Since this is an API that you'll probably want to authorize external users to call, then the app registration for the api should be in U2. If the API itself needs to call an Azure resource which resides in a subscription under the AAD tenant (U1), then it can also have another app registration in U1 so that it'll be able to make such calls with the U1 client id and secret. Or it can simply use something like a connection string.
Whether an app is multi-tenant or a single tenant indicates whether it will allow users only from this directory, or from other directories as well, that is needed in cases where your B2C tenant is federated with an AAD tenant, so that employees can login to the same app much like external users, among many other uses. If all you need is signup/signin for external users, then single tenant will do.