https://learn.microsoft.com/en-us/rest/api/resources/resourcegroups/createorupdate
Authentication for this call is Azure Active Directory OAuth2 Flow, however I am unable to use impersonation and it will be running as a function.
To call the graph api I would set up something like this.
var nvc = new List<KeyValuePair<string, string>>();
nvc.Add(new KeyValuePair<string, string>("client_id", Config.ServicePrincipalId));
nvc.Add(new KeyValuePair<string, string>("scope", "https://graph.microsoft.com/.default"));
nvc.Add(new KeyValuePair<string, string>("client_secret", Config.ServicePrincipalKey));
nvc.Add(new KeyValuePair<string, string>("grant_type", "client_credentials"));
Any idea what my scope would be for this call or a good reference on where I can find scopes for creating a bunch of different things in Azure?
TIA
First of all, you can't manage Azure resources with Graph API, so you don't need it. And you absolutely correctly referred to the Azure Resource Manager Rest API, just use the client credential OAuth flow (instead of using user impersonation) to get access token with which you can then call API. Something like this:
Azure Resource Manager API
Or you can use SDK, here is C# example:
Resource Manager SDK