Skip to main content

Overview

The Resend integration lets every agent in your org send email through your own Resend account, from a domain you’ve verified yourself. Once connected, the send_email tool automatically uses your API key and verified domain instead of the default Aster sender — your deliverability, your sender authentication, your reputation. Without a Resend connection, the send_email tool keeps working — it just sends through Aster’s shared sender (agent-{id}@updates.asteragents.com). Connect once and every agent in the org starts sending from your domain on the next call. No agent prompt changes, no per-agent configuration.

Features

  • One-screen setup: paste a Resend API key and a from-address, hit save
  • Domain validation: the connect endpoint cross-checks your from-address’s domain against Resend’s /domains API and rejects setup if the domain isn’t verified in your Resend account
  • Drop-in for existing agents: every agent already using send_email starts using your Resend account the moment you connect — no prompt edits, no tool re-sync
  • Agent-name display: outbound emails use the agent’s name as the display name (e.g. Sales Bot <ai@yourcompany.com>), differentiating multiple agents sharing the same mailbox
  • Graceful fallback: orgs without a Resend connection get the legacy Aster-sender behavior — nothing breaks, nothing surprises
  • Hard-fail on bad keys: if a connected key stops working, agents return a clear error rather than silently leaking customer content through Aster’s domain

Prerequisites

  • Active Resend account (sign up; the free tier covers most agent workloads)
  • A domain you control, verified in Resend (Resend will give you a few DNS records to add — typically TXT and CNAME for SPF/DKIM)
  • A Full Access API key (we need both Send and Domains permissions to validate the domain before saving)

Setup Guide

1

Verify your sending domain in Resend

In Resend, go to DomainsAdd Domain and enter the domain (or subdomain) you want agents to send from. Examples:
  • notifications.yourcompany.com
  • ai.yourcompany.com
  • your apex domain if you want agents to send as agent@yourcompany.com
Resend will give you a set of DNS records to add. Add them at your DNS provider, then click Verify. Status must show Verified before continuing — agents cannot send from an unverified domain.
A subdomain is often the cleanest choice. It isolates agent-sent mail from your primary mailbox so any deliverability issues stay scoped, and it keeps your apex domain’s reputation independent.
2

Create a Full Access API key

In Resend, go to API KeysCreate API Key. Give it a descriptive name (e.g., “Aster Agents”) and select Full access.Copy the generated key — it starts with re_.
We need Full Access (not Sending Access only) because the connection flow validates your key against Resend’s /domains endpoint to confirm the from-address you provide is actually verified.
3

Enable Resend Integration

In Aster Agents, navigate to Control Hub > Integrations and locate the Resend card. Click Connect to open the setup form.
4

Configure Connection

Provide:
  • Resend API Key: the re_… key from Step 2
  • From Email Address: the address agents should send from (e.g. ai@notifications.yourcompany.com). The domain part must match a Verified domain in your Resend account.
  • Test Recipient (optional, recommended on first connect): if set, Aster sends a one-time test email to this address before saving. If Resend rejects the send, the connection is not saved and you’ll see the error inline.
On save, Aster validates the key by listing your verified domains, confirms your from-address sits on one of them, and persists the connection.
5

Verify in your inbox

Trigger any agent that has the send_email tool to send a test message to yourself. Confirm:
  • The email arrives from your domain (not updates.asteragents.com)
  • The display name is the agent’s name (e.g. Sales Bot <ai@notifications.yourcompany.com>)
  • Resend’s dashboard shows the send under your account

From-Address Behavior

Your agents use a single configured from-mailbox on your domain, but the display name is set per-agent automatically:
AgentRenders as
”Sales Bot”Sales Bot <ai@notifications.yourcompany.com>
”Support Bot”Support Bot <ai@notifications.yourcompany.com>
”Daily Digest”Daily Digest <ai@notifications.yourcompany.com>
Recipients see who the message is “from” in their inbox client by display name, even though all three agents send through the same mailbox. No per-agent setup needed. If your agents have a configured email slug (used for receiving inbound email — see Email Your Agent), the slug is not used in the from-address on BYO Resend connections. Slugs only apply to the default Aster-sender path.

What’s Covered (and What’s Not, Yet)

v1 covers outbound only. If a recipient replies to an email sent from your domain, the reply goes to your domain’s MX (your own mailbox). Aster does not automatically route those replies back to the agent. If you want full inbound parity on your own domain — i.e. customers can email agent-name@yourcompany.com and have the agent respond — that requires setting up Resend inbound (a separate Resend product) on your domain, plus a routing rule. Reach out to support if you want this.

Updating the From-Address

You can change the from-address without disconnecting. From Control Hub > Integrations > Resend > Edit, update the from-email field. The new address takes effect immediately on the next send — no agent re-sync needed. The new from-address must still be at a verified domain on your Resend account. Domain validation runs on every save.

Security Considerations

  • Use a dedicated API key for the Aster integration — don’t share keys with other applications
  • Rotate keys periodically — Resend supports key rotation; create a new key, connect Aster to the new one, then revoke the old key
  • Scope domains thoughtfully — verify only the domains/subdomains agents need; avoid verifying your apex domain if a subdomain works
  • Watch Resend’s logs — Resend’s dashboard shows every send in real time, including bounces, opens, and rejections; this is your source of truth for deliverability

Troubleshooting

  • Verify the key starts with re_ and was copied in full
  • Confirm the key has Full access permission (Sending-only keys can’t list domains, which we need for validation)
  • Check that the key hasn’t been revoked in Resend’s API Keys dashboard
  • In Resend, go to Domains and confirm the domain’s status is Verified (not Pending or Failed)
  • DNS propagation can take up to 48 hours; if you just added the records, wait and click Verify again
  • The error message includes the list of domains Resend actually has verified — pick a from-address on one of those, or finish verifying the new one
  • Resend’s specific error message is surfaced in the toast — common causes are an invalid recipient address or a from-domain that lost verification status
  • Open Resend’s dashboard to see the rejected send and the full error
  • Fix the underlying issue and resubmit; nothing was saved
  • The connection takes effect on the next send_email tool call — there’s no per-agent re-sync, but in-flight conversations may finish on the previous sender
  • Confirm the connection is saved: Control Hub > Integrations > Resend should show Connected
  • Check Resend’s dashboard for recent sends; if you see them there, the integration is wired correctly
  • Bounces are recipient-side — the destination mailbox rejected the message
  • Open Resend’s dashboard for the specific send’s bounce reason (mailbox full, address doesn’t exist, content flagged, etc.)
  • Bounces don’t affect the integration or other recipients; the tool reports success when Resend accepts the message for delivery
  • Send Email - The agent-callable tool that uses your Resend connection
  • Schedule Task - Scheduled agents pick up your Resend connection automatically — no extra config