You should only invoke web services from your server-side components, unless you have a good reason to do it from the client side (your webpages).
The reason is that most web services invocation would contain some form of credentials (API keys, authorization tokens) – those credentials should strictly remain on your server.
Even to do something as simple as querying the weather using the OpenWeatherMap services requires you to supply an API key.
You can only use XPRIM_HttpRequest on your server-side components. Most web services invocation would contain some form of credentials (API keys, authorization tokens), which should never leave your server. Never include any credentials in your client-side JavaScript code as they can easily be viewed by anybody with access to the browser.
Next: Using XPRIM_HttpRequest