Follow the instructions in this Microsoft article:

https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/register-sharepoint-add-ins

When you have your Add-In registered, do this when you are creating SharePoint Context (using CSOM):

    private void Initialize()
    {
        this.SPCurrentContext = new ClientContext(this.Url);

        if (string.IsNullOrWhiteSpace(this.Domain))
        {
            this.SPCurrentContext.Credentials = new SharePointOnlineCredentials(this.User, ParseToSecureString(this.Password));
        }
        else
        {
            this.SPCurrentContext.Credentials = new NetworkCredential(this.User, ParseToSecureString(this.Password), this.Domain);
        }

        this.RetryCount = Properties.Settings.Default.DefaultRetryCount;
        this.RetryDelay = Properties.Settings.Default.DefaultRetryDelay;
        this.NONISV = Properties.Settings.Default.ClientAppNONISV;

        this.SPCurrentContext.ExecutingWebRequest += delegate (object sender, WebRequestEventArgs e)
        {
            e.WebRequestExecutor.WebRequest.UserAgent = this.NONISV; // This is the TRICK!!!
        };
    }

The NONISV used as User-Agent HTTP Header should be something like:

NONISV|{Your Company Name}|{Your Add-In Name}/1.0

As described here. Good luck!