I don't think their API is designed to be consumed by another backend system because it relies solely on user interaction to authenticate (much like Alexa but in reverse - Alexa needs an OAuth server to authenticate, this system needs a client web-based UI flow to authenticate against their OAuth server). To do it their way you're going to have to write a IWS plugin or open your own HTTPS server and do port forwarding. Specifically, this:
When the user authorizes access, Automatic will make a GET request to the Redirect URL you have specified for you application. A temporary Authorization Code will be included in the code parameter.
So the GET request they send after your initial POST has the temporary code needed in the next POST you have to make in order to get the real access and refresh tokens.
There may be a way I'm just not seeing though, I haven't read their docs thoroughly.
UNLESS, that is, you require customers to get their own access token. From the docs:
During development, it may be easiest to obtain the access token for your own user account and hardcode it into your application. This would need to be removed and replaced with a proper workflow before pushing any application into production or having multiple users. Obtaining an access token for your own user account is simplified with tools in the Developer Apps Manager.
Note that "proper workflow" means the typical customer UI flow for OAuth authentication. So you could build your plugin such that it collects the access token from your plugin's config dialog. Then the user would need to log in to their system and get their own token. I believe there are a few other plugins that do something similar.