The URL is
"/file?guid=SOMEGUID&csrfToken=SOMETOKEN
but you need a valid Mendix session to retrieve the data. You can circumvent this by creating a new requesthandler. You should however always control security to prevent unwanted use of your data.
Your second question is hard to answer, it depends on the purpose of mendix/wordpress application
https://domain.nl/img/NameApp$NameFile.png?636108515796315660 (The number is I think the guid?)
This url is a static image from mendix, the number is cachebust number. That is a unique number to prevent caching.