There are not that many great ways to leverage JS to access the APIs that do not violate security. For example, you can most certainly pass along OAuth tokens and Basic Auth headers; however, these would be open to the public to see and exploit. If the use is logged into Jive, then you can reference the API and the user's cookies will provide context, but this is usually for dropping HTML inside a container already on Jive. I would recommend using a Web Service and connecting via OAuth tokens from an Add-On you install (see OAuth 2.0) and that would be the best option. Your other option, would be to leverage the multitude of RSS feeds from Jive to see if that has the data set you need, and then you could use JS & a feed fetcher to possibly get the behavior you need (assuming anonymous access is an option).
Hope this helps.
Note: You can gain access to the Developer Sandbox from the Jive Developers community home page, and clicking "Request" from the right-hand navigation.