I have been trying to connect to the Salesforce REST API but am not having very much luck. The Salesforce REST API Quick Start Guide states that an HTTPS callback url is required, but then in the example they use https://localhost:8443/RestTest/oauth/_callback as the callback url.

I tried connecting on my testing server (HTTP) using this php Salesforce REST API example, but 开发者_开发问答Salesforce seems to have had a fit and entered a redirect loop.

Is it possible to connect to the Salesforce REST API if I do not have an SSL Certificate, and if so, how might I go about doing so? For the record, my application is written in PHP, not Java like most of the official examples are.

For localhost it accepts http, and you should use https for other than localhost. But the redirect URI in the request and the callback url in the connected app should get matched.

You can use http://localhost:8080/<any_page_in_ur_project> in both connected app and in request.

I've never used the Salesforce REST API, but I have read the page you linked to.

The OAuth callback URL must be HTTPS. You seem to have discovered this yourself, both in the documentation:

It must be secure: http:// does not work, only https://

...and the example:

@WebInitParam(name = "redirectUri", value = 
    "https://localhost:8443/RestTest/oauth/_callback")

As for your other question:

Is it possible to connect to the Salesforce REST API if I do not have an SSL Certificate, and if so, how might I go about doing so?

Presumably by the second method, as alluded to in the first sentence on the page you linked to:

You can set up authorization using OAuth 2.0 or by passing a session ID.

...

Session ID Authorization

You can use a session ID instead of an OAuth 2.0 access token if you aren't handling someone else's password:

1. Obtain a session ID, for example, a SOAP Web services API login() call returns the session ID. You may also have the session ID, for example as part of the Apex current context.

2. Use the session ID when you send a request to the resource. Substitute the ID for the token value.

So provided you aren't handling some else's password (whatever that means), you can use login() to get a Session ID and communicate with the web service from there.