Migrate & fix API Playbook

This commit migrates content from LBHackney-IT/API-Playbook@2e9f801
=
Also Fix API-Playbook links, frontmatter & TextToSpeech component

We no longer need the text to speech component as there are screen reader technologies we are/should be compatible with

Author: spikeheap

docs/api-playbook/02-Release Notes/release-notes-v3.md

@@ -0,0 +1,44 @@
+---
+id: release-notes-v3
+title: V3
+---
+*Product Name: API Playbook*
+*Version: V3*
+*Release Date: January 2021*
+
+## Version 3:
+
+## Target Audience:
+
+All HackIT internal developers and external agencies developer collaborating on Hackney projects.
+
+## Enhancements:
+
+- Align the API playbook with the new design system to maintain consistency across the board;
+- Self training modules;
+- Serverless Lambda framework;
+- Linting;
+- Static Code Analysis;
+- DevOps Practices (including videos);
+- Updated API boilerplate;
+- Monitoring and alerts via Cloudwatch canaries;
+- Uptime Monitoring using X-Ray;
+- Performance monitoring using Lambda Insight;
+- Standardised Error Messages;
+- Preferred Tech Stack;
+- API Boilerplate - Base API;
+- Clean Architecture;
+- Entity Framework;
+- AWS/ECS with Fargate;
+- Lambda Functions;
+- Docker Containers;
+- Application Logging Guidelines;
+- Lambda Authoriser;
+- Setting Up DMS;
+- Pipeline Implementation;
+- End to End Training - Create your First endpoint video;
+- Contact Us;
+
+## Feedback:
+
+We would be pleased to hear from you about our new iteration of the API Playbook. Please feel free to give us your feedback.

docs/api-playbook/02-Release Notes/release-notes-v4.md

@@ -0,0 +1,65 @@
+---
+id: release-notes-v4
+title: V4
+---
+*Product Name: API Playbook*
+*Version: V4*
+*Release Date: September 2022*
+
+### Target Audience
+
+All HackIT internal developers and external agencies collaborating on Hackney projects.
+
+### Enhancements
+
+*Improvements & New features*
+
+- Re-organising the sidebar sections
+- Created  new diagrams such as  The API Architecture, in order to highlight our High-Level Development Lifecycle
+- Allow large image preview on click to ensure that our diagrams and code snippets are visible and easy to read
+- Create new content and update the existing one in order to be up to date with the latest technologies and our ways of working
+- Record video tutorials for specific sections and technologies in order to enforce learning
+
+
+**Fixed Issues**
+- By organising the sidebar sections, we managed to provide a better structure for our API Playbook; therefore it is easier to understand and search for a specific topic, hence:
+- Less time consuming
+- More visual
+- More inclusive, for people with a variety of disabilities, including visual impairments as users can also listen to the tutorials if preferred
+
+**The following new Contents have been added**
+- Terraform Compliance
+- Developer Hub Intro Page
+- API Specification
+- Serverless Safeguards
+- Tech Ways of Working: Deploying to production
+- NuGet Packages
+- Production Testing Checklist
+- SonarCloud
+- Target Type & Target ID
+- Automation of Canaries
+- GitGuardian
+- FAQ Section
+- Support
+- Data Migration
+- Using SSM to retrieve secrets at runtime
+- Development Lifecycle diagram
+- Architecture Decision Records
+- Developer Onboarding
+- API Compliance checklist
+- Example PRs for endpoints and tools setup
+
+
+*New Diagrams added*
+- API Lifecycle diagram
+- API Architecture Diagram
+- Architecture Standards
+
+*New Video Tutorials added*
+-  Serverless Safeguards
+- NuGet Packages
+-  SonarCloud
+- Build API endpoint using OpenSearch (Also known as ElasticSearch)
+
+### Feedback
+We would be pleased to hear from you about our new iteration of the API Playbook. Please feel free to give us your feedback.

docs/api-playbook/04-Governance/API Documentation/adr.md

@@ -0,0 +1,49 @@
+---
+id: adr
+title: Architecture Decision Records
+---
+### Context
+
+Previously technical decisions were captured as part of spike documentation that was kept in project specific google drive. They were not open for other projects to review, adopt and adapt. Often, new developers were not aware of decisions as they were not aware of where to look for documentation. 
+
+Hence, we agreed to create Architecture Decision Records (ADRs) and add them to a single github repo [https://github.com/LBHackney-IT/lbh-adrs] to ensure that we have enough documentation, that all decisions are kept in the same location that is easy to find and to document how and why a decision was reached within a codebase. 
+
+This will also achieve governance and uniformity around all projects. Also ADRs help to give context around the decisions that were taken so that we can revisit them. Other benefits that we have identified when using ADRs are:
+- Improves onboarding for new developers
+- Improves agility when handing over project ownership between external team to internal or vice versa
+- Improves alignment across the teams regarding best practices
+
+### What is an Architectural Decision Record?
+
+An architecture decision record (ADR) is a document that captures an important architectural decision made along with its context and consequences of adopting the decision.
+
+### When to write an ADR?
+An ADR should be written whenever a decision of significant impact is made; it is up to each project team to align on what defines a significant impact. They can be:
+
+- Backfilling a decision which was made previously.
+- Proposing large changes to a solution/spike.
+- Proposing no/small changes for a spike
+- Proposing changes that differ from the overall agreed standard across our current ecosystem.
+
+### How to start using ADRs
+
+*Decision identification:*
+- How urgent and how important is Architecture Decision?
+- Design methods and practices can assist with decision identification and decision making.
+- Ideally maintain a decision to-do list which aligns with the service to-do list.
+
+*Decision making:*
+-Group decision making via Community of practices or project team workshops to validate the findings can help in decision making.
+- Better informed decision via ADRs which are available openly and people can collaborate on it.
+
+*Decision enactment and enforcement:*
+- ADRs are used in software design; hence they have to be communicated to, and accepted by, various stakeholders of the services that fund, develop, consume and operate it.
+- Architecturally evident coding styles and code reviews that focus on architectural concerns and decisions are two related practices.
+- ADRs also have to be (re-)considered when modernizing a software system in software evolution.
+
+*Decision sharing (optional):*
+- Many ADRs recurring across various project development..
+- Experiences from other projects and reusable components could enforce knowledge management strategy and contribute towards our emerging Community of practices meetups such as Data and Architecture etc.
+- Dependency matrix evaluation.
+
+

docs/api-playbook/04-Governance/API Documentation/api_specification.md

@@ -0,0 +1,13 @@
+---
+id: api_specification
+title: API Specification
+---
+
+An API specification provides a broad understanding of how an API behaves and how an API links with others. At HackIT, we  explain how the API functions work and the results expected when using our APIs. 
+ We can also understand more in depth the relationships between the objects and how each object can be used.
+
+
+The goal of our API specifications is to standardise data exchange between web services in “The HackIT way”.  In this case, standardisation means the ability of diverse systems, written in different programming languages and by using different technologies, to seamlessly communicate with each other.
+
+For more information about our API Specification, please visit the below link: 
+[API Specification](https://lbhackney-it.github.io/api-specifications/)

docs/api-playbook/04-Governance/API Documentation/swagger_documentation.md

@@ -0,0 +1,90 @@
+---
+id: swagger_documentation
+title: Swagger Documentation
+---
+
+## Introduction:
+
+At Hackney, we believe in working in a collaborative way and this is embedded into our API development process. Before commencing the implementation stage, each API endpoint will first need to be documented using SwaggerHub.
+
+The benefits of this include:
+- Open specification standards;
+- Opportunity to mock the API and avoid possible blockers for front end development;
+- Opportunity to share and reach a common agreement of what the API request and response should look like before any work has commenced;
+## Purpose:
+
+The documentation aids our collaboration process, as it is shared with the whole team. People, both from technical and non-technical backgrounds, can provide feedback and request changes. This can save hours of development and also ensures that every team member has an understanding of the main question — what will this API do?
+
+We have chosen SwaggerHub as a tool to document our APIs as it contributes to the efficiency of our development process, by giving us a central point of reference, built collaboratively, with a defined objective for the eventual shape of the API.
+
+## What is SwaggerHub?:
+
+** You can start by watching our overview video: **
+
+<figure class="video-container">
+  <iframe width="100%" src="https://www.youtube.com/embed/QYQNgeDuqok" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
+</figure>
+
+** SwaggerHub ** is an integrated API development platform that brings together all the core capabilities of the open source Swagger framework, along with additional advanced capabilities to build, document, manage, and deploy your APIs.
+
+SwaggerHub allows us to build an implementation specification, and serves as documentation for the API we are developing. In this way, developers have clearly defined requirements of how the API endpoint they are working on needs to look — this includes request parameters, response object and error responses.
+
+Additionally, we share the API blueprint with other relevant parties, such as the Product Owner, to confirm that the data, that is part of the request and response of the API, is correct, based on the business area understanding of the wider team and any prior discovery work completed. It is a way of getting everyone from the team to work towards the same, shared goal.
+
+## Documenting APIs:
+
+The process of documenting API endpoints involves working with a YAML file, where we would specify information such as the path to the API endpoint, the search parameters, API response object, the data types used and whether input fields are mandatory or not.
+
+
+![YAML file](../../doc-images/swagger_yaml.png)
+
+_The YAML file_
+
+![Open API generated documentation](../../doc-images/swagger_generated_spec.png)
+
+_The generated documentation_
+
+SwaggerHub’s online editor automatically validates the YAML file produced and allows developers to instantly see any changes they make by reflecting them onto the visual representation of the API endpoint. For easy visualisation, SwaggerHub interprets the OpenAPI document as easy to read documentation. This UI clearly lays out the endpoints for the API, which the development team can use for reference when writing code.
+
+![Example payload](../../doc-images/swagger_example_payload.png)
+
+![Models used in the response](../../doc-images/swagger_models.png)
+
+_The documentation outlines an example payload and the models which will be used_
+
+Documenting the API with SwaggerHub means that we have a consistent specification to follow throughout the development of the API. This is beneficial for the team as we can refer to the swagger docs to confirm that the API is functioning as specified and that the completed API matches the swagger doc specification.
+
+At the end of the project, we can continue to use SwaggerHub as documentation, giving an easy summary of the functions of the API.
+
+Additionally, SwaggerHub provides a way to mock the APIs developed via the tool and make requests against them. This is particularly useful when front end and back end teams are working on the same project. Often, front end work might get blocked as it has a dependency on an API.
+Providing a mock API and API blueprints will remove this blocker as it will give the front end developers all the information they need to proceed with their work, while back end developers can focus on developing good, reliable and resilient APIs.
+
+**This is highly important as it avoids the situation where back-end developers would be rushed to deliver thier work in a quicker manner so that it doesn't block other project work, which may result in lower quality APIs. **
+
+## SwaggerHub Standards:
+
+We utilise two of SwaggerHub's functions to document the status of our APIs: **tagging API environments** and **publishing API specifications**. These allow us to track whether an API is active and what environments it is available in. These also automatically sync with our [Developer Hub](https://developer-api.hackney.gov.uk/). To see more about the Developer Hub, please refer to the [relevant page](/developer_hub).
+
+### Tagging API Environments:
+
+As part of of the process of documenting APIs at HackIT, you should use tags to track the environments an API is deployed in.
+
+The four available tags are: **Development / Staging / Production / Deprecated**.
+
+The screenshow below provides an example of how the relevant tags can be added to an API specification:
+
+![Example payload](../../doc-images/swaggerhub_tags.png)
+
+Utilise the **Deprecated** tag to show when an API or specific version is deprecated. These tags are version-specific, so you can choose to deprecate a specific API version when it is no longer supported, or add `Deprecated` to each version to signify that the entire API is deprecated.
+
+### Publishing APIs:
+
+Once the API specification has been created and approved and the API is in a stable state, the next step is to publish the specification on SwaggerHub. This signifies that this API is ready to be used and the API will be marked as 'Active' on the Developer Hub.
+
+*Note: Doing publishing an API version locks it to read-only mode. Take this into consideration and only publish an API version once it is finalised.*
+
+## Where to find SwaggerHub:
+
+Hackney SwaggerHub is located at https://app.swaggerhub.com/organizations/Hackney.
+
+All the Platform APIs in development have been documented and are viewable on the SwaggerHub.

docs/api-playbook/04-Governance/api_compliance.md

@@ -0,0 +1,31 @@
+---
+id: api_compliance
+title: API Compliance
+--- 
+
+### Context
+Every API deployed to development, staging and production environments must be compliant with the set of standards listed in this document. An API should not be promoted from one environment to another if it does not satisfy all requirements listed.
+
+The set of compliance items that form this checklist are put in place to ensure that any API developed does not duplicate effort, is built in a reusable way, follows security best practices, is consistent with other APIs and follows all development standards defined.
+
+The APIs compliance checklist will be used as part of future Service Standard Assessments and ongoing check-ins to ensure any identified issues are tackled early on and no technical debt is accumulated.
+
+### Checklist
+1. The API has corresponding SwaggerHub documentation for all of the API endpoints it exposes.
+2. The API has completed the [API specification assessment process](https://playbook.hackney.gov.uk/api-specifications/assessment_process/)
+3. The API has been developed in Hackney’s preferred tech tech stack, unless otherwise agreed and as per standards defined in our [API playbook](https://playbook.hackney.gov.uk/API-Playbook/).
+4. The API has been developed following the TDD approach and has end-to-end tets in place 
+    - End-to-end tests guide for DynamoDB
+    - End-to-end tests guide for PostgreSQL
+5. The API has monitoring and logging tools enabled, as per defined standards.
+    - X-Ray is enabled for request tracing
+    - Canaries are created for availability monitoring
+    - CloudWatch is used for application logging.
+6. The API has vulnerability scanning enabled via SonarCloud.
+    - The API should also have no pending findings to review in SonarCloud.
+7. The API has the following infrastructure compliance checks in place:
+    - Terraform-compliance for the AWS resources provisioned as part of the same API deployment
+    - Serverless safeguards to ensure that the API is using an authorizer for security
+8. In Production, the API has been tested as per the ‘Production testing checklist’
+9. In Production, the API’s infrastructure is built as per [Production deployment - Live service infrastructure requirements](https://docs.google.com/document/d/1UrT6u4j8AlyPf-aD_E4c30uH27MJgIJoVxYR9kKGzFw/edit)
+

docs/api-playbook/04-Governance/developer_hub.md

@@ -0,0 +1,18 @@
+---
+id: developer_hub
+title: Developer API Hub
+sidebar_position: 3
+---
+### Developer Hub
+
+As an Organisation we want to ensure that our APIs are modern, easy to access and easy to use. We also want to provide clear documentation, accessible test environments, a simple onboarding process and good quality help and support to our users.
+Hackney Council’s aim as an organisation is to make integration easier - for everyone who wants to connect to our platforms and services. Whether you’re already using our APIs, or want to connect for the very first time, The Developer Hub is a way to make that journey easier and faster for all our users.
+To achieve this mission, we are:
+- Building an API platform - a one-stop shop for all our APIs, old and new
+- Building an exemplar API
+- Migrating our other APIs to the platform
+
+
+Here is a link to our Developer API Hub:
+
+[Developer API Hub](https://developer-api.hackney.gov.uk/)