Prod Checklist for MindTickle. Trigger: "mindtickle prod checklist".
MindTickle powers sales readiness at scale, managing user provisioning via SCIM, course progress tracking across thousands of reps, and quiz completion data that feeds pipeline forecasting. A production integration must enforce multi-tenant isolation through company-specific headers, handle SCIM provisioning race conditions during bulk onboarding, and ensure quiz score integrity under concurrent submissions. Misconfigurations here can leak training data across tenants, corrupt completion records, or silently drop user provisioning events during org restructures.
X-Company-Id)X-Company-Id header injected server-side (never exposed to client)https://api.mindtickle.com/v2 (production, not sandbox)X-Company-Id header included on every request for tenant isolationX-RateLimit-* response headers)limit and offset)X-Company-Id at API gateway levelasync function validateMindTickleProduction(apiKey: string, companyId: string): Promise<void> {
const base = 'https://api.mindtickle.com/v2';
const headers = {
Authorization: `Bearer ${apiKey}`,
'X-Company-Id': companyId,
'Content-Type': 'application/json',
};
// 1. Connectivity check
const ping = await fetch(`${base}/health`, { headers, signal: AbortSignal.timeout(5000) });
console.assert(ping.ok, `API unreachable: ${ping.status}`);
// 2. Auth and tenant validation
const users = await fetch(`${base}/users?limit=1`, { headers });
console.assert(users.status !== 401, 'Invalid API key');
console.assert(users.status !== 403, 'Company ID rejected — check tenant config');
console.assert(users.ok, `Users endpoint failed: ${users.status}`);
// 3. Rate limit headroom
const remaining = parseInt(users.headers.get('X-RateLimit-Remaining') ?? '0');
console.assert(remaining > 20, `Rate limit headroom low: ${remaining} remaining`);
// 4. SCIM endpoint reachable
const scimUrl = process.env.MINDTICKLE_SCIM_URL;
if (scimUrl) {
const scim = await fetch(`${scimUrl}/Users?count=1`, {
headers: { Authorization: `Bearer ${process.env.MINDTICKLE_SCIM_TOKEN}` },
signal: AbortSignal.timeout(5000),
});
console.assert(scim.ok, `SCIM endpoint failed: ${scim.status}`);
}
// 5. Course listing works
const courses = await fetch(`${base}/courses?limit=1`, { headers });
console.assert(courses.ok, `Courses endpoint failed: ${courses.status}`);
console.log('All MindTickle production checks passed');
}
| Check | Risk if Skipped | Priority |
|---|---|---|
| X-Company-Id tenant isolation | Cross-tenant data leak, compliance violation | Critical |
| SCIM conflict handling | Duplicate users or dropped provisioning during bulk onboard | Critical |
| Quiz submission retry queue | Lost quiz scores corrupt sales readiness metrics | Critical |
| Idempotent progress writes | Duplicate course completions inflate training KPIs | High |
| IdP-MindTickle user reconciliation | Ghost accounts retain access after offboarding | High |
See mindtickle-security-basics.