> adobe-prod-checklist
Execute Adobe production deployment checklist covering credential management, API health checks, rate limit configuration, and rollback procedures for Firefly Services, PDF Services, and I/O Events integrations. Trigger with phrases like "adobe production", "deploy adobe", "adobe go-live", "adobe launch checklist".
curl "https://skillshub.wtf/jeremylongshore/claude-code-plugins-plus-skills/adobe-prod-checklist?format=md"Adobe Production Checklist
Overview
Complete checklist for deploying Adobe API integrations to production, covering credential security, health monitoring, graceful degradation, and rollback procedures.
Prerequisites
- Staging environment tested and verified
- Production OAuth credentials created in Developer Console
- Deployment pipeline with secret injection
- Monitoring and alerting infrastructure ready
Instructions
Pre-Deployment: Credentials & Configuration
- Production OAuth Server-to-Server credentials created (separate from staging)
-
ADOBE_CLIENT_IDandADOBE_CLIENT_SECRETstored in secret manager (not env files) - Scopes are minimal: only APIs actually used in production
- Token caching implemented (avoid re-generating per request)
- I/O Events webhook endpoints use HTTPS with valid TLS cert
- Webhook challenge response handler implemented (for registration)
Pre-Deployment: Code Quality
- All tests passing (
npm test) - No hardcoded credentials (grep for
p8_prefix patterns) - Error handling covers:
401,403,429,500,503 - Rate limiting/backoff with
Retry-Afterheader support - Webhook signature verification using RSA-SHA256
- Logging redacts credentials and PII
- API response validation (Zod or equivalent)
Pre-Deployment: Infrastructure
- Health check endpoint verifies Adobe IMS token generation:
// api/health.ts
export async function adobeHealthCheck() {
const start = Date.now();
try {
// Test token generation (validates credentials are still valid)
const token = await getAccessToken();
return {
status: 'healthy',
latencyMs: Date.now() - start,
tokenValid: !!token,
};
} catch (error: any) {
return {
status: 'unhealthy',
latencyMs: Date.now() - start,
error: error.message,
};
}
}
- Circuit breaker configured for Adobe API calls
- Graceful degradation: app works (degraded) if Adobe is down
- PDF Services monthly quota tracking (if on free tier)
Deploy: Gradual Rollout
# 1. Pre-flight checks
curl -sf https://staging.example.com/health | jq '.services.adobe'
curl -s https://status.adobe.com | head -5
# 2. Verify production credentials work
curl -s -o /dev/null -w "%{http_code}" -X POST \
'https://ims-na1.adobelogin.com/ims/token/v3' \
-d "client_id=${ADOBE_CLIENT_ID}&client_secret=${ADOBE_CLIENT_SECRET}&grant_type=client_credentials&scope=${ADOBE_SCOPES}"
# Expected: 200
# 3. Deploy canary (10%)
kubectl set image deployment/app app=image:new-version
kubectl rollout pause deployment/app
# 4. Monitor for 10 minutes — check error rates
# Watch for 401 (credential issues), 429 (rate limits), 500 (server errors)
# 5. If healthy, complete rollout
kubectl rollout resume deployment/app
kubectl rollout status deployment/app
Post-Deployment Verification
- Health check endpoint returns
healthyfor Adobe - Test a real API call (e.g., Firefly image generation, PDF extraction)
- Webhook delivery confirmed (check I/O Events dashboard)
- Error rate baseline established in monitoring
- On-call team has
adobe-incident-runbookaccessible
Rollback Procedure
# Immediate rollback
kubectl rollout undo deployment/app
kubectl rollout status deployment/app
# Verify old version is healthy
curl -sf https://production.example.com/health | jq '.services.adobe'
Alert Configuration
| Alert | Condition | Severity |
|---|---|---|
| Adobe Auth Failure | Any 401 errors | P1 — credential issue |
| Adobe Rate Limited | 429 errors > 5/min | P2 — reduce throughput |
| Adobe API Down | 503 errors > 10/min | P2 — enable fallback |
| Adobe High Latency | p99 > 10s | P3 — investigate |
| PDF Quota Low | < 50 transactions remaining | P3 — upgrade or throttle |
Error Handling
| Issue | Cause | Solution |
|---|---|---|
| 401 after deploy | Wrong credentials for environment | Verify secret manager path |
| 429 spike | Traffic increase from new feature | Add rate limiting queue |
| Health check flapping | Token caching not working | Check cache TTL logic |
| Webhook delivery stopped | Challenge response broken | Test webhook registration |
Resources
Next Steps
For version upgrades, see adobe-upgrade-migration.
> related_skills --same-repo
> fathom-cost-tuning
Optimize Fathom API usage and plan selection. Trigger with phrases like "fathom cost", "fathom pricing", "fathom plan".
> fathom-core-workflow-b
Sync Fathom meeting data to CRM and build automated follow-up workflows. Use when integrating Fathom with Salesforce, HubSpot, or custom CRMs, or creating automated post-meeting email summaries. Trigger with phrases like "fathom crm sync", "fathom salesforce", "fathom follow-up", "fathom post-meeting workflow".
> fathom-core-workflow-a
Build a meeting analytics pipeline with Fathom transcripts and summaries. Use when extracting insights from meetings, building CRM sync, or creating automated meeting follow-up workflows. Trigger with phrases like "fathom analytics", "fathom meeting pipeline", "fathom transcript analysis", "fathom action items sync".
> fathom-common-errors
Diagnose and fix Fathom API errors including auth failures and missing data. Use when API calls fail, transcripts are empty, or webhooks are not firing. Trigger with phrases like "fathom error", "fathom not working", "fathom api failure", "fix fathom".