You could use Azure Rest API Role Assignments - Create or Role Assignments - Create By Id.

You can see that there is a Try It feature in the page but we cannot make it work with an CSP admin, because if we sign in with an CSP admin, the access token will be issued for the CSP admin's tenant rather than customer's tenant by default.

To call Azure rest API, you need an access token for Azure. Please refer to this document.

Here is my sample for your reference:

Get the access token for Azure service in Postman. Sign in with your CSP admin to generate the access token. Remember that you should put the customer's tenant id in Auth URL: https://login.microsoftonline.com/{custopmer's tenant id}/oauth2/v2.0/authorize and Access Token URL: https://login.microsoftonline.com/{custopmer's tenant id}/oauth2/v2.0/token

Use this access token to assign Azure subscription using Role Assignments - Create.