Server-side auth and request timeouts to Facebook?

Part of my app requires login and is not able to use client-side authentication with javascript etc, so requests authentication server-side using http request on:

https://graph.facebook.com/oauth/access_token?client_id=[app_id]&client_secret=[secret]&redirect_uri=[uri]&code=[code]

This works fine, most of the time. However I intermittently get timeout/null responses back from this request. I can run a tool which will request this page over and over, and will succeed about 80-90% of the time. As soon as one failure occurs, all requests fail, for any user, for a few seconds and then it works again.

Has anyone else experienced something like this, or do you know if there is a cap on requests which facebook will cut off over a certain threshold? I can't find any information that sounds similar in the documentation.

It is because if you send too much requests, facebook thinks you want to make a DDOS attack and block your requests for a while.

You must retreive the token only once for your session. Other way it certainly turning FB defending against throtting. However, if you're not apply for 'offline_access' special permission, your token has expiration time. Default is retentionPeriod=2 and retentionUnit=hour. maybe you should ask for

scope=offline_access

into your permission, then only retreive the user token once. In addition you need to perform a

try{my api call} catch(bad token){ reload the new token and retry } 

which is re-ask the token if any API call failed with authenticaion error.

In app Insights, you can check API throtting from diagnostics page, and also most common errors from performance page. If you don't see any error or nothing been throttled, you could probably change the app logic, request the token again if you get timeout/null responses.