I am trying to grant permissions to my Web App/API type application in Azure directory to use Azure Key Vault.
When I Required Permissions> Add API Access > Select an API, then there I can't find Azure Key Vault. I remember it was there before but not now. Where I can find it?
Image: https://ibb.co/dswdXq
Behavior shown in your image - Azure Key Vault missing from "Select an API" blade
I have seen the behavior your image shows for a new Azure subscription, only when there were no Key Vaults so far in the Azure subscription linked to that Azure Active Directory.
Once you create a new Key Vault (you don't even need to add any keys), "Azure Key Vault" shows up while adding permissions to your app registrations in Azure AD (same steps as your image). At least, that's how it worked in my case.
Special case worth mention
You can create multiple Azure AD's in your Azure subscription and register your applications in any of them. Azure Key Vault although works in a special way and is linked to only one Azure AD, this is the Azure AD that your Azure subscription trusts (Azure Subscription also trusts only one Azure AD). So you could also run into the behavior shown in your image if you're registering application in a different Azure AD than the one your Azure subscription trusts.
Granting permissions to your Web App/API to use Key Vault
In most cases it's not even required to do the steps you're showing in your image, just for a web application to be able to access key vault since that is controlled by Azure Key Vault access policies. @junnas has already explained this part very well so you can refer to that.
You can go to your Key Vault -> Access Policies -> Add, and create a new policy for the app. Select the app as the principal, and give it the access you want. You don't need to touch the Authorized application option.
You should then be able to acquire tokens for Key Vault using the client id and secret (or certificate). Key Vault does not require that you assign it to an app, unless you wanted to do delegated access. In fact any app can acquire a token for any API that exists as a service principal in your tenant (and Key Vault does). Of course the token itself won't contain any permissions, but Key Vault has their own access management (access policies).
