RedChurn

Resend setup

RedChurn sends billing recovery, cancel save, and win-back emails through your own Resend account (BYOK). Each app has its own API key, webhook URL, and signing secret. Engagement events update subscriber timelines inside RedChurn.

Before you start

You need a Resend account with a verified sending domain if you want production deliverability. RedChurn does not host your retention emails on a shared domain in production — you bring your own Resend API key per app.

Create your app in the RedChurn dashboard first. Resend is configured under Dashboard → Apps → API keys & webhooks → Resend (email). Nothing is shared between apps: each app has its own key, sender address, webhook URL, and signing secret.

  • A Resend account (resend.com)
  • A RedChurn app created
  • A verified sending domain on Resend (recommended for production)
  • A billing provider connected (RevenueCat or Polar) so flows can trigger emails

What RedChurn sends through Resend

When a retention flow runs on the email channel, RedChurn renders the template from your dashboard and sends it via your Resend API key. Every send is logged in RedChurn with the Resend email ID so you can correlate with the Resend dashboard.

Billing recovery, cancel save, and win-back each have their own email sequences. Enable them under Dashboard → Scenarios → Email and tune delays and copy per flow.

  • Billing recovery → dunning emails after a failed payment
  • Cancel save → emails after a cancellation intent
  • Win back → reactivation emails after churn
  • Test emails → connection check from Integrations → Resend

1. Connect your API key

Open Dashboard → Apps → API keys & webhooks → Resend (email). Create a Resend API key with Send access (Full access is not required) and paste it into RedChurn along with the sender email address.

The sender email domain must match a domain verified on your Resend account. RedChurn lists your Resend domains after connecting so you can confirm verification status.

  • API key: stored per app, masked after save
  • Sender email: e.g. billing@yourdomain.com
  • Import from another app: reuse the same key if multiple apps share one Resend account

2. Verify your sending domain

In the Resend dashboard, add and verify the domain you send from (DNS records for SPF, DKIM, and optionally DMARC). Until the domain is verified, Resend may block or limit delivery.

After connecting in RedChurn, send a test email from Integrations → Resend to confirm the key and sender address work end-to-end.

3. Engagement webhook (opens & clicks)

To show delivery, opens, and clicks on each subscriber timeline, configure a Resend webhook that points to your app-specific RedChurn endpoint. Copy the URL from Integrations → Resend (visible after the API key is connected).

The URL follows this pattern and must use HTTPS in production:

text
https://app.redchurn.io/api/webhooks/resend/{your-app-slug}

4. Select webhook events

In Resend: Webhooks → Add endpoint → paste your RedChurn URL. Enable only the engagement events below. RedChurn ignores all other event types.

  • email.delivered → sets delivered_at on the send record
  • email.opened → sets opened_at (first open only)
  • email.clicked → sets clicked_at and increments click_count

5. Signing secret (per app)

When you create the webhook endpoint, Resend displays a signing secret (starts with whsec_). Copy it immediately — Resend will not show it again.

Paste the secret into RedChurn under the same Integrations → Resend section, in the Signing secret field. It is stored per app in the database, the same way Polar and RevenueCat webhook secrets work. It is not a platform environment variable.

Once saved, RedChurn verifies Svix signatures on incoming webhook requests. If the secret is wrong, engagement events are rejected with 401 until you update it.

Where engagement appears in RedChurn

After the webhook is live, engagement updates the email_sends row matched by Resend email ID and scoped to your app. Opens and clicks appear on subscriber timelines (billing recovery, cancel save, win-back detail views).

The Scenarios → Email activity feed lists sends with sent / failed status and a link to the Resend log. It does not surface open/click badges — use subscriber timelines or the Resend dashboard for engagement detail.

  • Subscriber timeline: opened / clicked / not opened labels per email step
  • Email activity feed: send status + link to resend.com/emails/{id}
  • Resend dashboard: full delivery and engagement analytics

6. Enable email sequences

Connecting Resend does not send emails by itself. Turn on the email channel for each flow under Dashboard → Scenarios → Email, import or customize sequences, and confirm the flow is enabled for your billing provider events.

RedChurn schedules steps (day 0, 3, 7, etc.) from your template configuration. The cron job processes the queue and sends through your Resend key.

Local development

Resend webhooks require a public HTTPS URL. localhost will not work in the Resend dashboard. Use a tunnel (ngrok, Cloudflare Tunnel, etc.) and set NEXT_PUBLIC_WEBHOOK_URL to the tunnel origin so RedChurn shows the correct webhook URL in Integrations.

bash
# Example
ngrok http 3000
# .env.local
NEXT_PUBLIC_WEBHOOK_URL=https://your-subdomain.ngrok.app

Troubleshooting

If emails send but opens and clicks never appear, the engagement webhook is usually missing, pointed at the wrong app slug, or the signing secret was not saved in RedChurn.

If emails fail entirely, check Resend domain verification, the sender address domain, and that the flow is enabled on the email channel.

  • 401 on webhook: signing secret mismatch — re-copy from Resend or rotate the endpoint
  • No engagement on timelines: webhook URL must include the correct app slug
  • Emails not sending: Resend domain not verified or email channel disabled
  • Wrong app data: each app needs its own webhook URL and secret
  • Lost whsec_ secret: delete and recreate the endpoint in Resend, then save the new secret