Canvas is a great and simple method of including your third party integrations within the Salesforce UI, and PHP is still one of the most commonly used web application languages on the planet – so how do you use these two great technologies together? Using Canvas with the language of your choice is very similar to integrating with our API’s – the first real obstacle is authenticating the user. After that you can access our API’s, and Canvas gives a speedy path to doing that with just JavaScript.
There are two ways to authenticate via Canvas: OAuth and a Signed Request. My recommendation is to try using Signed Request. If your Canvas app is configured to use it under Connected Apps, the Salesforce Platform will post the encoded authentication information to your application whenever it appears within a Canvas iframe. So instead of the multi-step OAuth flow, there’s really one here: decode the POST information for the signed request. Fortunately for me, Ryan Brainard had already added this functionality to the source of the excellent Workbench application – so I just needed to port it to a generic example.
I start the PHP application by turning on error decoding:
Then I grab the Signed Request out of POST, decode and check the authenticity of the signed request by encoding it against your consumer secret:
And that’s it – the application now has access to a valid access token and user information. From here we actually have two choices: we can access the REST API via the Canvas JavaScript SDK, or we can make REST callouts via PHP itself. The JavaScript SDK has the advantage that I don’t need any additional server-side code to bring information in from Salesforce. The SDK resolves the usual JavaScript issue of cross-domain security by posting a message to the window itself, which the Canvas iframe knows to receive and respond with results. This effectively creates a client-side proxy to the API, as JavaScript itself never leaves the current domain to receive data.
Here is some sample JavaScript using the SDK:
Note that we only need to output the Signed Request from PHP – but everything else is being handled on the client. Since we’ve got access to all the information needed to access the REST API, though, we could also use PHP itself to perform the callout. Here’s an example of sending a REST query via a PHP library called Httpful, which is an excellent wrapper around curl:
And now, for either method, we’ll get an application like this in Canvas:
Which remember, as of Spring ’13 – you can include within your Visualforce pages. Hopefully this will be a leg up for PHP developers looking to integrate screens within Salesforce itself. If you want to read more on Canvas in general, head over to the main Canvas wiki page, or check out the recent webinar. If you would like to look at the full code for the PHP pages here, I’ve got the project up on Github. That project also includes links to install the Canvas apps into your instance.
As usual, if you’ve got questions or comments – tack them onto the boxes below, or catch me on twitter @joshbirk.