To be precise. You can install a custom App that has either a token you get from an oAuth exchange, or you create in your store using the Private App means.
With that, your private App can communicate with your store in the ways you need, reading and writing data. Since this App under your control is secure, and private to you and your needs, you can then hook up to your third party API securely and as you need to, without worrying about Shopify. Therefore, you can indeed securely setup connections between your Shopify store and any external third parties without too much hassle and without too much risk. Really has nothing to do with Ajax, which is simply an HTTP request.