For official apps, assuming they are confidential clients, you can use client credentials grant. It sounds like the official app and your API will have a pre-established relationship, and your organization also controls the access server. In the client credentials grant the client can just talk to the access server directly and gets a token to use with your API.

If you want to bypass user authorization when the redirect uri is from your company, then you should look at Authorization Code Redirection URI Manipulation, in particular

In order to prevent such an attack, the authorization server MUST
ensure that the redirection URI used to obtain the authorization code
is identical to the redirection URI provided when exchanging the
authorization code for an access token.  The authorization server
MUST require public clients and SHOULD require confidential clients
to register their redirection URIs.  If a redirection URI is provided
in the request, the authorization server MUST validate it against the
registered value.

and you would need to make sure you don’t have any open redirects that match your redirect URI.

Or you can just let users authorize access once and use refresh tokens so they don’t need to re-authorize access.