Note that the Ajax API is a legacy API, we recommend using one of our newer APIs instead.
The AJAX API uses auth tokens for access control. You can create tokens using the Console under Settings > API. (Requires Administrator privileges.)
It is possible to restrict the auth token to a specific IP address and to specify read or write permissions.
(Using the XML-RPC API call getAjaxAuth() it's also possible to create tokens that expire after a specified number of seconds.)