You should only invoke web services from your server-side components, unless you have a good reason to do it from the client side (your webpages).
The reason is that most web services invocation would contain some form of credentials (API keys, authorization tokens) – those credentials should strictly remain on your server.
Even to do something as simple as querying the weather using the OpenWeatherMap services requires you to supply an API key.
| You can only use XPRIM_HttpRequest on your server-side components. Most web services invocation would contain some form of credentials (API keys, authorization tokens), which should never leave your server. Never include any credentials in your client-side JavaScript code as they can easily be viewed by anybody with access to the browser. |
Next: Using XPRIM_HttpRequest