{"id":1488,"date":"2026-07-06T06:37:29","date_gmt":"2026-07-06T06:37:29","guid":{"rendered":"https:\/\/www.dcirrus.com\/blog\/?p=1488"},"modified":"2026-07-06T12:21:52","modified_gmt":"2026-07-06T12:21:52","slug":"permissions-framework-indian-ipos","status":"publish","type":"post","link":"https:\/\/www.dcirrus.com\/blog\/2026\/07\/permissions-framework-indian-ipos\/","title":{"rendered":"How to Structure a VDR for Multiple External Parties: A Permissions Framework for Indian IPOs"},"content":{"rendered":"\n<p class=\"py-4\">One wrong permission setting is all it takes. Suddenly, auditors are seeing&nbsp;<a href=\"https:\/\/www.dcirrus.com\/m-and-a-due-diligence-q-and-a-virtual-data-room-2\">investor Q&amp;A<\/a>, underwriters are accessing unredacted board minutes, or a registrar downloads the wrong version of the DRHP. Now you&#8217;re managing a leak, a rework cycle, or an uncomfortable SEBI inquiry. With 10+&nbsp;<strong>external parties<\/strong>&nbsp;running parallel workstreams, the risk isn&#8217;t hypothetical.<\/p>\n\n\n\n<p class=\"py-4\">The fix isn&#8217;t a better feature checklist. It&#8217;s a permissions design problem. This article gives you a 7-part permissions framework built for Indian IPO execution: stakeholder groups, folder mapping, permission tiers, document protections, Q&#038;A controls, change management, and post-listing retention. Apply it before you invite anyone, and you get faster diligence, fewer Q&#038;A loops, a cleaner audit trail, and less panic during DRHP updates.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What Makes IPO VDR Permissions Harder When 10+ External Parties Are Involved?<\/h2>\n\n\n\n<p class=\"py-4\">Email and shared drives fail because they lack an audit trail, enable uncontrolled forwarding, create version confusion, and offer no way to revoke access once a file is sent.<\/p>\n\n\n\n<p>IPO mandates compound this. You&#8217;re running phased disclosures under strict SEBI\/ICDR timelines, managing parallel reviewer tracks, and carrying real regulatory and reputational exposure if something leaks.<\/p>\n\n\n\n<p class=\"py-4\">The typical breakpoints are:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Over-broad access granted &#8220;to save time&#8221;:<\/strong>\u00a0One group gets a top-level folder when they only need one subfolder.<\/li>\n\n\n\n<li><strong>Messy folder trees:<\/strong>\u00a0No one knows where the latest audit report lives, so Q&amp;A explodes.<\/li>\n\n\n\n<li><strong>Q&amp;A happening in email:<\/strong>\u00a0It&#8217;s untraceable, uncontrollable, and invisible to the audit log.<\/li>\n\n\n\n<li><strong>Uncontrolled downloads:<\/strong>\u00a0No watermarks, no expiry, and no record of who has what version.<\/li>\n<\/ul>\n\n\n\n<p class=\"py-4\">More parties means more risk. The only scalable response is to build the structure permissions-first.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What Is the 7-Part Permissions Framework for Indian IPO VDRs?<\/h2>\n\n\n\n<p class=\"py-4\">A repeatable blueprint removes the ad-hoc decisions that create gaps. Here is the framework at a glance:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Stakeholder Groups:<\/strong>\u00a0Define access groups by role, not by individual.<\/li>\n\n\n\n<li><strong>Workstream-Aligned Folders:<\/strong>\u00a0Build a folder taxonomy that mirrors IPO phases.<\/li>\n\n\n\n<li><strong>Permission Tiers:<\/strong>\u00a0Standardize view\/download\/upload rights by group and folder.<\/li>\n\n\n\n<li><strong>Document Protections:<\/strong>\u00a0Implement watermarking, DRM, and expiry at the file level.<\/li>\n\n\n\n<li><strong>Q&amp;A Segregation:<\/strong>\u00a0Centralize Q&amp;A in group-isolated threads tied to documents.<\/li>\n\n\n\n<li><strong>Change Control:<\/strong>\u00a0Use versioning, notifications, and dry-runs before external launch.<\/li>\n\n\n\n<li><strong>Retention &amp; Compliance:<\/strong>\u00a0Maintain immutable logs, redaction discipline, and data residency.<\/li>\n<\/ol>\n\n\n\n<p class=\"py-4\">The entire framework rests on one principle:&nbsp;<strong>least privilege by default<\/strong>. Every external party should start with the absolute minimum access their workstream requires. You can always grant more; it&#8217;s much harder to claw access back.<\/p>\n\n\n\n<p>A framework is useless if it&#8217;s just a policy document. It must be enforceable at the folder and file level. This requires a platform that provides&nbsp;<a href=\"https:\/\/www.dcirrus.com\/blog\/2026\/05\/ai-vdr-indian-ipo-diligence\"><strong>Granular permissions<\/strong><\/a>&nbsp;and enables true&nbsp;<strong>role-based access<\/strong>, along with audit trails to prove it. The structure should also support SEBI-style diligence and DPDP requirements, like PII redaction before any sharing.<\/p>\n\n\n\n<h2 class=\"wp-block-heading py-4\">How Do You Define Stakeholder Groups (and Avoid Permission Sprawl)?<\/h2>\n\n\n\n<p>Never permission individual users on an ad-hoc basis. Every exception becomes technical debt that breaks during a busy DRHP sprint.<\/p>\n\n\n\n<p class=\"py-4\">Start with a baseline set of groups and adapt them as needed:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Internal issuer team<\/strong>\u00a0(finance, legal, secretarial): Your core team with the broadest internal access.<\/li>\n\n\n\n<li><strong>Merchant banker execution team:<\/strong>\u00a0The admins. They should have full control.<\/li>\n\n\n\n<li><strong>Auditors:<\/strong>\u00a0Deep access in Financials, limited access elsewhere.<\/li>\n\n\n\n<li><strong>External legal counsel:<\/strong>\u00a0Broad access in Legal\/Regulatory, but limited in Financials and Investor sections.<\/li>\n\n\n\n<li><strong>Underwriters\/syndicate:<\/strong>\u00a0Timed, curated access where wall-crossing discipline is required.<\/li>\n\n\n\n<li><strong>Registrar\/intermediaries:<\/strong>\u00a0Narrow, functional access only.<\/li>\n\n\n\n<li><strong>Investor groups<\/strong>\u00a0(anchors\/QIBs): An isolated sub-room or silo.<\/li>\n<\/ul>\n\n\n\n<p class=\"py-4\">Group by two criteria:&nbsp;<strong>what they must produce<\/strong>&nbsp;(upload, comment) and&nbsp;<strong>what they must only review<\/strong>. If a party has no reason to upload, they don&#8217;t get upload rights. Period.<\/p>\n\n\n\n<p>Admin rules:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.dcirrus.com\/help-details\">Assign one or two specific people to own all permission changes.<\/a><\/li>\n\n\n\n<li>Log every single change, along with the reason for it.<\/li>\n\n\n\n<li>Enforce 2FA\/MFA on onboarding; apply IP restrictions and device approval where a party&#8217;s risk profile warrants it.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading py-4\">What Folder Structure Maps Best to Indian IPO Workstreams?<\/h2>\n\n\n\n<p>A&nbsp;<a href=\"https:\/\/www.dcirrus.com\/blog\/2026\/04\/how-to-organize-diligence-documents-so-reviewers-stop-asking-wheres-the-latest-version_\">workstream-aligned folder taxonomy<\/a>&nbsp;makes permissions almost automatic. When each folder maps to a clear set of groups, access decisions take minutes instead of days. It also stops the constant &#8220;where is this document?&#8221; questions.<\/p>\n\n\n\n<p class=\"py-4\"><strong>Suggested top-level areas:<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-table is-style-stripes\"><table class=\"has-fixed-layout\"><thead><tr><th>Folder Area<\/th><th>Primary Groups<\/th><\/tr><\/thead><tbody><tr><td>Corporate &amp; Legal (charter docs, material contracts, litigations)<\/td><td>Legal counsel, Merchant banker<\/td><\/tr><tr><td>Financials &amp; Audit (statements, audit reports, RPT registers)<\/td><td>Auditors, Merchant banker<\/td><\/tr><tr><td>Business\/Operations &amp; Risk (ops metrics, key policies, ESG)<\/td><td>Merchant banker, Issuer team<\/td><\/tr><tr><td>Regulatory &amp; Disclosures (DRHP drafts, filings, responses)<\/td><td>Legal counsel, Merchant banker<\/td><\/tr><tr><td>Investor\/Marketing (controlled; released by phase)<\/td><td>Underwriters, Investor groups<\/td><\/tr><tr><td>Q&amp;A (module, not a dump folder)<\/td><td>All groups, segregated by thread<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p class=\"py-4\">Folder hygiene rules:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use a consistent naming convention. Everywhere.<\/li>\n\n\n\n<li>Add cover notes to documents to explain version context.<\/li>\n\n\n\n<li>Create a\u00a0<strong>read-only archive subfolder<\/strong>\u00a0for superseded drafts. Don&#8217;t delete them.<\/li>\n\n\n\n<li>Keep root-level folders tight (six to eight areas maximum). Depth is better than sprawl.<\/li>\n<\/ul>\n\n\n\n<p class=\"py-4\">Each top-level area maps to one to three primary groups. Everyone else gets limited views only where their workstream overlaps.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Which Permission Tiers Should You Apply by Party, and Where?<\/h2>\n\n\n\n<p class=\"py-4\">Use four standardized tiers and assign them consistently. Don&#8217;t invent custom permissions for each party. That&#8217;s how sprawl starts.<\/p>\n\n\n\n<p><strong>Tier definitions:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>View-only (watermarked, no download):<\/strong>\u00a0For sensitive materials where access is necessary but possession is not.<\/li>\n\n\n\n<li><strong>View + secure download (watermarked, expiry, DRM):<\/strong>\u00a0For parties who need to work offline on documents.<\/li>\n\n\n\n<li><strong>Upload\/contribute (limited folders only):<\/strong>\u00a0For parties producing deliverables, like auditors filing reports.<\/li>\n\n\n\n<li><strong>Admin (full control, smallest group possible):<\/strong>\u00a0For merchant banker execution leads only.<\/li>\n<\/ol>\n\n\n\n<p class=\"py-4\"><strong>Party-by-party assignments:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Auditors:<\/strong>\u00a0Tier 2\u20133 in Financials; Tier 1 elsewhere. No access to Investor\/Marketing.<\/li>\n\n\n\n<li><strong>Legal counsel:<\/strong>\u00a0Tier 2\u20133 in Legal\/Regulatory; Tier 1 in Financials. No investor Q&amp;A visibility by default.<\/li>\n\n\n\n<li><strong>Underwriters:<\/strong>\u00a0Timed Tier 2 access to selected materials, with time-boxing to enforce embargo periods.<\/li>\n\n\n\n<li><strong>Registrars\/intermediaries:<\/strong>\u00a0Tier 1\u20132 in specific functional areas only. No access to deal economics.<\/li>\n\n\n\n<li><strong>Investors:<\/strong>\u00a0A curated sub-room with Tier 1 or Tier 2 access, including strict watermarking.<\/li>\n<\/ul>\n\n\n\n<p class=\"py-4\">Document protections must travel with the file, especially for offline review. Use&nbsp;<a href=\"https:\/\/www.dcirrus.com\/blog\/2025\/11\/digital-rights-management-in-virtual-data-rooms-protecting-your-most-valuable-assets\">DRM controls<\/a>&nbsp;to block printing and copying, set expiry dates on downloaded files, and apply dynamic watermarks (with user IP, login, and timestamp). This, combined with encryption, reduces the blast radius of a leak. While no control can stop all screenshots, watermarking is a powerful deterrent and audit tool.<\/p>\n\n\n\n<p><strong>Time-boxing rules:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Set access expiry dates aligned to review windows.<\/li>\n\n\n\n<li>Revoke access immediately when a party&#8217;s role ends or a deal phase closes. Don&#8217;t wait for offboarding requests.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading py-4\">How Do You Keep Q&amp;A Auditable and Confidential Across Groups?<\/h2>\n\n\n\n<p>Email Q&amp;A breaks traceability immediately. Questions get forwarded, answers get lost, and you have no record of what was disclosed to whom. This is exactly the wrong position to be in during a SEBI review.<\/p>\n\n\n\n<p class=\"py-4\"><strong>Setup:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Create Q&amp;A categories that align to each folder area.<\/li>\n\n\n\n<li>Assign internal triage owners with response SLAs. Don&#8217;t let questions sit unanswered.<\/li>\n\n\n\n<li>Define who can ask versus who can answer in each category.<\/li>\n<\/ul>\n\n\n\n<p class=\"py-4\"><strong>Confidentiality:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Run\u00a0<strong>separate Q&amp;A threads by external party group<\/strong>. These\u00a0<strong>information silos<\/strong>\u00a0are critical; auditors, counsel, underwriters, and investors must never see each other&#8217;s questions or answers.<\/li>\n\n\n\n<li>This approach prevents cross-contamination by design, not just by trust.<\/li>\n<\/ul>\n\n\n\n<p class=\"py-4\"><strong>Audit readiness:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Preserve the\u00a0<a href=\"https:\/\/www.dcirrus.com\/blog\/2026\/04\/pre-submission-audit-readiness-review-a-10-point-checklist-for-access-logs-completeness-and-q-and-a-traceability\">full Q&amp;A history<\/a>\u00a0with timestamps, linked to the specific document version referenced.<\/li>\n\n\n\n<li>Every response becomes part of the permanent deal record.<\/li>\n<\/ul>\n\n\n\n<p class=\"py-4\">Using a VDR&#8217;s built-in Q&amp;A module keeps all discussion inside the platform and tied to specific documents. Your diligence communication becomes searchable, timestamped, and grouped by party. Nothing gets lost in an inbox, and everything is auditable.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How Do You Manage Change During the IPO Lifecycle Without Breaking Permissions?<\/h2>\n\n\n\n<p class=\"py-4\">Permissions drift happens when document updates trigger informal access workarounds. Prevent it with a controlled workflow.<\/p>\n\n\n\n<p><strong>Before external launch:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"py-4\">Run a\u00a0<strong>dry-run<\/strong>. Simulate each group&#8217;s view to catch overexposure, dead ends, and missing documents before the first invite goes out.<\/li>\n<\/ul>\n\n\n\n<p><strong>Version control discipline:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Never overwrite files silently. Use version numbering with cover notes explaining what changed.<\/li>\n\n\n\n<li>When uploading a new version of a sensitive file, re-check who has download rights to it.<\/li>\n<\/ul>\n\n\n\n<p class=\"py-4\"><strong>Onboarding\/offboarding:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Give every new external party a standard onboarding pack with access rules and contact info.<\/li>\n\n\n\n<li>Remove access on the day a person rolls off. Not at the end of the week. Not &#8220;when there&#8217;s time.&#8221;<\/li>\n<\/ul>\n\n\n\n<p class=\"py-4\"><strong>Notifications:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Notify only the impacted group when new documents are uploaded. Blanket notifications just create noise and can inadvertently signal activity to parties who shouldn&#8217;t know about it.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading py-4\">What Should Your Minimum Compliance and Retention Stance Be for Indian IPO VDRs?<\/h2>\n\n\n\n<p>Data residency and privacy rules don&#8217;t disappear after listing. You need to make deliberate choices upfront and document them.<\/p>\n\n\n\n<p class=\"py-4\"><strong>Redaction and privacy:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Establish a redaction workflow for PII and commercially sensitive information before any external sharing.<\/li>\n\n\n\n<li>Treat this as a standing process, not a case-by-case judgment call.<\/li>\n<\/ul>\n\n\n\n<p class=\"py-4\"><strong>Security baseline:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Encryption at rest and in transit is non-negotiable. So is MFA for all users.<\/li>\n<\/ul>\n\n\n\n<p class=\"py-4\"><strong>Retention:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Maintain core documents and complete audit trails for at least five years post-listing.<\/li>\n\n\n\n<li>Keep logs immutable and retrievable, not archived somewhere no one can find them.<\/li>\n<\/ul>\n\n\n\n<p class=\"py-4\"><strong>Cross-jurisdiction:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>For deals with cross-border elements, check if your VDR supports data localization (letting you choose server locations). While platforms may be designed for DPDP and GDPR, always confirm with your compliance team that any tool meets your specific transaction obligations.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading py-4\">Summary and Next Steps: What Should You Do First on Your Next IPO Mandate?<\/h2>\n\n\n\n<p>The framework comes down to three moves:&nbsp;<strong>define your groups<\/strong>,&nbsp;<strong>build a workstream-aligned folder structure<\/strong>, and&nbsp;<strong>apply standardized permission tiers with controls<\/strong>&nbsp;built in from day one.<\/p>\n\n\n\n<p class=\"py-4\">Your start-here checklist:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Define stakeholder groups (no individual permissions).<\/li>\n\n\n\n<li>Build top-level folders aligned to IPO workstreams.<\/li>\n\n\n\n<li>Apply permission tiers by group and folder.<\/li>\n\n\n\n<li>Run a dry-run before any external launch.<\/li>\n\n\n\n<li>Open phased access as deal milestones unlock.<\/li>\n<\/ul>\n\n\n\n<p class=\"py-4\">Lock this down before the first external invite goes out. Fixing permissions mid-diligence costs far more than getting them right at setup.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">FAQ<\/h2>\n\n\n\n<p class=\"py-4\"><strong>What&#8217;s the safest default permission for external parties in an IPO VDR?<\/strong>&nbsp;View-only with dynamic watermarking and no download rights. Only grant download access when a party\u2019s workstream genuinely requires it, and apply DRM controls when you do.<\/p>\n\n\n\n<p><strong>Should auditors be allowed to download financial documents in the VDR?<\/strong>&nbsp;Yes, but with controls. Auditors usually need to work offline. Give them Tier 2 access (secure download with a watermark, expiry date, and DRM), and log every download.<\/p>\n\n\n\n<p class=\"py-4\"><strong>How do I separate anchor investors and QIBs from other external parties in the same VDR?<\/strong>&nbsp;Create an isolated sub-room or silo with its own permission group. They should have no visibility into other groups&#8217; activity, Q&amp;A threads, or document access history. Time-box their access to match book-building phases.<\/p>\n\n\n\n<p><strong>How often should permissions be reviewed during the IPO timeline?<\/strong>&nbsp;At every major phase transition: DRHP filing, after SEBI observations, before the roadshow launch, and at listing. You should also review permissions any time a party joins or leaves the deal. Don&#8217;t just wait for a quarterly calendar reminder.<\/p>\n\n\n\n<p class=\"py-4\"><strong>What should be watermarked, and what should the watermark contain?<\/strong>&nbsp;Watermark everything accessible to&nbsp;<strong>external parties<\/strong>. At minimum, the watermark should contain the user&#8217;s login identity, IP address, and timestamp. This creates a deterrent and a forensic trail.<\/p>\n\n\n\n<p><strong>How do we handle new external parties joining mid-process without exposing past Q&amp;A threads or documents?<\/strong>&nbsp;Onboard them into the correct group, restrict their access to current-phase materials only, and confirm their Q&amp;A visibility is limited to their group&#8217;s threads. They should not see Q&amp;A history from before their involvement.<\/p>\n\n\n\n<p class=\"py-4\"><strong>How long should you retain VDR audit logs and key diligence materials after listing?<\/strong>&nbsp;Plan for a minimum of five years, which aligns with typical governance expectations and regulatory timelines. Work with your compliance team to confirm the exact retention schedule for your transaction.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Want a VDR That Enforces IPO-Grade Permissions Without Slowing Your DRHP Timeline?<\/h2>\n\n\n\n<p class=\"py-4\">DCirrus VDR gives merchant bankers least-privilege access controls, auditable Q&amp;A tied to specific documents, dynamic watermarking with expiry, and data localization options\u2014all in one platform built for Indian IPO workflows. Whether you&#8217;re managing 10&nbsp;<strong>external parties<\/strong>&nbsp;or 30, the permissions framework holds.<\/p>\n\n\n\n<p class=\"py-4\"><a href=\"https:\/\/www.dcirrus.com\/request-a-demo\/\">Book a free demo<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>One wrong permission setting is all it takes. Suddenly, auditors are seeing&nbsp;investor Q&amp;A, underwriters are accessing unredacted board minutes, or a registrar downloads the wrong version of the DRHP. Now you&#8217;re managing a leak, a rework cycle, or an uncomfortable SEBI inquiry. With 10+&nbsp;external parties&nbsp;running parallel workstreams, the risk isn&#8217;t hypothetical. The fix isn&#8217;t a [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1490,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1488","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/www.dcirrus.com\/blog\/wp-json\/wp\/v2\/posts\/1488","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dcirrus.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dcirrus.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dcirrus.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dcirrus.com\/blog\/wp-json\/wp\/v2\/comments?post=1488"}],"version-history":[{"count":10,"href":"https:\/\/www.dcirrus.com\/blog\/wp-json\/wp\/v2\/posts\/1488\/revisions"}],"predecessor-version":[{"id":1504,"href":"https:\/\/www.dcirrus.com\/blog\/wp-json\/wp\/v2\/posts\/1488\/revisions\/1504"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dcirrus.com\/blog\/wp-json\/wp\/v2\/media\/1490"}],"wp:attachment":[{"href":"https:\/\/www.dcirrus.com\/blog\/wp-json\/wp\/v2\/media?parent=1488"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dcirrus.com\/blog\/wp-json\/wp\/v2\/categories?post=1488"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dcirrus.com\/blog\/wp-json\/wp\/v2\/tags?post=1488"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}