├── README.txt
└── index.php


/README.txt:
--------------------------------------------------------------------------------
 1 | Salesforce REST/PHP Example
 2 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~
 3 | 
 4 | Salesforce just released the REST version of their API, and while there's a Java example, 
 5 | there's no sample code for other languages. Since I'll be calling it from PHP, I used their 
 6 | documentation to build my own sample code. The source is available at 
 7 | http://github.com/petewarden/salesforce_restphp_example/ and you can see a live version running 
 8 | at https://www.openheatmap.com/labs/salesforce_restphp_example/. The code demonstrates how to 
 9 | authenticate, gets an access token and then calls the API to grab information about the sales 
10 | accounts for the current user.
11 | 
12 | To use the API at all, you'll need a server setup up with an SSL certificate and https since it 
13 | requires a secure connection to use OAuth 2.0 for authentication. I found this guide from 
14 | Ubuntu useful in getting that set up, and bought my certificate from GoDaddy.
15 | 
16 | With that sorted out, go to http://developer.force.com/join to create a Developer Edition 
17 | salesforce account. You'll also want to sign up for the REST API preview beta program (though 
18 | they're currently experiencing a few technical hiccups with the process).
19 | 
20 | Next, navigate to the Setup link in the top-right corner of the page, then click on Develop, 
21 | then Remote Access. Pick an application name, and add the location where you'll be uploading 
22 | the example index.php file as the callback URL. I also checked the No user approval required 
23 | box even though I'm not sure exactly what it does! After you've saved you should see a screen 
24 | giving you your access credentials. Copy the Consumer Key, Consumer Secret and callback URL 
25 | values into the start of your copy of the index.php sample code and then upload it to the 
26 | server.
27 | 
28 | Now point your web browser at the address you uploaded the sample code to. The first time 
29 | through it should redirect you to a login page on the Salesforce site, ask you whether you want 
30 | to let the application access your data, and then send you back to the sample code location. If 
31 | all goes well, you should see a list of your sales accounts
32 | 
33 | Pete Warden <pete@petewarden.com> - http://petewarden.typepad.com


--------------------------------------------------------------------------------
/index.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | /***********************************************************************************
  4 | 
  5 | A minimal example showing how to handle the OAuth login process and make API calls
  6 | using the Salesforce REST interface in PHP
  7 | 
  8 | By Pete Warden, October 28th 2010
  9 | 
 10 | Freely reusable with no restrictions
 11 | 
 12 | ************************************************************************************/
 13 | 
 14 | // You need to set these three to the values for your own application
 15 | define('CONSUMER_KEY', '');
 16 | define('CONSUMER_SECRET', '');
 17 | define('REDIRECT_URI', 'https://Your site here!/salesforce_restphp_example/index.php');
 18 | 
 19 | define('LOGIN_BASE_URL', 'https://login.salesforce.com');
 20 | 
 21 | // This example uses PHP sessions to save the authorization tokens. If you plan on
 22 | // deploying across multiple machines behind a load-balancer, be aware you'll need
 23 | // to use something more sophisticated
 24 | session_start();
 25 | 
 26 | $is_authorized = isset($_SESSION['access_token']);
 27 | 
 28 | // If we aren't yet authorized, so either we need to send the user to the login page
 29 | // or they've just logged in and Salesforce is giving us the tokens we need
 30 | if (!$is_authorized)
 31 | {
 32 |     $has_code = isset($_REQUEST['code']);
 33 | 
 34 |     // We haven't been given a code, so this must be the user's first visit to the
 35 |     // page, so we'll send them to the Salesforce login screen for our app
 36 |     if (!$has_code)
 37 |     {
 38 |         $auth_url = LOGIN_BASE_URL
 39 |             .'/services/oauth2/authorize?response_type=code'
 40 |             .'&client_id='.CONSUMER_KEY 
 41 |             .'&redirect_uri='.urlencode(REDIRECT_URI);
 42 |             
 43 |         // Redirect to the authorization page
 44 |         header('Location: '.$auth_url);
 45 |         
 46 |         // Exit early, since we don't want to do any more until the user's logged in
 47 |         exit();
 48 |     }
 49 | 
 50 |     // If we're here, Salesforce must be returning us a code that we can exchange for
 51 |     // a proper access token
 52 |     $code = $_REQUEST['code'];
 53 | 
 54 |     // Make our first call to the API to convert that code into an access token that
 55 |     // we can use on subsequent API calls
 56 |     $token_url = LOGIN_BASE_URL.'/services/oauth2/token';
 57 | 
 58 |     $post_fields = array(
 59 |         'code' => $code,
 60 |         'grant_type' => 'authorization_code',
 61 |         'client_id' => CONSUMER_KEY,
 62 |         'client_secret' => CONSUMER_SECRET,
 63 |         'redirect_uri' => REDIRECT_URI,
 64 |     );
 65 | 
 66 |     $ch = curl_init();
 67 |     curl_setopt($ch, CURLOPT_URL, $token_url);
 68 |     curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
 69 |     curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
 70 |     curl_setopt($ch, CURLOPT_POST, TRUE);
 71 |     curl_setopt($ch, CURLOPT_POSTFIELDS, $post_fields);
 72 |     
 73 |     // Make the API call, and then extract the information from the response
 74 |     $token_request_body = curl_exec($ch) 
 75 |         or die("Call to get token from code failed: '$token_url' - ".print_r($post_fields, true));
 76 | 
 77 |     $token_response_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
 78 |     if (($token_response_code<200)||($token_response_code>=300)||empty($token_request_body))
 79 |         die("Call to get token from code failed with $token_response_code: '$token_url' - ".print_r($post_fields, true)." - '$token_request_body'");
 80 | 
 81 |     $token_request_data = json_decode($token_request_body, true);
 82 |     if (empty($token_request_data))
 83 |         die("Couldn't decode '$token_request_data' as a JSON object");
 84 | 
 85 |     if (!isset($token_request_data['access_token'])||
 86 |         !isset($token_request_data['instance_url']))
 87 |         die("Missing expected data from ".print_r($token_request_data, true));
 88 | 
 89 |     // Save off the values we need for future use
 90 |     $_SESSION['access_token'] = $token_request_data['access_token'];
 91 |     $_SESSION['instance_url'] = $token_request_data['instance_url'];
 92 | 
 93 |     // Redirect to the main page without the code in the URL
 94 |     header('Location: '.REDIRECT_URI);
 95 |     exit();
 96 | }
 97 | 
 98 | // If we're here, we must have a valid session containing the access token for the
 99 | // API, so grab it ready for subsequent use
100 | $access_token = $_SESSION['access_token'];
101 | $instance_url = $_SESSION['instance_url'];
102 | 
103 | error_log("access_token: '$access_token'");
104 | 
105 | // Now we're going to test the API by querying some data from our accounts table
106 | // Start by specifying the URL of the call
107 | $query_url = $instance_url.'/services/data/v20.0/query';
108 | 
109 | // Now append the actual query we want to run
110 | $query_url .= '?q='.urlencode('SELECT Name, Id from Account LIMIT 100');
111 | 
112 | $ch = curl_init();
113 | curl_setopt($ch, CURLOPT_URL, $query_url);
114 | curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
115 | // We need to pass the access token in the header, *not* as a URL parameter
116 | curl_setopt($ch, CURLOPT_HTTPHEADER, array('Authorization: OAuth '.$access_token));
117 | 
118 | // Make the API call, and then extract the information from the response
119 | $query_request_body = curl_exec($ch) 
120 |     or die("Query API call failed: '$query_url'");
121 | 
122 | $query_response_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
123 | if (($query_response_code<200)||($query_response_code>=300)||empty($query_request_body))
124 | {
125 |     unset($_SESSION['access_token']);
126 |     unset($_SESSION['instance_url']);
127 |     die("Query API call failed with $query_response_code: '$query_url' - '$query_request_body'");
128 | }
129 | 
130 | $query_request_data = json_decode($query_request_body, true);
131 | if (empty($query_request_data))
132 |     die("Couldn't decode '$query_request_data' as a JSON object");
133 | 
134 | if (!isset($query_request_data['totalSize'])||
135 |     !isset($query_request_data['records']))
136 |     die("Missing expected data from ".print_r($query_request_data, true));
137 | 
138 | // Grab the information we're interested in
139 | $total_size = $query_request_data['totalSize'];
140 | $records = $query_request_data['records'];
141 | 
142 | // Now build a simple HTML page to display the results
143 | ?>
144 | <html>
145 | <head>
146 | <title>PHP Sample Code for the Salesforce REST API</title>
147 | </head>
148 | <body>
149 | <h2>Found <?=$total_size?> records</h2>
150 | <div>
151 | <?php
152 | foreach ($records as $record)
153 | {
154 |     print 'Name :';
155 |     print htmlspecialchars($record['Name']);
156 |     print ' - ';
157 |     print htmlspecialchars($record['Id']);
158 |     print '<br/>';
159 |     print "\n";
160 | }
161 | ?>
162 | </div>
163 | </body>
164 | </html>


--------------------------------------------------------------------------------