permissions is classical. The app configuration involves using the OAuth 2.0 On-Behalf-Of flow to use the JWT bearer token for obtaining a second token for a downstream API. The second token in this case is added to the token cache, where it's available in the web API's controllers. This second token can be used to acquire an access token silently to call downstream APIs whenever required. 
+The app registration part that's related to API permissions is classical. The app configuration involves using the [OAuth 2.0 On-Behalf-Of flow](v2-oauth2-on-behalf-of-flow.md) to use the JWT bearer token for obtaining a second token for a downstream API. The second token is added to the token cache, where it's available in the web API's controllers. This second token can be used to acquire an access token silently to call downstream APIs whenever required. 
 
 ## Next steps
 
