Firstly, here's a great read in case you haven't seen it yet.
Delegated permissions, Application permissions, and effective permissions - Microsoft Graph permissions reference.
What are the required permissions in both Delegated and Application tabs for fetching both users and groups?
You can understand the required permissions for each api by looking at relevant documentation. With the information you've shared in your question..
For users/{1}/memberOf it will be List memberOf
For getting all groups - List Groups
If it's just these two calls in your application, Directory.Read.All would be the least privilege required. In case there are other calls, look at their documentation.
Do I need Application permissions since this is an API and my UI is deployed in azure separately?
This will depend on whose context do you acquire the token to call Microsoft Graph API. Share a little more information on your code.. OAuth flow you use to acquire token and you might get better suggestions specific to your application. In general though,
If you acquire the token as a user, then Delegated permissions (Example if you acquire token by prompting the user for credentials and from a flow perspective if you're using say Authorization code or Implict grant flow)
If you acquire the token as an application, then Application permissions (Example if you use only clientId, clientSecret/certificate to acquire token using Client Credentials flow)
Admin Consent is required or not?
This depends on what permissions you finally end up deciding as required for your application.
You can see it directly in Azure portal.. when setting required permissions fro your application, each permission has a yes or no next to it to indicate whether Admin consent is required or not. Just as example see screenshot below.
Microsoft Graph Permissions Reference.. the first link I had shared has all permissions documented. Example here is one that is relevant for you.
