ReddRadar
Agent skill
adobe-prod-checklist
Execute Adobe production deployment checklist covering credential management, API health checks, rate limit configuration, and rollback procedures for Firefly Services, PDF Services, and I/O Events integrations. Trigger with phrases like "adobe production", "deploy adobe", "adobe go-live", "adobe launch checklist".
Install this agent skill to your Project
npx add-skill https://github.com/jeremylongshore/claude-code-plugins-plus-skills/tree/main/plugins/saas-packs/adobe-pack/skills/adobe-prod-checklist
SKILL.md
Adobe Production Checklist
Overview
Complete checklist for deploying Adobe API integrations to production, covering credential security, health monitoring, graceful degradation, and rollback procedures.
Prerequisites
- Staging environment tested and verified
- Production OAuth credentials created in Developer Console
- Deployment pipeline with secret injection
- Monitoring and alerting infrastructure ready
Instructions
Pre-Deployment: Credentials & Configuration
- Production OAuth Server-to-Server credentials created (separate from staging)
-
ADOBE_CLIENT_IDandADOBE_CLIENT_SECRETstored in secret manager (not env files) - Scopes are minimal: only APIs actually used in production
- Token caching implemented (avoid re-generating per request)
- I/O Events webhook endpoints use HTTPS with valid TLS cert
- Webhook challenge response handler implemented (for registration)
Pre-Deployment: Code Quality
- All tests passing (
npm test) - No hardcoded credentials (grep for
p8_prefix patterns) - Error handling covers:
401,403,429,500,503 - Rate limiting/backoff with
Retry-Afterheader support - Webhook signature verification using RSA-SHA256
- Logging redacts credentials and PII
- API response validation (Zod or equivalent)
Pre-Deployment: Infrastructure
- Health check endpoint verifies Adobe IMS token generation:
// api/health.ts
export async function adobeHealthCheck() {
const start = Date.now();
try {
// Test token generation (validates credentials are still valid)
const token = await getAccessToken();
return {
status: 'healthy',
latencyMs: Date.now() - start,
tokenValid: !!token,
};
} catch (error: any) {
return {
status: 'unhealthy',
latencyMs: Date.now() - start,
error: error.message,
};
}
}
- Circuit breaker configured for Adobe API calls
- Graceful degradation: app works (degraded) if Adobe is down
- PDF Services monthly quota tracking (if on free tier)
Deploy: Gradual Rollout
# 1. Pre-flight checks
curl -sf https://staging.example.com/health | jq '.services.adobe'
curl -s https://status.adobe.com | head -5
# 2. Verify production credentials work
curl -s -o /dev/null -w "%{http_code}" -X POST \
'https://ims-na1.adobelogin.com/ims/token/v3' \
-d "client_id=${ADOBE_CLIENT_ID}&client_secret=${ADOBE_CLIENT_SECRET}&grant_type=client_credentials&scope=${ADOBE_SCOPES}"
# Expected: 200
# 3. Deploy canary (10%)
kubectl set image deployment/app app=image:new-version
kubectl rollout pause deployment/app
# 4. Monitor for 10 minutes — check error rates
# Watch for 401 (credential issues), 429 (rate limits), 500 (server errors)
# 5. If healthy, complete rollout
kubectl rollout resume deployment/app
kubectl rollout status deployment/app
Post-Deployment Verification
- Health check endpoint returns
healthyfor Adobe - Test a real API call (e.g., Firefly image generation, PDF extraction)
- Webhook delivery confirmed (check I/O Events dashboard)
- Error rate baseline established in monitoring
- On-call team has
adobe-incident-runbookaccessible
Rollback Procedure
# Immediate rollback
kubectl rollout undo deployment/app
kubectl rollout status deployment/app
# Verify old version is healthy
curl -sf https://production.example.com/health | jq '.services.adobe'
Alert Configuration
| Alert | Condition | Severity |
|---|---|---|
| Adobe Auth Failure | Any 401 errors |
P1 — credential issue |
| Adobe Rate Limited | 429 errors > 5/min |
P2 — reduce throughput |
| Adobe API Down | 503 errors > 10/min |
P2 — enable fallback |
| Adobe High Latency | p99 > 10s | P3 — investigate |
| PDF Quota Low | < 50 transactions remaining | P3 — upgrade or throttle |
Error Handling
| Issue | Cause | Solution |
|---|---|---|
| 401 after deploy | Wrong credentials for environment | Verify secret manager path |
| 429 spike | Traffic increase from new feature | Add rate limiting queue |
| Health check flapping | Token caching not working | Check cache TTL logic |
| Webhook delivery stopped | Challenge response broken | Test webhook registration |
Resources
Next Steps
For version upgrades, see adobe-upgrade-migration.
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
jeremylongshore/claude-code-plugins-plus-skills
dockerfile-generator
Dockerfile Generator - Auto-activating skill for DevOps Basics. Triggers on: dockerfile generator, dockerfile generator Part of the DevOps Basics skill category.
jeremylongshore/claude-code-plugins-plus-skills
branch-naming-helper
Branch Naming Helper - Auto-activating skill for DevOps Basics. Triggers on: branch naming helper, branch naming helper Part of the DevOps Basics skill category.
jeremylongshore/claude-code-plugins-plus-skills
readme-generator
Readme Generator - Auto-activating skill for DevOps Basics. Triggers on: readme generator, readme generator Part of the DevOps Basics skill category.
jeremylongshore/claude-code-plugins-plus-skills
makefile-generator
Makefile Generator - Auto-activating skill for DevOps Basics. Triggers on: makefile generator, makefile generator Part of the DevOps Basics skill category.
jeremylongshore/claude-code-plugins-plus-skills
gitignore-generator
Gitignore Generator - Auto-activating skill for DevOps Basics. Triggers on: gitignore generator, gitignore generator Part of the DevOps Basics skill category.
jeremylongshore/claude-code-plugins-plus-skills
pre-commit-hook-setup
Pre Commit Hook Setup - Auto-activating skill for DevOps Basics. Triggers on: pre commit hook setup, pre commit hook setup Part of the DevOps Basics skill category.
Didn't find tool you were looking for?