I'm using the PHP Toolkit to communicate with the Sales Force API and was curious how the SSL component worked. During install the instructions mention that you should have SSL enabled for PHP, so it appears to use some level of encryption, but I'm just not sure exactly what gets encrypted.

A few questions;

1) Do all of the SOAP messages get encrypted?
2) If not (maybe only login messages), is there a way to designate fields for encryption?
3) Does the security certificate that can be downloaded from force.com need to be installed/configured?

Hey Paul

Thanks for joining the site! Listen first off I have to say that I did not create the toolkit, that was written by Nick Tran over at Salesforce.com

Now to try and answer your questions

1) no, from what I understand they do not, but I use a secure server with a cert installed

2) I do not use it, but you could use CURL

3) never used it, do not know what that certificate is for

Sorry to be so vague here sir, but i hope that this leads you in the right direction


~Mike

Mike,

Thanks for the rapid response. I might go the route you suggested and just secure all traffic on the server. I'll also do some other research over on the Sales Force developer forums and see if the PHP toolkit has any more info on security. If post back if I find out anything new.

Thanks!

I'm about to building something like this myself over the next couple of days, so I would be very interested in your findings.