Alfresco has made a couple of efforts to better distinguish "public APIs" that should be safe for integration with external applications, and "internal APIs" that only exist to be used via Alfresco Share. "slingshot" is the historic, low-level project name for Share, and anything that is related to "slingshot" should be considered "internal API", which might change without notice from one version to another, and is thus not safe for integrations.
Some web scripts have a "lifecycle" that indicates whether they are internal, draft public, or public. I agree with Axel that you should avoid using any of the slingshot URLs. But you should also get in the habit of checking that lifecycle so that you don't inadvertently use an internal API regardless of whether it is "slingshot" or not.