This thread where I muse in real-time about this is somewhat out of date, but will probably inspire you a bit. (Consulting the updated docs about this would help you too.)
I don’t have an example of this but you would build an authentication endpoint in your app (which could now be either a GET or POST) and that would return the authentication token and then that can be used by the next webhook. Alternatively if such a facility is not available, you could pass the users credentials to an endpoint that logs the user in, gets the auth token then does whatever you need the Data API to do and returns the right values.
Anyway, links to the docs are included in the thread. I can’t think of a more helpful explanation than this, even though it’s not an absolute answer.
Whether you can do this entirely programmatically depends on a lot of different factors.