You can see more info and a sample request (and response) here.
Once you get the short-lived token, you have an hour to exchange it for a long-lived one. You can run this request in the Graph Explorer, though I personally recommend using Postman instead. It's much more user friendly, and you can create templates and variables.
Generating a short-lived access token requires me to manually login though. I need this to be programatic.
I'm pretty sure it's against Meta policy to auto-authenticate on behalf of a user using their credentials. Even if you're the owner of the account, and the app is for internal use.
The first step to receiving a token is always via the Instagram/Facebook login form, so that's a "must" for any flow. Keep in mind, you only have to do this once, when the user authenticates and authorizes the app. When that first authorization takes place is when you exchange the short-term token with a long-term one. You can then refresh (extend) it as many times as needed, thus keeping it valid until the user deauthorizes your app, or you fail to refresh it in time and it expires.
That said, you could try to automate the login with a tool like Selenium, but I would not recommend it. It's likely to get your profile locked or even banned.