ChatGPT's Function Calling. CISO Approved.
Function calling, structured outputs, and o3 reasoning — all through Named Credentials. 4-layer PII masking on every callout.
89%of enterprise AI activity happens without IT or security team visibility (Salesforce, 2025)
Your Security Team Said No.
Shadow AI is already in your org. API keys live in Apex classes. Nobody has an audit trail.
Security Review Stalled
InfoSec blocks OpenAI because there is no Salesforce-native auth, no PII controls, no audit trail. The project sits in the security queue.
“I don't want to send accounts to a separate system.”
CTO, Financial Services
Secure this with Zero-Trust ArchitectureKeys in Code, Logs, Repos
Developers hard-code OpenAI keys in Apex classes and custom settings. Keys leak into debug logs, version control, and metadata deployments.
“It doesn't seem intimidating... very Salesforce-esque.”
IT Director, Facility Services
Secure this with Data MaskingNo Compliance Logging
Direct API calls produce no Salesforce record of what was sent, what returned, or how many tokens were consumed. Compliance has nothing to audit.
“Business users can work on the platform - not a dev-heavy environment.”
CTO, Financial Services
Secure this with Audit TrailsNamed Credential Security, Zero API Keys in Code
Salesforce Named Credentials for Authentication
Your OpenAI API key lives in a Salesforce Named Credential, encrypted at rest, excluded from metadata deployments, invisible in debug logs. Salesforce handles rotation and access control natively. See how GPTfy's zero-trust architecture protects every callout.
AI Connection Object Configuration
Select from reasoning models (o3, o3-mini), GPT-5.2, or GPT-4o-mini from a single AI Connection record. Set temperature, max tokens, and system prompt defaults without code changes or redeployment. Switch models per prompt template as needs evolve.
PII Masking Layer, Before Data Leaves Salesforce
Pattern-Based Data Masking
GPTfy's Security Layer masks PII (names, SSNs, emails, phone numbers, credit cards) using configurable regex patterns in Apex before any prompt reaches OpenAI. Raw data stays in Salesforce. Only masked data leaves via Named Credentials.
Full Audit Trail on Every Request
Every OpenAI API call creates an AI Response record: masked prompt, response, token count, cost, and timestamp. Query with standard SOQL or Salesforce reports. See how audit trails support compliance.
Voice, RAG, and Function Calling. All OpenAI.
Realtime API for Voice Integration
GPTfy supports OpenAI's Realtime API for voice-powered workflows. Capture voice notes, transcribe calls, and trigger AI actions from telephony or WhatsApp conversations directly inside Salesforce.
Function Calling + Flow Integration
OpenAI's function calling produces structured JSON outputs that feed directly into GPTfy's Flow Integration. Extract deal scores, classify Cases, or generate structured briefs from Invocable Actions in Flow Builder. No Apex required.
Why Choose OpenAI Integration
PII Never Reaches OpenAI
GPTfy's pattern-based masking engine strips sensitive data before the API call. Names, SSNs, emails, and phone numbers are replaced with tokens that are reversed after the response returns.
Full Model Lineup
Reasoning models (o3, o3-mini), GPT-5.2, and GPT-4o-mini. Switch between them via AI Connection config. Route simple tasks to cheaper models, complex reasoning to o3.
Voice + Realtime API
OpenAI's Realtime API powers GPTfy's voice integration. Capture and transcribe voice notes, process telephony calls, and trigger AI actions from spoken input inside Salesforce.
Powerful Capabilities
Named Credential Security
Your OpenAI API key is stored in a Salesforce Named Credential, encrypted at rest, excluded from metadata deployments, and never exposed in debug logs or version control.
Full Model Lineup
Reasoning models (o3, o3-mini), GPT-5.2, and GPT-4o-mini from a single AI Connection record. Set temperature, max tokens, and system prompts. Switch models per prompt template without code changes.
Function Calling for Structured Output
OpenAI's function calling produces structured JSON that feeds into GPTfy's Flow Integration. Extract deal scores, classify Cases, or generate structured briefs directly from Flow Builder.
Realtime API for Voice
GPTfy's voice workflows use OpenAI's Realtime API for transcription and AI-powered responses. Integrates with telephony and WhatsApp channels.
RAG-Powered Context
Combine OpenAI with GPTfy's RAG capabilities to ground responses in your Salesforce knowledge base, documents, and historical records. Reduce hallucinations with retrieval-augmented prompts.
AI Response Audit Trail
Every OpenAI API call creates an AI Response record: masked prompt sent, response received, token count, cost, and timestamp. Query with standard SOQL or reports.
Key Takeaways
- OpenAI API key is stored in a Salesforce Named Credential; encrypted at rest, excluded from metadata deployments, never in debug logs.
- GPTfy's Security Layer masks PII in Apex before every callout; only masked data reaches OpenAI via Named Credentials.
- Supports GPT-5.2, o3, o3-mini, and GPT-4o-mini; switch models per AI Connection record without code changes.
- OpenAI function calling produces structured JSON that feeds directly into GPTfy Flow Integration Invocable Actions.
- Every OpenAI request creates an AI_Response__c record: masked prompt, response, token count, cost, and timestamp.
- OpenAI Realtime API powers GPTfy voice workflows for transcription and AI-driven responses inside Salesforce.
Frequently Asked Questions
GPTfy uses Salesforce Named Credentials to store your OpenAI API key. The key is encrypted at rest, excluded from metadata deployments, and never appears in debug logs. Authentication is handled by the Salesforce platform itself, following the same security model used for other external service integrations.
GPTfy's Security Layer uses configurable regex patterns to detect and mask names, Social Security numbers, email addresses, phone numbers, credit card numbers, and custom patterns you define. Masking happens in Apex before the callout, so raw data stays in Salesforce. Only masked data reaches OpenAI through Named Credentials.
GPTfy supports the full OpenAI lineup: reasoning models (o3, o3-mini) for complex multi-step analysis, GPT-5.2 for general intelligence, and GPT-4o-mini for cost-effective high-volume tasks. You select the model on the AI Connection record and can switch models without code changes. Different prompts can use different models based on complexity and cost requirements.
Native platform AI typically requires additional data platform licenses and per-conversation credits, uses a fixed trust layer with limited model choice, and does not support direct OpenAI model selection. GPTfy connects directly to your OpenAI account through Named Credentials, gives you full model control (GPT-5.2, o3, o3-mini, GPT-4o-mini), masks PII with configurable patterns, and runs without any additional platform dependencies.
Yes. GPTfy provides Invocable Actions that appear natively in Flow Builder. You can add an AI step to any record-triggered flow, screen flow, or scheduled flow. The action accepts the record ID, prompt template, and AI Connection, and returns the AI response as a flow variable.
Yes. GPTfy's voice workflows leverage OpenAI's Realtime API for transcription and real-time AI responses. This powers voice note capture, call transcription, and voice-triggered actions within Salesforce, including integrations with telephony and WhatsApp channels.
See GPT-5.2 Analyze Your Salesforce Data
30-minute demo. Named Credential setup, PII masking in action, and Account 360 analysis from live Salesforce data.
Explore More Features
Claude in Salesforce
200K context window for complete Account history analysis.
DeepSeek R1
Chain-of-thought reasoning at 5-10x lower cost.
Gemini in Salesforce
Multi-modal AI through your GCP infrastructure.
Prompt Builder
Configure and manage AI prompts across models.
Security Layer
PII masking, Named Credentials, and audit trails.
What Is BYOM?
Guide to Bring Your Own Model architecture for Salesforce AI.