I'm reading the force.com REST API guide, specifically, the area around authentication.
Salesforce does not recommend using the username-password flow unless absolutely necessary.
My question is:
Is the username-password flow the only flow that will work if a backend process in my software needs to connect to Salesforce and pull data? With both the web server oauth and user agent oauth flow, it seems user interaction is required via a web interface.
The OAuth 2.0 JWT Bearer Token flow is a good choice for server to server communication where you don't want any user interaction. The communication is secured via a pre-created certificate. Scroll down this Digging Deeper into OAuth 2.0 on Force.com article and you'll see this flow discussed.
There is sample Java code and sample Apex code available and you should be able to create a solution in other languages of your choice providing the necessary cryptography logic is available.