WordPress API hook

You would register your ajax-rendering code with the action wp_ajax_{my_action_goes_here} for logged-in users, or wp_ajax_nopriv_{my_action_goes_here} for users not logged in. Something like:

add_action("wp_ajax_nopriv_get_top_4_posts", function() {
    $q = new WP_Query(array(
        "posts_per_page" => 4
    ));
    exit(json_encode($q->posts));
});

This would go in a theme functions file or a plugin of your choice (any location that is evaluated before templates are pulled in). Then, your ajax would call out to the url admin_url("admin-ajax.php") and you would pass in an action parameter of “get_top_4_posts” (or whatever action name you end up using).