How to Send Emails from Shopify Flow Using Cloudflare Email Service

Shopify Flow can automate a lot, but it can’t send a custom email on its own: no order confirmations in your own words, no internal alerts, no win-back messages outside Shopify’s default notifications. FlowRelay fixes that with a Send transactional email action that routes each message through an email provider you choose.

Cloudflare Email Service is Cloudflare’s newer transactional email offering (currently in beta). It’s designed for developers using its REST API or Workers binding, but it also exposes a plain authenticated SMTP endpoint, which is what lets you connect it to FlowRelay with just a host, port, username, and password instead of building an API integration. A few things make this setup different from other providers, so read the steps closely: your sending domain has to be on Cloudflare DNS and onboarded for Email Sending, the connection is port 465 with implicit TLS only (no port 587/STARTTLS), and the credentials are unusual, the username is the literal text api_token and the password is a Cloudflare API token. This guide walks through all of it.

Because the service is in beta, treat it accordingly: it’s transactional-only for now, and the details below can change as Cloudflare develops it.

What You'll Need

A Shopify store on a plan that includes Shopify Flow
FlowRelay installed on your store
A Cloudflare account, with the sending domain managed by Cloudflare DNS (Email Service requires it)
Permission to create a Cloudflare API token on that account

Step 1Onboard Your Domain for Email Sending

Cloudflare will only send from a domain you’ve onboarded, and that domain must already be using Cloudflare DNS.

In the Cloudflare dashboard, go to Email Service → Email Sending and select Onboard Domain. Pick a domain from your account, continue to the DNS step, and choose Add records and onboard. Cloudflare adds the records it needs automatically: MX records on a cf-bounce subdomain for bounce handling, plus TXT records for SPF, DKIM, and DMARC so your mail is authenticated.

DNS changes usually take effect within a few minutes for Cloudflare-managed domains, occasionally up to 24 hours. Once the domain shows as onboarded, you can send from any address on it.

Step 2Create an API Token (This Is Your SMTP Password)

Cloudflare doesn’t use a separate “SMTP password”, it uses an API token as the password. Create one with exactly the right permission.

In the Cloudflare dashboard, go to My Profile → API Tokens (or the account-level API tokens area), create a token, and give it the Email Sending: Edit permission. An account-owned token is recommended over a user-owned one. Create it and copy the token now, Cloudflare shows it only once.

Treat this token like a password: anyone who has it can send email from any onboarded domain on the account.

Step 3Know Your Cloudflare SMTP Settings

This is where Cloudflare differs most from other providers, so check each value:

Host: smtp.mx.cloudflare.net
Port: 465 only, with implicit TLS (SSL/SMTPS). Port 587/STARTTLS and port 25 are not supported
Username: the literal string api_token. Type those exact characters; it’s not a placeholder for your email or token
Password: the Cloudflare API token you just created (with Email Sending: Edit)

The username catches almost everyone out: it really is the word api_token, the same for every account. Your actual token goes in the password field.

Step 4Install FlowRelay on Your Shopify Store

Install FlowRelay from the Shopify App Store and accept the requested permissions.

On first launch, FlowRelay shows a short setup checklist: set your sender name and email, connect a provider, and send a test email. The next step covers connecting Cloudflare over SMTP.

Step 5Connect Cloudflare to FlowRelay

In FlowRelay, open Settings, find Email delivery, and click Manage providers to open the Connect email provider dialog.

Pick SMTP from the provider list and fill in: host smtp.mx.cloudflare.net, port 465 (FlowRelay treats 465 as TLS from the first handshake, which is what Cloudflare needs), api_token as the username, and your API token as the password. Make sure you use 465 and not 587, Cloudflare will refuse a STARTTLS connection. FlowRelay tests the connection before saving it, so a wrong port, the token in the wrong field, or a missing permission shows up immediately rather than after your first real send.

Set the sender address (in FlowRelay’s sender details, or under Override sender) to an address on your onboarded domain. Cloudflare rejects mail from a domain it hasn’t onboarded.

Click Connect. Whichever provider you connect first becomes your Primary, and FlowRelay routes all outbound mail through it. You can connect a second provider later as an automatic Fallback.

Step 6Create Your First Flow Trigger

Open Shopify Flow, create a new workflow, and pick a trigger (Order created is a common one to start with). Add the Send transactional email action; it shows up in the action list once FlowRelay is installed.

You’ll need to fill in a few fields on the action: an email address for the recipient (this can pull straight from the trigger, like the customer’s email), a subject line, and the body, which is the actual HTML content of the email. There’s also an optional preview text field for the snippet shown in inbox previews. For the body, you can write plain HTML or use Liquid to pull in order details, customer names, and other data from the workflow.

Save the workflow and turn it on.

Step 7Test Your Setup

Before you trust a live trigger, use the Send test email button in FlowRelay’s settings. It confirms Cloudflare is wired up correctly and shows you where the message lands.

Once that test email arrives, run your Flow workflow under real conditions, like placing a test order, and check FlowRelay’s delivery log to confirm the email went out through Cloudflare and see its delivery status.

Common Issues

“535 5.7.8 Authentication failed”

Check the username is the literal string api_token, not your email address or the token itself. The token belongs in the password field. This is the most common mistake
Confirm the API token has the Email Sending: Edit permission. A token without it will authenticate-fail even when typed correctly
If the token was revoked or has expired, create a new one with Email Sending: Edit and reconnect it in FlowRelay
If you used a user-owned token, make sure it can act on the account that owns the sending domain; an account-owned token avoids this

“550 5.7.1 Sender denied”

The From domain isn’t onboarded for Email Sending on the account that owns the token. Onboard it under Email Service → Email Sending, or change the sender to an address on a domain that is onboarded
Check FlowRelay’s sender details and any Override sender fields point at your onboarded domain, not a similar-looking one

TLS handshake error, or the connection won’t establish

Make sure FlowRelay is connecting on port 465 with SSL/implicit TLS. Cloudflare requires TLS from the moment of connection and does not support STARTTLS on port 587
Don’t use port 25; it’s reserved for inbound mail and isn’t available for sending
Confirm the host is exactly smtp.mx.cloudflare.net

“552 5.3.4 Message too big”

Cloudflare caps a single message at 5 MiB, counting the body and any attachments after MIME encoding. Trim the content or reduce/remove large attachments

Sends are deferred, rejected, or you hit a recipient limit

A single SMTP session is limited to 50 recipients; for typical one-recipient transactional emails this won’t bite, but very large recipient lists need splitting
Account-wide daily sending quotas are shared across SMTP, the REST API, and the Workers binding. If you’re hitting them, you can request an increase through Cloudflare support or their developer Discord
Connect a second provider in FlowRelay as a Fallback, so sends keep going out automatically if Cloudflare defers or rejects during the beta