Thanks @tyf. From the references you shared, I just figured out that the backend and frontend needn’t share the same application.
I created another M2M application for backend and configured through it. Its working like a charm now.
Just one more advice I needed, should I get a new access token for every request?
Or I should use the fetched token until it expires?