diff --git a/.github/actions/build-oas-spec/action.yml b/.github/actions/build-oas-spec/action.yml
new file mode 100644
index 00000000..12edacc9
--- /dev/null
+++ b/.github/actions/build-oas-spec/action.yml
@@ -0,0 +1,68 @@
+name: "Build OAS Spec"
+description: "Build OAS Spec"
+
+inputs:
+  version:
+    description: "Version number"
+    required: true
+  apimEnv:
+    description: "APIM environment"
+    required: true
+  buildSandbox:
+    description: "Whether to build the sandbox OAS spec"
+    required: false
+    default: false
+  nodejs_version:
+    description: "Node.js version, set by the CI/CD pipeline workflow"
+    required: true
+  NODE_AUTH_TOKEN:
+    description: "Token for access to github package registry"
+    required: true
+
+runs:
+  using: composite
+
+  steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+    - uses: actions/setup-node@v4
+      with:
+        node-version: ${{ inputs.nodejs_version }}
+        registry-url: 'https://npm.pkg.github.com'
+
+    - name: "Cache node_modules"
+      uses: actions/cache@v4
+      with:
+        path: |
+          **/node_modules
+        key: ${{ runner.os }}-node-${{ inputs.nodejs_version }}-${{ hashFiles('**/package-lock.json') }}
+        restore-keys: |
+          ${{ runner.os }}-node-${{ inputs.nodejs_version }}-
+
+    - name: Npm install
+      working-directory: .
+      env:
+        NODE_AUTH_TOKEN: ${{ inputs.NODE_AUTH_TOKEN }}
+      run: npm ci
+      shell: bash
+
+    - name: Build ${{ inputs.apimEnv }} oas
+      working-directory: .
+      env:
+        APIM_ENV: ${{ inputs.apimEnv }}
+      shell: bash
+      run: |
+        if [ ${{ env.APIM_ENV }} == "internal-dev-sandbox" ] && [ ${{ inputs.buildSandbox }} == true ]
+        then
+          echo "Building sandbox OAS spec"
+          make build-json-oas-spec APIM_ENV=sandbox
+        else
+          echo "Building env specific OAS spec"
+          make build-yml-oas-spec APIM_ENV=${{ env.APIM_ENV }}
+        fi
+
+    - name: Upload API OAS specification artifact
+      uses: actions/upload-artifact@v4
+      with:
+        path: "build"
+        name: api-oas-specification-${{ inputs.apimEnv }}${{ inputs.version != '' && format('-{0}', inputs.version) || '' }}
diff --git a/.github/actions/build-proxies/action.yml b/.github/actions/build-proxies/action.yml
index 5dcb872d..fe6f4064 100644
--- a/.github/actions/build-proxies/action.yml
+++ b/.github/actions/build-proxies/action.yml
@@ -25,39 +25,16 @@ inputs:
     description: "Name of the Component to deploy"
     required: true
     default: 'api'
-  nodejs_version:
-    description: "Node.js version, set by the CI/CD pipeline workflow"
-    required: true
-  NODE_AUTH_TOKEN:
-    description: "Token for access to github package registry"
-    required: true
 
 runs:
   using: composite
 
   steps:
-    - name: Checkout
-      uses: actions/checkout@v4
-    - uses: actions/setup-node@v4
-      with:
-        node-version: ${{ inputs.nodejs_version }}
-        registry-url: 'https://npm.pkg.github.com'
-
-    - name: "Cache node_modules"
-      uses: actions/cache@v4
+    - name: Download OAS Spec artifact
+      uses: actions/download-artifact@v4
       with:
-        path: |
-          **/node_modules
-        key: ${{ runner.os }}-node-${{ inputs.nodejs_version }}-${{ hashFiles('**/package-lock.json') }}
-        restore-keys: |
-          ${{ runner.os }}-node-${{ inputs.nodejs_version }}-
-
-    - name: Npm install
-      working-directory: .
-      env:
-        NODE_AUTH_TOKEN: ${{ inputs.NODE_AUTH_TOKEN }}
-      run: npm ci
-      shell: bash
+        name: api-oas-specification-${{ inputs.apimEnv }}${{ inputs.version != '' && format('-{0}', inputs.version) || '' }}
+        path: ./build
 
     - name: Setup Proxy Name and target
       shell: bash
@@ -87,21 +64,10 @@ runs:
           echo "MTLS_NAME=notify-supplier-mtls-pr$PR_NUMBER" >> $GITHUB_ENV
         fi
 
-    - name: Build ${{ inputs.apimEnv }} oas
-      working-directory: .
-      env:
-        APIM_ENV: ${{ inputs.apimEnv }}
+    - name: Set APIM_ENV
       shell: bash
       run: |
-        if [ ${{ env.APIM_ENV }} == "internal-dev-sandbox" ] && [ ${{ inputs.buildSandbox }} == true ]
-        then
-          echo "Building sandbox OAS spec"
-          make build-json-oas-spec APIM_ENV=sandbox
-        else
-          echo "Building env specific OAS spec"
-          make build-json-oas-spec APIM_ENV=${{ env.APIM_ENV }}
-        fi
-
+        APIM_ENV="${{ inputs.apimEnv }}"
         if [[ $APIM_ENV == *-pr ]]; then
           echo "Removing pr suffix from APIM_ENV after building OAS and calling proxygen"
           APIM_ENV=$(echo "$APIM_ENV" | sed 's/-pr$//')
diff --git a/.github/actions/build-sdk/action.yml b/.github/actions/build-sdk/action.yml
index 1231b2c2..567d33c8 100644
--- a/.github/actions/build-sdk/action.yml
+++ b/.github/actions/build-sdk/action.yml
@@ -55,12 +55,6 @@ runs:
       run: |
         make build VERSION="${{ inputs.version }}"
 
-    - name: Upload API OAS specification artifact
-      uses: actions/upload-artifact@v4
-      with:
-        path: "build"
-        name: api-oas-specification-${{ inputs.version }}
-
     - name: Upload html artifact
       uses: actions/upload-artifact@v4
       with:
diff --git a/.github/workflows/manual-proxy-environment-deploy.yaml b/.github/workflows/manual-proxy-environment-deploy.yaml
index c8ca20fe..d5e50230 100644
--- a/.github/workflows/manual-proxy-environment-deploy.yaml
+++ b/.github/workflows/manual-proxy-environment-deploy.yaml
@@ -77,6 +77,13 @@ jobs:
           echo "ENVIRONMENT=$ENVIRONMENT" >> $GITHUB_ENV
           echo "APIM_ENV=$APIM_ENV" >> $GITHUB_ENV
 
+      - name: "Build OAS spec"
+        uses: ./.github/actions/build-oas-spec
+        with:
+          apimEnv: "${{ env.APIM_ENV }}"
+          buildSandbox: ${{ inputs.build_sandbox }}
+          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
       - name: "Build proxies"
         env:
           PROXYGEN_API_NAME: nhs-notify-supplier
@@ -90,4 +97,3 @@ jobs:
           runId: "${{ github.run_id }}"
           buildSandbox: ${{ inputs.build_sandbox }}
           releaseVersion: ${{ github.ref_name }}
-          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/stage-3-build.yaml b/.github/workflows/stage-3-build.yaml
index 474b9094..f8e34e8b 100644
--- a/.github/workflows/stage-3-build.yaml
+++ b/.github/workflows/stage-3-build.yaml
@@ -55,9 +55,48 @@ jobs:
           version: "${{ inputs.version }}"
           NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
+  artefact-oas-spec:
+    name: "Build OAS spec (${{ matrix.apimEnv }})"
+    if: (github.event_name == 'push' && github.ref == 'refs/heads/main')
+    runs-on: ubuntu-latest
+    needs: [artefact-jekyll-docs]
+    timeout-minutes: 10
+    strategy:
+      matrix:
+        apimEnv: [internal-dev-pr, internal-dev, int, ref, prod]
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v5
+      - name: "Build OAS spec"
+        uses: ./.github/actions/build-oas-spec
+        with:
+          version: "${{ inputs.version }}"
+          apimEnv: "${{ matrix.apimEnv }}"
+          buildSandbox: false
+          nodejs_version: ${{ inputs.nodejs_version }}
+          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  artefact-oas-spec-sandbox:
+    name: "Build OAS spec for sandbox"
+    runs-on: ubuntu-latest
+    needs: [artefact-jekyll-docs]
+    timeout-minutes: 10
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v5
+      - name: "Build proxies"
+        uses: ./.github/actions/build-oas-spec
+        with:
+          version: "${{ inputs.version }}"
+          apimEnv: "internal-dev-sandbox"
+          buildSandbox: true
+          nodejs_version: ${{ inputs.nodejs_version }}
+          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
   artefact-sdks:
     name: "Build SDKs"
     runs-on: ubuntu-latest
+    needs: [artefact-oas-spec]
     timeout-minutes: 10
     steps:
       - name: "Checkout code"
@@ -94,6 +133,7 @@ jobs:
   pr-create-dynamic-environment:
     name: Create Dynamic Environment
     runs-on: ubuntu-latest
+    if: inputs.pr_number != ''
     steps:
       - uses: actions/checkout@v5
       - name: Trigger dynamic environment creation
@@ -117,7 +157,8 @@ jobs:
   artefact-proxies:
     name: "Build proxies"
     runs-on: ubuntu-latest
-    needs: [pr-create-dynamic-environment]
+    if: inputs.pr_number != ''
+    needs: [artefact-oas-spec-sandbox, pr-create-dynamic-environment]
     timeout-minutes: 10
     env:
       PROXYGEN_API_NAME: nhs-notify-supplier
@@ -136,5 +177,3 @@ jobs:
           runId: "${{ github.run_id }}"
           buildSandbox: true
           releaseVersion: ${{ github.head_ref || github.ref_name }}
-          nodejs_version: ${{ inputs.nodejs_version }}
-          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/stage-5-publish.yaml b/.github/workflows/stage-5-publish.yaml
index 1bf1ac45..2d418c4b 100644
--- a/.github/workflows/stage-5-publish.yaml
+++ b/.github/workflows/stage-5-publish.yaml
@@ -40,6 +40,9 @@ jobs:
     name: "Publish packages"
     runs-on: ubuntu-latest
     timeout-minutes: 10
+    outputs:
+      release_id: ${{ steps.create_release.outputs.id }}
+      upload_url: ${{ steps.create_release.outputs.upload_url }}
 
     steps:
       - name: "Checkout code"
@@ -87,12 +90,6 @@ jobs:
           path: ./artifacts/sdk-csharp-${{ inputs.version }}
           name: sdk-csharp-${{ inputs.version }}
 
-      - name: "Get the artefacts 8"
-        uses: actions/download-artifact@v6
-        with:
-          path: ./artifacts/api-oas-specification-${{ inputs.version }}
-          name: api-oas-specification-${{ inputs.version }}
-
       # Take out for now - might add again in the future
       # - name: "Get the artefacts 9"
       #   uses: actions/download-artifact@v6
@@ -207,22 +204,6 @@ jobs:
           asset_name: sdk-csharp-${{ inputs.version }}.zip
           asset_content_type: "application/gzip"
 
-      - name: "zip api OAS specification release asset"
-        # GitHub pages needs a single tar called artifact inside the zip.
-        working-directory: ./artifacts/api-oas-specification-${{ inputs.version }}
-        run: zip -r ../api-oas-specification-${{ inputs.version }}.zip .
-        shell: bash
-
-      - name: "Upload api OAS specification release asset"
-        uses: actions/upload-release-asset@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: "${{ steps.create_release.outputs.upload_url }}"
-          asset_path: ./artifacts/api-oas-specification-${{ inputs.version }}.zip
-          asset_name: api-oas-specification-${{ inputs.version }}.zip
-          asset_content_type: "application/gzip"
-
       # Take out for now - might add again in the future
       # - name: "zip csharp server release asset"
       #   # GitHub pages needs a single tar called artifact inside the zip.
@@ -241,6 +222,39 @@ jobs:
       #     asset_name: server-csharp-${{ inputs.version }}.zip
       #     asset_content_type: "application/gzip"
 
+  publish-oas-specs:
+    name: "Publish OAS spec (${{ matrix.apimEnv }})"
+    runs-on: ubuntu-latest
+    needs: [publish]
+    permissions:
+      id-token: write # This is required for requesting the JWT
+      contents: write # This is required for publishing release asset
+    timeout-minutes: 10
+    strategy:
+      matrix:
+        apimEnv: [internal-dev, int, ref, prod]
+    steps:
+      - name: "Download OAS spec artifact"
+        uses: actions/download-artifact@v6
+        with:
+          path: ./artifacts/api-oas-specification-${{ matrix.apimEnv }}-${{ inputs.version }}
+          name: api-oas-specification-${{ matrix.apimEnv }}-${{ inputs.version }}
+
+      - name: "Zip OAS specification"
+        working-directory: ./artifacts/api-oas-specification-${{ matrix.apimEnv }}-${{ inputs.version }}
+        run: zip -r ../api-oas-specification-${{ matrix.apimEnv }}-${{ inputs.version }}.zip .
+        shell: bash
+
+      - name: "Upload OAS specification release asset"
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ needs.publish.outputs.upload_url }}
+          asset_path: ./artifacts/api-oas-specification-${{ matrix.apimEnv }}-${{ inputs.version }}.zip
+          asset_name: api-oas-specification-${{ matrix.apimEnv }}-${{ inputs.version }}.zip
+          asset_content_type: "application/zip"
+
   # Take out for now - might add again in the future
   # ### PUBLISH DOCKER  - THIS NEEDS CHANGING TO DO THE DOCKER BUILD IN THE BUILD STAGE AND ARTIFACT IT. SEE publishlibhostdocker below how how and the buildlibs action.
   #   publishdocker:
diff --git a/infrastructure/terraform/components/api/README.md b/infrastructure/terraform/components/api/README.md
index 150af054..251265e9 100644
--- a/infrastructure/terraform/components/api/README.md
+++ b/infrastructure/terraform/components/api/README.md
@@ -12,6 +12,8 @@ No requirements.
 | <a name="input_aws_account_id"></a> [aws\_account\_id](#input\_aws\_account\_id) | The AWS Account ID (numeric) | `string` | n/a | yes |
 | <a name="input_ca_pem_filename"></a> [ca\_pem\_filename](#input\_ca\_pem\_filename) | Filename for the CA truststore file within the s3 bucket | `string` | `null` | no |
 | <a name="input_component"></a> [component](#input\_component) | The variable encapsulating the name of this component | `string` | `"supapi"` | no |
+| <a name="input_core_account_id"></a> [core\_account\_id](#input\_core\_account\_id) | AWS Account ID for Core | `string` | `"000000000000"` | no |
+| <a name="input_core_environment"></a> [core\_environment](#input\_core\_environment) | Environment of Core | `string` | `"prod"` | no |
 | <a name="input_default_tags"></a> [default\_tags](#input\_default\_tags) | A map of default tags to apply to all taggable resources within the component | `map(string)` | `{}` | no |
 | <a name="input_enable_backups"></a> [enable\_backups](#input\_enable\_backups) | Enable backups | `bool` | `false` | no |
 | <a name="input_environment"></a> [environment](#input\_environment) | The name of the tfscaffold environment | `string` | n/a | yes |
@@ -34,26 +36,26 @@ No requirements.
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_authorizer_lambda"></a> [authorizer\_lambda](#module\_authorizer\_lambda) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-lambda.zip | n/a |
+| <a name="module_authorizer_lambda"></a> [authorizer\_lambda](#module\_authorizer\_lambda) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a |
 | <a name="module_domain_truststore"></a> [domain\_truststore](#module\_domain\_truststore) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-s3bucket.zip | n/a |
 | <a name="module_eventpub"></a> [eventpub](#module\_eventpub) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-eventpub.zip | n/a |
 | <a name="module_eventsub"></a> [eventsub](#module\_eventsub) | ../../modules/eventsub | n/a |
-| <a name="module_get_letter"></a> [get\_letter](#module\_get\_letter) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-lambda.zip | n/a |
-| <a name="module_get_letter_data"></a> [get\_letter\_data](#module\_get\_letter\_data) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-lambda.zip | n/a |
-| <a name="module_get_letters"></a> [get\_letters](#module\_get\_letters) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-lambda.zip | n/a |
-| <a name="module_get_status"></a> [get\_status](#module\_get\_status) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-lambda.zip | n/a |
+| <a name="module_get_letter"></a> [get\_letter](#module\_get\_letter) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a |
+| <a name="module_get_letter_data"></a> [get\_letter\_data](#module\_get\_letter\_data) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a |
+| <a name="module_get_letters"></a> [get\_letters](#module\_get\_letters) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a |
+| <a name="module_get_status"></a> [get\_status](#module\_get\_status) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a |
 | <a name="module_kms"></a> [kms](#module\_kms) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-kms.zip | n/a |
-| <a name="module_letter_status_update"></a> [letter\_status\_update](#module\_letter\_status\_update) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-lambda.zip | n/a |
+| <a name="module_letter_status_update"></a> [letter\_status\_update](#module\_letter\_status\_update) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a |
 | <a name="module_letter_status_updates_queue"></a> [letter\_status\_updates\_queue](#module\_letter\_status\_updates\_queue) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-sqs.zip | n/a |
-| <a name="module_letter_updates_transformer"></a> [letter\_updates\_transformer](#module\_letter\_updates\_transformer) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-lambda.zip | n/a |
+| <a name="module_letter_updates_transformer"></a> [letter\_updates\_transformer](#module\_letter\_updates\_transformer) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a |
 | <a name="module_logging_bucket"></a> [logging\_bucket](#module\_logging\_bucket) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-s3bucket.zip | n/a |
-| <a name="module_patch_letter"></a> [patch\_letter](#module\_patch\_letter) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-lambda.zip | n/a |
-| <a name="module_post_letters"></a> [post\_letters](#module\_post\_letters) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-lambda.zip | n/a |
-| <a name="module_post_mi"></a> [post\_mi](#module\_post\_mi) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-lambda.zip | n/a |
+| <a name="module_patch_letter"></a> [patch\_letter](#module\_patch\_letter) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a |
+| <a name="module_post_letters"></a> [post\_letters](#module\_post\_letters) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a |
+| <a name="module_post_mi"></a> [post\_mi](#module\_post\_mi) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a |
 | <a name="module_s3bucket_test_letters"></a> [s3bucket\_test\_letters](#module\_s3bucket\_test\_letters) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-s3bucket.zip | n/a |
 | <a name="module_sqs_letter_updates"></a> [sqs\_letter\_updates](#module\_sqs\_letter\_updates) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-sqs.zip | n/a |
 | <a name="module_supplier_ssl"></a> [supplier\_ssl](#module\_supplier\_ssl) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-ssl.zip | n/a |
-| <a name="module_upsert_letter"></a> [upsert\_letter](#module\_upsert\_letter) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-lambda.zip | n/a |
+| <a name="module_upsert_letter"></a> [upsert\_letter](#module\_upsert\_letter) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a |
 ## Outputs
 
 | Name | Description |