I don’t think you can get refresh tokens for the Management API.
For your own defined APIs, you can request the offline_access
scope to get refresh tokens.
Since your calls are coming from a backend, the client credentials grant is a good way to get tokens.
Here is a similar question and answer: