Setup guides

Step-by-step instructions for the one-time setup tasks that live outside this app — mostly in Cloudflare and Gmail. Once these are done, the app handles everything else for you.

1. Cloudflare Email Routing — receive replies

Goal: any mail sent to orders@cmlparts.com (or any other address you choose) is forwarded into a real inbox you control (e.g. your personal Gmail). 100% free.

Step 1.1 — Enable Email Routing on the domain

Open dash.cloudflare.com and click your cmlparts.com zone.
Left sidebar → Email → Email Routing.
Click Enable Email Routing. Cloudflare will add the required MX records automatically.

Note: Cloudflare Email Routing's MX records live on the apex (cmlparts.com). Resend's MX is on the subdomain (send.cmlparts.com). They don't conflict.

Step 1.2 — Verify a destination address

Tab: Destination addresses → Add destination address.
Enter your real inbox (e.g. natanael.iosif.balogh@gmail.com).
Cloudflare emails you a verification code. Check your inbox → click the link.
The address now shows ✅ Verified. You can use it as a forwarding destination.

Step 1.3 — Create the routing rule

Tab: Routing rules → Create address.
Custom address: orders (Cloudflare appends @cmlparts.com automatically).
Action: Send to an email → pick the verified destination from step 1.2.
Save. The rule is now live.

Test it: from any other email account, send a short test message to orders@cmlparts.com. Within ~30 seconds it should arrive in the destination inbox.

Step 1.4 — (Optional) Add a catch-all

To handle any future address (like support@cmlparts.com) without creating a rule each time:

Tab: Routing rules → Catch-all address.
Toggle it on → action: send to your verified destination.

2. Gmail "Send mail as" — reply from orders@cmlparts.com

Without this, your replies leave Gmail looking like they're from your personal address. With this, the recipient sees them from orders@cmlparts.com with proper DKIM/SPF authentication.

Step 2.1 — Generate a Resend SMTP credential

Open resend.com/api-keys.
Click Create API Key. Name: gmail-send-as. Permission: Sending access. Domain: cmlparts.com.
Copy the key — it starts with re_.... You won't see it again.

Step 2.2 — Add the identity in Gmail

Gmail → ⚙ Settings → See all settings.
Tab: Accounts and Import.
Section "Send mail as" → click Add another email address.
Name: CML Parts (or whatever should appear as the sender).
Email address: orders@cmlparts.com.
Uncheck "Treat as an alias" (keeps it as a distinct identity). Click Next Step.
SMTP Server: smtp.resend.com
Port: 587, TLS
Username: resend (literally the word "resend")
Password: the API key from step 2.1
Click Add Account. Gmail sends a confirmation code to orders@cmlparts.com.
Because you set up Email Routing in section 1, that code lands in your real inbox seconds later. Click the link / paste the code.

Step 2.3 — Pick the right default behavior

Still on the Accounts tab, find your new identity and choose:

"Reply from the same address the message was sent to" — this means when a supplier emails orders@cmlparts.com, hitting Reply automatically sends from that address. Highly recommended.

After this, you can also compose new mail from orders@cmlparts.com: in Gmail's compose window, click the "From:" dropdown and pick the identity.

Step 2.4 — Mobile

On Gmail mobile, the From: dropdown appears at the top of the compose screen. Tap your address to switch. Worth double-checking the first few times — easy to forget and reply from your personal account by mistake.

3. Cloudflare API token (so the app can auto-update routing rules)

Once you've changed the reply-to address in this app's "Account variables" panel, the app can automatically update the Cloudflare routing rule to forward to the new address — but only if you give it a Cloudflare API token with the right scope.

Step 3.1 — Find your Zone ID

Open dash.cloudflare.com → click cmlparts.com.
On the right sidebar of the Overview page, find Zone ID. 32-character hex string (e.g. a1b2c3d4e5f6…). Copy it.

Step 3.2 — Create the API token

Open dash.cloudflare.com/profile/api-tokens (top-right profile menu → My Profile → API Tokens).
Click Create Token → Get started next to "Create Custom Token".
Token name: supplier-mail-desk-routing.
Under Permissions, add this single line:

Scope Permission Access

Zone Email Routing Rules Edit
Under Zone Resources: choose Include → Specific zone → cmlparts.com.
(Leave Client IP and TTL blank/default.)
Click Continue to summary → Create Token.
Copy the token immediately — Cloudflare shows it only once. Starts with a long random string.

Scope	Permission	Access
Zone	Email Routing Rules	Edit

This token can edit your routing rules. Treat it like a password. Don't paste it in chats, screenshots, or git. Only into the worker secret below.

Step 3.3 — Tell the worker about it

From a terminal, in cloudflare-worker/:

npx wrangler secret put CF_API_TOKEN
# paste the token when prompted

npx wrangler secret put CF_ZONE_ID
# paste the Zone ID from step 3.1

You can also set them from the Cloudflare dashboard: Workers & Pages → shopify-webhook-worker → Settings → Variables and Secrets → Add variable → Type: Secret.

Step 3.4 — Test it

Back in this app: Account variables → change the Reply-to (personal email) field to a different verified destination → Save variables. The save response should mention the routing-rule update. Then check Cloudflare's Email Routing page — the rule's destination should be the new address.

If the new destination isn't verified in Cloudflare yet: the save will still succeed in this app, but the Cloudflare sync will fail with a clear message. Verify the new destination in Cloudflare first (Section 1.2), then save again.

4. Troubleshooting

Emails sent from the app land in spam

Brand-new domains have zero reputation. The first ~10 messages may land in Promotions or Spam. Mark them as not-spam to build trust.
Confirm DKIM/SPF/DMARC all show ✓ in Resend's dashboard.
In the received email, view "Show original" — all three of DKIM, SPF, DMARC should say PASS.

Supplier replied but I didn't get the email

Did the supplier reply, or did they email a different address? Check Cloudflare's Email Routing → Activity tab — it logs every routed message.
Is your destination address still verified? Cloudflare occasionally requires re-verification if the destination provider rejected a forwarded mail.

I clicked Reply in Gmail but it sent from my personal address

Re-check section 2.3: set "Reply from the same address the message was sent to".
On mobile, tap the From: dropdown before sending. Mobile Gmail doesn't always remember this preference.

CF API token sync fails with 401 / 403

Token might be expired or revoked → regenerate (section 3.2).
Token might lack Email Routing Rules: Edit permission → recreate with correct scope.
Token might be scoped to the wrong zone → recreate scoped to cmlparts.com.

CF API sync says "destination not verified"

The new reply-to email isn't in your Cloudflare destination addresses yet. Add it (section 1.2), verify via the email Cloudflare sends, then re-save in this app.