Some Data in Action components expose a Web API so that they can be called by internal or external applications or services.
The Web API requires the Instance GUID of the record that will be the target of the action.
The Web API also requires security tokens for each request to authenticate the requesting user.
Note that internal or external applications or services are never granted direct access to the Data at Rest components.