What should I ask for?
As you know do tokens only need to be refreshed every 20 minutes. A single game client connects to the login service rather infrequently compared to the rest of the traffic a client produces. This creates a baseline for how frequently a single IP address tries to connect.
Now when your app checks i.e. 1000 characters then your traffic to the login server, coming from a single IP address, stands out by a factor of 1000. This is no small difference.
You may only think it’s normal for your app, but the DDoS mitigation system, which will use its own heuristics, may decide that it’s just too high and as a result starts to limit you.
This has little to do with your browsing behaviour on Amazon.
That’s why I want feedback from CCP.
The same you are asking from CCP. Ask them for help.
Be more specific. I asked CCP to whitelist my IP from their DDOS system.
“Hello hoster, help!”
Zkillboard has about 70k character refresh tokens and 7.5k corporation refresh tokens. No issues there.
When you think zkillboard hasn’t got the same issues then it’s only more reason for you to check on your end, which is something you’re trying to avoid.
I did and I can’t find any issues, that’s why I’m hoping for CCP to respond. Anything particular you want me to check that applies to a server (not a PC)?
I don’t know anything about your server, which is why I’m telling you to contact your support. I’m not your support.
My support says everything looks good on their end.
You need to get them to see your problem.
They do. And there’s no problem.
So you don’t have a problem?
None that I nor my hosting provider can do anything about. That’s why I’m hoping for feedback from CCP.
Can you ask them to temporarily move your app to a different node with a different IP address for a comparison?
You can also try and find a free hosting service, which is compatible to your app, and test it there and see if it works.
I tried that and it fails due to certificate issues. And I hope that I don’t have to do that every other day due to the DDOS protection blocking one node after another.
inb4 the DDoS came from EVE apps 
No. ESI-based apps usually run from a single host. Some folks have driven ESI to its limit and given CCP some headaches, but DDoS is a distributed attack. If it came from a single site then that’s rather easy to shut down. ESI itself then has an error and rate limiter build in and will stop responding for a while when it’s triggered.
I’m not sure if it’s related, but it appears that a couple of days ago, CCP lost 85% of its IPv4 peers (from 71 to just 11). It might mean nothing, it might mean everything:
The attack took place on the 1st and CCP then let a DDoS specialist scrub their traffic, which may possibly be what the graphic shows.